Container summary for

This update for zlib fixes the following issues:

• Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831)
• Enable hardware compression on s390/s390x (jsc#SLE-13776)

SUSE-IU-2020:91-1

This update for avahi fixes the following issues:

• When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063).

This update for curl fixes the following issues:

• An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231]

This update for dracut fixes the following issues:
Update from version 049.1+suse.152.g8506e86f to version 049.1+suse.156.g7d852636:

• net-lib.sh: support infiniband network mac addresses (bsc#996146)
• 95nfs: use ip_params_for_remote_addr() (bsc#1167494)
• 95iscsi: use ip_params_for_remote_addr() (bsc#1167494)
• dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494)

This update for grub2 fixes the following issues:

• The GRUB_VERIFY_FLAGS_DEFER_AUTH is enabled regardless secure boot status (bsc#1175766)

• Make consistent check to enable relative path on btrfs (bsc#1174567) This fix unified the test in grub-install and grub-mkconfig. The path to default or selected btrfs subvolume/snapshot is used if the root file system is btrfs and the config has enabled btrfs snapshot booting.

This update for iputils fixes the following issue:

• ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831)

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

• CVE-2020-14314: Fixed a potential negative array index in ext4 (bsc#1173798).
• CVE-2020-14331: Fixed a missing check in scrollback handling (bsc#1174205 bsc#1174247).
• CVE-2020-14356: Fixed a NULL pointer dereference in the cgroupv2 subsystem (bsc#1175213).
• CVE-2020-16166: Fixed an information leak in the network RNG (bsc#1174757).

• 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work (git-fixes).
• ACPICA: Do not increment operation_region reference counts for field units (git-fixes).
• af_key: pfkey_dump needs parameter validation (git-fixes).
• agp/intel: Fix a memory leak on module initialisation failure (git-fixes).
• ALSA: atmel: Remove invalid 'fall through' comments (git-fixes).
• ALSA: core: pcm_iec958: fix kernel-doc (git-fixes).
• ALSA: echoaduio: Drop superfluous volatile modifier (git-fixes).
• ALSA: echoaudio: Address bugs in the interrupt handling (git-fixes).
• ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (git-fixes).
• ALSA: echoaudio: Prevent races in calls to set_audio_format() (git-fixes).
• ALSA: echoaudio: Prevent some noise on unloading the module (git-fixes).
• ALSA: echoaudio: Race conditions around 'opencount' (git-fixes).
• ALSA: echoaudio: re-enable IRQs on failure path (git-fixes).
• ALSA: echoaudio: Remove redundant check (git-fixes).
• ALSA: firewire: fix kernel-doc (git-fixes).
• ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (git-fixes).
• ALSA: hda - reverse the setting value in the micmute_led_set (git-fixes).
• ALSA: hda/ca0132 - Add new quirk ID for Recon3D (git-fixes).
• ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (git-fixes).
• ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (git-fixes).
• ALSA: hda/hdmi: Add quirk to force connectivity (git-fixes).
• ALSA: hda/hdmi: Fix keep_power assignment for non-component devices (git-fixes).
• ALSA: hda/hdmi: Use force connectivity quirk on another HP desktop (git-fixes).
• ALSA: hda/realtek - Fix unused variable warning (git-fixes).
• ALSA: hda/realtek - Fixed HP right speaker no sound (git-fixes).
• ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (git-fixes).
• ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes).
• ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes).
• ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes).
• ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (git-fixes).
• ALSA: hda/realtek: Fix add a 'ultra_low_power' function for intel reference board (alc256) (git-fixes).
• ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (git-fixes).
• ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (git-fixes).
• ALSA: hda/tegra: Disable sync-write operation (git-fixes).
• ALSA: hda: Add support for Loongson 7A1000 controller (git-fixes).
• ALSA: hda: avoid reset of sdo_limit (git-fixes).
• ALSA: hda: Enable sync-write operation as default for all controllers (git-fixes).
• ALSA: hda: fix NULL pointer dereference during suspend (git-fixes).
• ALSA: hda: fix snd_hda_codec_cleanup() documentation (git-fixes).
• ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes).
• ALSA: isa/gus: remove 'set but not used' warning (git-fixes).
• ALSA: isa/gus: remove -Wmissing-prototypes warnings (git-fixes).
• ALSA: isa: fix spelling mistakes in the comments (git-fixes).
• ALSA: line6: add hw monitor volume control for POD HD500 (git-fixes).
• ALSA: line6: Use kmemdup in podhd_set_monitor_level() (git-fixes).
• ALSA: pci/asihpi: fix kernel-doc (git-fixes).
• ALSA: pci/asihpi: remove 'set but not used' warning (git-fixes).
• ALSA: pci/asihpi: remove 'set but not used' warnings (git-fixes).
• ALSA: pci/au88x0: remove 'defined but not used' warnings (git-fixes).
• ALSA: pci/aw2-saa7146: remove 'set but not used' warning (git-fixes).
• ALSA: pci/ctxfi/ctatc: fix kernel-doc (git-fixes).
• ALSA: pci/ctxfi: fix kernel-doc warnings (git-fixes).
• ALSA: pci/echoaudio: remove 'set but not used' warning (git-fixes).
• ALSA: pci/emu10k1: remove 'set but not used' warning (git-fixes).
• ALSA: pci/es1938: remove 'set but not used' warning (git-fixes).
• ALSA: pci/fm801: fix kernel-doc (git-fixes).
• ALSA: pci/korg1212: remove 'set but not used' warnings (git-fixes).
• ALSA: pci/oxygen/xonar_wm87x6: remove always true condition (git-fixes).
• ALSA: pci/rme9652/hdspm: remove always true condition (git-fixes).
• ALSA: pci/via82xx: remove 'set but not used' warnings (git-fixes).
• ALSA: pcmcia/pdaudiocf: fix kernel-doc (git-fixes).
• ALSA: seq: oss: Serialize ioctls (git-fixes).
• ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes).
• ALSA: usb-audio: Add implicit feedback quirk for SSL2 (git-fixes).
• ALSA: usb-audio: add quirk for Pioneer DDJ-RB (git-fixes).
• ALSA: usb-audio: add startech usb audio dock name (git-fixes).
• ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (git-fixes).
• ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (git-fixes).
• ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (git-fixes).
• ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (git-fixes).
• ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625).
• ALSA: usb-audio: Fix some typos (git-fixes).
• ALSA: usb-audio: fix spelling mistake 'buss' -> 'bus' (git-fixes).
• ALSA: usb-audio: ignore broken processing/extension unit (git-fixes).
• ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes).
• ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (git-fixes).
• ALSA: usb/line6: remove 'defined but not used' warning (git-fixes).
• ALSA: vx_core: remove warning for empty loop body (git-fixes).
• ALSA: xen: remove 'set but not used' warning (git-fixes).
• ALSA: xen: Remove superfluous fall through comments (git-fixes).
• appletalk: Fix atalk_proc_init() return path (git-fixes).
• arm/arm64: Make use of the SMCCC 1.1 wrapper (bsc#1174906).
• arm/arm64: Provide a wrapper for SMCCC 1.1 calls (bsc#1174906).
• arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (bsc#1174906).
• arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (bsc#1175180).
• arm64: cacheflush: Fix KGDB trap detection (bsc#1175188).
• arm64: csum: Fix handling of bad packets (bsc#1175192).
• arm64: dts: allwinner: a64: Remove unused SPDIF sound card (none bsc#1175016).
• arm64: dts: clearfog-gt-8k: set gigabit PHY reset deassert delay (bsc#1175347).
• arm64: dts: exynos: Fix silent hang after boot on Espresso (bsc#1175346).
• arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range (none bsc#1175019).
• arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bsc#1175345).
• arm64: dts: librem5-devkit: add a vbus supply to usb0 (none bsc#1175013).
• arm64: dts: ls1028a: delete extraneous #interrupt-cells for ENETC RCIE (none bsc#1175012).
• arm64: dts: qcom: msm8998-clamshell: Fix label on l15 regulator (git-fixes).
• arm64: dts: rockchip: fix rk3399-puma gmac reset gpio (none bsc#1175021).
• arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio (none bsc#1175020).
• arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy (none bsc#1175015).
• arm64: dts: rockchip: Replace RK805 PMIC node name with 'pmic' on rk3328 boards (none bsc#1175014).
• arm64: dts: uDPU: fix broken ethernet (bsc#1175344).
• arm64: dts: uniphier: Set SCSSI clock and reset IDs for each channel (none bsc#1175011).
• arm64: errata: use arm_smccc_1_1_get_conduit() (bsc#1174906).
• arm64: Fix PTRACE_SYSEMU semantics (bsc#1175185).
• arm64: fix the flush_icache_range arguments in machine_kexec (bsc#1175184).
• arm64: hugetlb: avoid potential NULL dereference (bsc#1175183).
• arm64: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (bsc#1175189).
• arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1175186).
• arm64: kexec_file: print appropriate variable (bsc#1175187).
• arm64: kgdb: Fix single-step exception handling oops (bsc#1175191).
• arm64: Retrieve stolen time as paravirtualized guest (bsc#1172197 jsc#SLE-13593).
• arm64: tegra: Enable I2C controller for EEPROM (none bsc#1175010).
• arm64: tegra: Fix ethernet phy-mode for Jetson Xavier (none bsc#1175017).
• arm64: tegra: Fix flag for 64-bit resources in 'ranges' property (none bsc#1175018).
• arm64: tegra: Fix Tegra194 PCIe compatible string (none bsc#1175009).
• arm64: vdso: Add -fasynchronous-unwind-tables to cflags (bsc#1175182).
• arm64: vdso: do not free unallocated pages (bsc#1175181).
• arm: percpu.h: fix build error (git-fixes).
• arm: spectre-v2: use arm_smccc_1_1_get_conduit() (bsc#1174906).
• ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK (git-fixes).
• ASoC: hdac_hda: fix deadlock after PCM open error (git-fixes).
• ASoC: Intel: bxt_rt298: add missing .owner field (git-fixes).
• ASoC: intel: Fix memleak in sst_media_open (git-fixes).
• ASoC: meson: axg-tdm-interface: fix link fmt setup (git-fixes).
• ASoC: meson: axg-tdmin: fix g12a skew (git-fixes).
• ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback (git-fixes).
• ASoC: msm8916-wcd-analog: fix register Interrupt offset (git-fixes).
• ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM (git-fixes).
• ASoC: q6routing: add dummy register read/write function (git-fixes).
• ASoC: SOF: nocodec: add missing .owner field (git-fixes).
• ASoC: wm8994: Avoid attempts to read unreadable registers (git-fixes).
• ath10k: Acquire tx_lock in tx error paths (git-fixes).
• ath10k: enable transmit data ack RSSI for QCA9884 (git-fixes).
• ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes).
• ath9k: Fix regression with Atheros 9271 (git-fixes).
• atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent (git-fixes).
• AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes).
• AX.25: Prevent integer overflows in connect and sendmsg (git-fixes).
• AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes).
• b43: Remove uninitialized_var() usage (git-fixes).
• bdc: Fix bug causing crash after multiple disconnects (git-fixes).
• bfq: fix blkio cgroup leakage v4 (bsc#1175775).
• block: Fix the type of 'sts' in bsg_queue_rq() (git-fixes).
• Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes).
• Bluetooth: btmtksdio: fix up firmware download sequence (git-fixes).
• Bluetooth: btusb: fix up firmware download sequence (git-fixes).
• Bluetooth: fix kernel oops in store_pending_adv_report (git-fixes).
• Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (git-fixes).
• Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes).
• Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags (git-fixes).
• Bluetooth: hci_serdev: Only unregister device if it was registered (git-fixes).
• Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (git-fixes).
• Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (git-fixes).
• bnxt_en: fix NULL dereference in case SR-IOV configuration fails (networking-stable-20_07_17).
• bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274).
• bonding: fix active-backup failover for current ARP slave (bsc#1174771).
• bpf: Fix map leak in HASH_OF_MAPS map (bsc#1155518).
• bpf: net: Avoid copying sk_user_data of reuseport_array during sk_clone (bsc#1155518).
• bpf: net: Avoid incorrect bpf_sk_reuseport_detach call (bsc#1155518).
• bpfilter: fix up a sparse annotation (bsc#1155518).
• bpfilter: Initialize pos variable (bsc#1155518).
• bpfilter: reject kernel addresses (bsc#1155518).
• bpfilter: switch to kernel_write (bsc#1155518).
• brcmfmac: keep SDIO watchdog running when console_interval is non-zero (git-fixes).
• brcmfmac: set state of hanger slot to FREE when flushing PSQ (git-fixes).
• brcmfmac: Set timeout value when configuring power save (bsc#1173468).
• brcmfmac: To fix Bss Info flag definition Bug (git-fixes).
• btmrvl: Fix firmware filename for sd8977 chipset (git-fixes).
• btmrvl: Fix firmware filename for sd8997 chipset (git-fixes).
• btrfs: add helper to get the end offset of a file extent item (bsc#1175546).
• btrfs: avoid unnecessary splits when setting bits on an extent io tree (bsc#1175377).
• btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247).
• btrfs: delete the ordered isize update code (bsc#1175377).
• btrfs: do not set path->leave_spinning for truncate (bsc#1175377).
• btrfs: factor out inode items copy loop from btrfs_log_inode() (bsc#1175546).
• btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247).
• btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149).
• btrfs: fix block group leak when removing fails (bsc#1175149).
• btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149).
• btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149).
• btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149).
• btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof (bsc#1175377).
• btrfs: fix double free on ulist after backref resolution failure (bsc#1175149).
• btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149).
• btrfs: fix lost i_size update after cloning inline extent (bsc#1175377).
• btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550).
• btrfs: fix missing file extent item for hole after ranged fsync (bsc#1175546).
• btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149).
• btrfs: fix race between block group removal and block group creation (bsc#1175149).
• btrfs: fix race between shrinking truncate and fiemap (bsc#1175377).
• btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149).
• btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149).
• btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149).
• btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484).
• btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247).
• btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247).
• btrfs: introduce per-inode file extent tree (bsc#1175377).
• btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247).
• btrfs: make full fsyncs always operate on the entire file again (bsc#1175546).
• btrfs: make ranged full fsyncs more efficient (bsc#1175546).
• btrfs: move extent_io_tree defs to their own header (bsc#1175377).
• btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range (bsc#1175263).
• btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163).
• btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247).
• btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163).
• btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163).
• btrfs: Remove delalloc_end argument from extent_clear_unlock_delalloc (bsc#1175149).
• btrfs: Remove leftover of in-band dedupe (bsc#1175149).
• btrfs: remove unnecessary delalloc mutex for inodes (bsc#1175377).
• btrfs: remove useless check for copy_items() return value (bsc#1175546).
• btrfs: Rename btrfs_join_transaction_nolock (bsc#1175377).
• btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1175377).
• btrfs: separate out the extent io init function (bsc#1175377).
• btrfs: separate out the extent leak code (bsc#1175377).
• btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493).
• btrfs: trim: fix underflow in trim length to prevent access beyond device boundary (bsc#1175263).
• btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1175377).
• btrfs: use the file extent tree infrastructure (bsc#1175377).
• cfg80211: check vendor command doit pointer before use (git-fixes).
• clk: actions: Fix h_clk for Actions S500 SoC (git-fixes).
• clk: at91: clk-generated: check best_rate against ranges (git-fixes).
• clk: at91: clk-generated: continue if __clk_determine_rate() returns error (git-fixes).
• clk: at91: sam9x60-pll: check fcore against ranges (git-fixes).
• clk: at91: sam9x60-pll: use logical or for range check (git-fixes).
• clk: at91: sam9x60: fix main rc oscillator frequency (git-fixes).
• clk: at91: sckc: register slow_rc with accuracy option (git-fixes).
• clk: bcm2835: Do not use prediv with bcm2711's PLLs (bsc#1174865).
• clk: bcm63xx-gate: fix last clock availability (git-fixes).
• clk: clk-atlas6: fix return value check in atlas6_clk_init() (git-fixes).
• clk: iproc: round clock rate to the closest (git-fixes).
• clk: qcom: gcc-sdm660: Add missing modem reset (git-fixes).
• clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk (git-fixes).
• clk: rockchip: Revert 'fix wrong mmc sample phase shift for rk3328' (git-fixes).
• clk: scmi: Fix min and max rate when registering clocks with discrete rates (git-fixes).
• clk: spear: Remove uninitialized_var() usage (git-fixes).
• clk: st: Remove uninitialized_var() usage (git-fixes).
• console: newport_con: fix an issue about leak related system resources (git-fixes).
• cpumap: Use non-locked version __ptr_ring_consume_batched (git-fixes).
• crc-t10dif: Fix potential crypto notify dead-lock (git-fixes).
• crypto: aesni - add compatibility with IAS (git-fixes).
• crypto: aesni - Fix build with LLVM_IAS=1 (git-fixes).
• crypto: caam - Fix argument type in handle_imx6_err005766 (git-fixes).
• crypto: ccp - Fix use of merged scatterlists (git-fixes).
• crypto: ccree - fix resource leak on error path (git-fixes).
• crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes).
• crypto: hisilicon - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes).
• crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes).
• devlink: ignore -EOPNOTSUPP errors on dumpit (bsc#1154353).
• devres: keep both device name and resource name in pretty name (git-fixes).
• dlm: Fix kobject memleak (bsc#1175768).
• dlm: remove BUG() before panic() (git-fixes).
• dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu (git-fixes).
• dmaengine: ioat setting ioat timeout as module parameter (git-fixes).
• dmaengine: tegra210-adma: Fix runtime PM imbalance on error (git-fixes).
• docs: fix memory.low description in cgroup-v2.rst (git-fixes). (SLE documentation might refer to cgroup-v2.rst.)
• drbd: Remove uninitialized_var() usage (git-fixes).
• driver core: Avoid binding drivers to dead devices (git-fixes).
• drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() (git-fixes).
• drivers/net/wan: lapb: Corrected the usage of skb_cow (git-fixes).
• drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128).
• drm/amd/display: Fix EDID parsing after resume from suspend (git-fixes).
• drm/amd/display: fix pow() crashing when given base 0 (git-fixes).
• drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472)
• drm/amd/powerplay: fix a crash when overclocking Vega M (git-fixes).
• drm/amd/powerplay: fix compile error with ARCH=arc (git-fixes).
• drm/amdgpu/display bail early in dm_pp_get_static_clocks (git-fixes).
• drm/amdgpu/display: use blanked rather than plane state for sync (bsc#1152489) * refreshed for context changes * protect code with CONFIG_DRM_AMD_DC_DCN2_0
• drm/amdgpu/gfx10: fix race condition for kiq (git-fixes).
• drm/amdgpu: avoid dereferencing a NULL pointer (git-fixes).
• drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (git-fixes).
• drm/amdgpu: fix preemption unit test (git-fixes).
• drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes).
• drm/arm: fix unintentional integer overflow on left shift (git-fixes).
• drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1152472) * refreshed for context changes
• drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes).
• drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers (git-fixes).
• drm/bridge: ti-sn65dsi86: Do not use kernel-doc comment for local array (git-fixes).
• drm/bridge: ti-sn65dsi86: Fix off-by-one error in clock choice (bsc#1152489) * refreshed for context changes
• drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1152472) * move drm_mipi_dbi.c -> tinydrm/mipi-dbi.c
• drm/debugfs: fix plain echo to connector 'force' attribute (git-fixes).
• drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes).
• drm/etnaviv: fix ref count leak via pm_runtime_get_sync (git-fixes).
• drm/gem: Fix a leak in drm_gem_objects_lookup() (git-fixes).
• drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489) * context changes
• drm/i915/gt: Close race between engine_park and intel_gt_retire_requests (git-fixes).
• drm/i915/gt: Flush submission tasklet before waiting/retiring (bsc#1174737).
• drm/i915/gt: Move new timelines to the end of active_list (git-fixes).
• drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489) * context changes
• drm/i915/gt: Unlock engine-pm after queuing the kernel context switch (git-fixes).
• drm/i915: Actually emit the await_start (bsc#1174737).
• drm/i915: Copy across scheduler behaviour flags across submit fences (bsc#1174737).
• drm/i915: Do not poison i915_request.link on removal (bsc#1174737).
• drm/i915: Drop no-semaphore boosting (bsc#1174737).
• drm/i915: Eliminate the trylock for awaiting an earlier request (bsc#1174737).
• drm/i915: Flush execution tasklets before checking request status (bsc#1174737).
• drm/i915: Flush tasklet submission before sleeping on i915_request_wait (bsc#1174737).
• drm/i915: Ignore submit-fences on the same timeline (bsc#1174737).
• drm/i915: Improve the start alignment of bonded pairs (bsc#1174737).
• drm/i915: Keep track of request among the scheduling lists (bsc#1174737).
• drm/i915: Lock signaler timeline while navigating (bsc#1174737).
• drm/i915: Mark i915_request.timeline as a volatile, rcu pointer (bsc#1174737).
• drm/i915: Mark racy read of intel_engine_cs.saturated (bsc#1174737).
• drm/i915: Mark up unlocked update of i915_request.hwsp_seqno (bsc#1174737).
• drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#1152489) * context changes
• drm/i915: Peel dma-fence-chains for await (bsc#1174737).
• drm/i915: Prevent using semaphores to chain up to external fences (bsc#1174737).
• drm/i915: Protect i915_request_await_start from early waits (bsc#1174737).
• drm/i915: Pull waiting on an external dma-fence into its routine (bsc#1174737).
• drm/i915: Rely on direct submission to the queue (bsc#1174737).
• drm/i915: Remove wait priority boosting (bsc#1174737).
• drm/i915: Reorder await_execution before await_request (bsc#1174737).
• drm/i915: Return early for await_start on same timeline (bsc#1174737).
• drm/i915: Use EAGAIN for trylock failures (bsc#1174737).
• drm/imx: fix use after free (git-fixes).
• drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes).
• drm/imx: tve: fix regulator_disable error path (git-fixes).
• drm/ingenic: Fix incorrect assumption about plane->index (bsc#1152489) * refreshed for context changes
• drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes).
• drm/msm: ratelimit crtc event overflow error (git-fixes).
• drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes).
• drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes).
• drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (git-fixes).
• drm/nouveau/kms/nv50-: Fix disabling dithering (git-fixes).
• drm/nouveau: fix multiple instances of reference count leaks (git-fixes).
• drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (git-fixes).
• drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes).
• drm/radeon: disable AGP by default (git-fixes).
• drm/radeon: fix array out-of-bounds read and write issues (git-fixes).
• drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (git-fixes).
• drm/stm: repair runtime power management (git-fixes).
• drm/tilcdc: fix leak & null ref in panel_connector_get_modes (git-fixes).
• drm/ttm/nouveau: do not call tt destroy callback on alloc failure (git-fixes bsc#1175232).
• drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1152489) * refreshed for context changes
• drm/vmwgfx: Fix two list_for_each loop exit tests (git-fixes).
• drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (git-fixes).
• drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (git-fixes).
• drm: hold gem reference until object is no longer accessed (git-fixes).
• drm: msm: a6xx: fix gpu failure after system resume (git-fixes).
• drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes).
• drm: sun4i: hdmi: Fix inverted HPD result (git-fixes).
• dyndbg: fix a BUG_ON in ddebug_describe_flags (git-fixes).
• enetc: Fix tx rings bitmap iteration range, irq handling (networking-stable-20_06_28).
• ext2: fix missing percpu_counter_inc (bsc#1175774).
• ext4: check journal inode extents more carefully (bsc#1173485).
• ext4: do not allow overlapping system zones (bsc#1173485).
• ext4: do not BUG on inconsistent journal feature (bsc#1171634).
• ext4: fix checking of directory entry validity for inline directories (bsc#1175771).
• ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485).
• fbdev: Detect integer underflow at 'struct fbcon_ops'->clear_margins (git-fixes).
• firmware/psci: use common SMCCC_CONDUIT_* (bsc#1174906).
• firmware: arm_scmi: Fix SCMI genpd domain probing (git-fixes).
• firmware: arm_scmi: Keep the discrete clock rates sorted (git-fixes).
• firmware: arm_sdei: use common SMCCC_CONDUIT_* (bsc#1174906).
• firmware: Fix a reference count leak (git-fixes).
• firmware: smccc: Add ARCH_SOC_ID support (bsc#1174906).
• firmware: smccc: Add function to fetch SMCCC version (bsc#1174906).
• firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (bsc#1174906).
• firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (bsc#1174906).
• firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (bsc#1174906).
• firmware: smccc: Refactor SMCCC specific bits into separate file (bsc#1174906).
• firmware: smccc: Update link to latest SMCCC specification (bsc#1174906).
• firmware_loader: fix memory leak for paged buffer (bsc#1175367).
• fpga: dfl: fix bug in port reset handshake (git-fixes).
• fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175176).
• fuse: fix weird page warning (bsc#1175175).
• genetlink: remove genl_bind (networking-stable-20_07_17).
• geneve: fix an uninitialized value in geneve_changelink() (git-fixes).
• genirq/affinity: Improve __irq_build_affinity_masks() (bsc#1174897 ltc#187090).
• genirq/affinity: Remove const qualifier from node_to_cpumask argument (bsc#1174897 ltc#187090).
• genirq/affinity: Spread vectors on node according to nr_cpu ratio (bsc#1174897 ltc#187090).
• gfs2: Another gfs2_find_jhead fix (bsc#1174824).
• gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0 (bsc#1174825).
• go7007: add sanity checking for endpoints (git-fixes).
• gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes).
• gpio: arizona: put pm_runtime in case of failure (git-fixes).
• gpio: max77620: Fix missing release of interrupt (git-fixes).
• gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (git-fixes).
• habanalabs: increase timeout during reset (git-fixes).
• HID: alps: support devices with report id 2 (git-fixes).
• HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes).
• HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override (git-fixes).
• HID: input: Fix devices that return multiple bytes in battery report (git-fixes).
• HID: steam: fixes race in handling device list (git-fixes).
• hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes).
• hwmon: (adm1275) Make sure we are reading enough data for different chips (git-fixes).
• hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes).
• hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D (git-fixes).
• hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() (git-fixes).
• i2c: also convert placeholder function to return errno (git-fixes).
• i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes).
• i2c: i801: Add support for Intel Comet Lake PCH-V (jsc#SLE-13411).
• i2c: i801: Add support for Intel Emmitsburg PCH (jsc#SLE-13411).
• i2c: i801: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411).
• i2c: iproc: fix race between client unreg and isr (git-fixes).
• i2c: rcar: always clear ICSAR to avoid side effects (git-fixes).
• i2c: rcar: avoid race when unregistering slave (git-fixes).
• i2c: rcar: slave: only send STOP event when we have been addressed (git-fixes).
• i2c: slave: add sanity check when unregistering (git-fixes).
• i2c: slave: improve sanity check when registering (git-fixes).
• i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes).
• i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes).
• i40iw: fix null pointer dereference on a null wqe pointer (git-fixes).
• i40iw: Report correct firmware version (git-fixes).
• IB/cma: Fix ports memory leak in cma_configfs (git-fixes).
• IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes).
• IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes).
• IB/hfi1: Ensure pq is not left on waitlist (git-fixes).
• IB/hfi1: Fix memory leaks in sysfs registration and unregistration (git-fixes).
• IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (git-fixes).
• IB/mad: Fix use after free when destroying MAD agent (git-fixes).
• IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes).
• IB/mlx5: Fix 50G per lane indication (git-fixes).
• IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes).
• IB/mlx5: Fix missing congestion control debugfs on rep rdma device (git-fixes).
• IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads (git-fixes).
• IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes).
• IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes).
• IB/rdmavt: Delete unused routine (git-fixes).
• IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (bsc#1174770).
• IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes).
• ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506).
• ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922).
• ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459).
• ice: Clear and free XLT entries on reset (jsc#SLE-7926).
• ice: Graceful error handling in HW table calloc failure (jsc#SLE-7926).
• ide: Remove uninitialized_var() usage (git-fixes).
• ieee802154: fix one possible memleak in adf7242_probe (git-fixes).
• igc: Fix PTP initialization (bsc#1160634).
• iio: improve IIO_CONCENTRATION channel type description (git-fixes).
• Input: elan_i2c - only increment wakeup count on touch (git-fixes).
• Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes).
• Input: sentelic - fix error return when fsp_reg_write fails (git-fixes).
• Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes).
• integrity: remove redundant initialization of variable ret (git-fixes).
• io-mapping: indicate mapping failure (git-fixes).
• ionic: fix up filter locks and debug msgs (bsc#1167773).
• ionic: keep rss hash after fw update (bsc#1167773).
• ionic: unlock queue mutex in error path (bsc#1167773).
• ionic: update filter id after replay (bsc#1167773).
• ionic: use mutex to protect queue operations (bsc#1167773).
• ionic: use offset for ethtool regs data (bsc#1167773).
• ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes).
• ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28).
• ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28).
• ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17).
• ipv6: fib6_select_path can not use out path for nexthop objects (networking-stable-20_07_17).
• ipv6: Fix use of anycast address with loopback (networking-stable-20_07_17).
• ipvs: fix the connection sync failed in some cases (bsc#1174699).
• irqchip/gic: Atomically update affinity (bsc#1175195).
• iwlegacy: Check the return value of pcie_capability_read_*() (git-fixes).
• jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772).
• kABI workaround for enum cpuhp_state (git-fixes).
• kABI workaround for struct kvm_device (git-fixes). Just change an variable to 'const' type in kvm_device.
• kABI workaround for struct kvm_vcpu_arch (git-fixes). Add a struct variable to the end of kvm_vcpu_arch and kvm_vcpu_arch is embedded into kvm_vcpu at the end. It is usually used by pointer and allocated dynamically, so this change should be fine even for external kvm module.
• kABI/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols.
• kABI/severities: ignore qla2xxx as all symbols are internal
• kABI: genetlink: remove genl_bind (kabi).
• kABI: restore signature of xfrm_policy_bysel_ctx() and xfrm_policy_byid() (bsc#1174645).
• kernel.h: remove duplicate include of asm/div64.h (git-fixes).
• kernel/relay.c: fix memleak on destroy relay channel (git-fixes).
• kernfs: do not call fsnotify() with name without a parent (bsc#1175770).
• kobject: Avoid premature parent object freeing in kobject_cleanup() (git-fixes).
• KVM: Allow kvm_device_ops to be const (bsc#1172197 jsc#SLE-13593).
• KVM: arm/arm64: Correct AArch32 SPSR on exception entry (bsc#1133021).
• KVM: arm/arm64: Correct CPSR on exception entry (bsc#1133021).
• KVM: arm/arm64: Factor out hypercall handling from PSCI code (bsc#1172197 jsc#SLE-13593).
• KVM: arm64: Annotate hyp NMI-related functions as __always_inline (bsc#1175190).
• KVM: arm64: Correct PSTATE on exception entry (bsc#1133021).
• KVM: arm64: Document PV-time interface (bsc#1172197 jsc#SLE-13593).
• KVM: arm64: Fix 32bit PC wrap-around (bsc#1133021).
• KVM: arm64: Implement PV_TIME_FEATURES call (bsc#1172197 jsc#SLE-13593).
• KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts (bsc#1133021).
• KVM: arm64: Provide VCPU attributes for stolen time (bsc#1172197 jsc#SLE-13593).
• KVM: arm64: Select TASK_DELAY_ACCT+TASKSTATS rather than SCHEDSTATS (bsc#1172197 jsc#SLE-13593).
• KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021).
• KVM: arm64: Stop writing aarch32's CSSELR into ACTLR (bsc#1133021).
• KVM: arm64: Support stolen time reporting via shared structure (bsc#1172197 jsc#SLE-13593).
• KVM: arm64: Use the correct timer structure to access the physical counter (bsc#1133021).
• KVM: arm: vgic: Fix limit condition when writing to GICD_IACTIVER (bsc#1133021).
• KVM: Implement kvm_put_guest() (bsc#1172197 jsc#SLE-13593).
• KVM: Play nice with read-only memslots when querying host page size (bsc#1133021).
• KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729).
• KVM: Reinstall old memslots if arch preparation fails (bsc#1133021).
• KVM: s390: Remove false WARN_ON_ONCE for the PQAP instruction (bsc#1133021).
• KVM: x86: Fix APIC page invalidation race (bsc#1133021).
• l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17).
• leds: 88pm860x: fix use-after-free on unbind (git-fixes).
• leds: core: Flush scheduled work for system suspend (git-fixes).
• leds: da903x: fix use-after-free on unbind (git-fixes).
• leds: gpio: Fix semantic error (git-fixes).
• leds: lm3533: fix use-after-free on unbind (git-fixes).
• leds: lm355x: avoid enum conversion warning (git-fixes).
• leds: lm36274: fix use-after-free on unbind (git-fixes).
• leds: wm831x-status: fix use-after-free on unbind (git-fixes).
• libbpf: Wrap source argument of BPF_CORE_READ macro in parentheses (bsc#1155518).
• liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes).
• llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17).
• locktorture: Print ratio of acquisitions, not failures (bsc#1149032).
• mac80211: allow rx of mesh eapol frames with default rx key (git-fixes).
• mac80211: fix misplaced while instead of if (git-fixes).
• mac80211: mesh: Free ie data when leaving mesh (git-fixes).
• mac80211: mesh: Free pending skb when destroying a mpath (git-fixes).
• Mark the SLE15-SP2 kernel properly released. There perhaps was a typo, when SUSE_KERNEL_RELEASED missed the trailing 'D' - this leads to our kernels being marked as 'Unreleased kernel'. SUSE_KERNEL_RELEASED is defined in rpm/kernel-binary.spec.in. To fix that, it should be enough to switch from SUSE_KERNEL_RELEASE to SUSE_KERNEL_RELEASED.
• md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes).
• md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes).
• media: budget-core: Improve exception handling in budget_register() (git-fixes).
• media: camss: fix memory leaks on error handling paths in probe (git-fixes).
• media: cxusb-analog: fix V4L2 dependency (git-fixes).
• media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes).
• media: firewire: Using uninitialized values in node_probe() (git-fixes).
• media: marvell-ccic: Add missed v4l2_async_notifier_cleanup() (git-fixes).
• media: media-request: Fix crash if memory allocation fails (git-fixes).
• media: nuvoton-cir: remove setting tx carrier functions (git-fixes).
• media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes).
• media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic (git-fixes).
• media: rockchip: rga: Only set output CSC mode for RGB input (git-fixes).
• media: sur40: Remove uninitialized_var() usage (git-fixes).
• media: vpss: clean up resources in init (git-fixes).
• media: vsp1: dl: Fix NULL pointer dereference on unbind (git-fixes).
• mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes).
• mfd: dln2: Run event handler loop under spinlock (git-fixes).
• mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs (jsc#SLE-13411).
• mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28).
• mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#1154488).
• mlxsw: pci: Fix use-after-free in case of failed devlink reload (networking-stable-20_07_17).
• mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (networking-stable-20_07_17).
• mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691).
• mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617).
• mm: filemap: clear idle flag for writes (bsc#1175769).
• mm: Fix protection usage propagation (bsc#1174002).
• mmc: sdhci-cadence: do not use hardware tuning for SD mode (git-fixes).
• mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1 (git-fixes).
• mtd: properly check all write ioctls for permissions (git-fixes).
• mtd: rawnand: fsl_upm: Remove unused mtd var (git-fixes).
• mtd: rawnand: qcom: avoid write to unavailable register (git-fixes).
• mvpp2: ethtool rxtx stats fix (networking-stable-20_06_28).
• mwifiex: Fix firmware filename for sd8977 chipset (git-fixes).
• mwifiex: Fix firmware filename for sd8997 chipset (git-fixes).
• mwifiex: Prevent memory corruption handling keys (git-fixes).
• ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769).
• net, sk_msg: Clear sk_user_data pointer on clone if tagged (bsc#1155518).
• net, sk_msg: Do not use RCU_INIT_POINTER on sk_user_data (bsc#1155518).
• net/bpfilter: Initialize pos in __bpfilter_process_sockopt (bsc#1155518).
• net/bpfilter: split __bpfilter_process_sockopt (bsc#1155518).
• net/ena: Fix build warning in ena_xdp_set() (bsc#1174852).
• net/mlx5: DR, Change push vlan action sequence (jsc#SLE-8464).
• net/mlx5: E-switch, Destroy TSAR when fail to enable the mode (jsc#SLE-8464).
• net/mlx5: Fix eeprom support for SFP module (networking-stable-20_07_17).
• net/mlx5e: Fix 50G per lane indication (networking-stable-20_07_17).
• net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (jsc#SLE-8464).
• net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (networking-stable-20_07_17).
• net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28).
• net: core: reduce recursion limit value (networking-stable-20_06_28).
• net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28).
• net: dsa: microchip: set the correct number of ports (networking-stable-20_07_17).
• net: ena: add reserved PCI device ID (bsc#1174852).
• net: ena: add support for reporting of packet drops (bsc#1174852).
• net: ena: add support for the rx offset feature (bsc#1174852).
• net: ena: add support for traffic mirroring (bsc#1174852).
• net: ena: add unmask interrupts statistics to ethtool (bsc#1174852).
• net: ena: allow setting the hash function without changing the key (bsc#1174852).
• net: ena: avoid memory access violation by validating req_id properly (bsc#1174852).
• net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852).
• net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852).
• net: ena: change default RSS hash function to Toeplitz (bsc#1174852).
• net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1154492).
• net: ena: changes to RSS hash key allocation (bsc#1174852).
• net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852).
• net: ena: cosmetic: code reorderings (bsc#1174852).
• net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852).
• net: ena: cosmetic: fix line break issues (bsc#1174852).
• net: ena: cosmetic: fix spacing issues (bsc#1174852).
• net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852).
• net: ena: cosmetic: minor code changes (bsc#1174852).
• net: ena: cosmetic: remove unnecessary code (bsc#1174852).
• net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852).
• net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852).
• net: ena: cosmetic: satisfy gcc warning (bsc#1174852).
• net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852).
• net: ena: drop superfluous prototype (bsc#1174852).
• net: ena: enable support of rss hash key and function changes (bsc#1174852).
• net: ena: ethtool: clean up minor indentation issue (bsc#1174852).
• net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852).
• net: ena: fix continuous keep-alive resets (bsc#1174852).
• net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852).
• net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852).
• net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852).
• net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852).
• net: ena: Make missed_tx stat incremental (git-fixes).
• net: ena: Make some functions static (bsc#1174852).
• net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852).
• net: ena: Prevent reset after device destruction (git-fixes).
• net: ena: reduce driver load time (bsc#1174852).
• net: ena: remove code that does nothing (bsc#1174852).
• net: ena: remove set but not used variable 'hash_key' (bsc#1174852).
• net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852).
• net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852).
• net: ena: support new LLQ acceleration mode (bsc#1174852).
• net: ena: use explicit variable size for clarity (bsc#1174852).
• net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852).
• net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.)
• net: fix memleak in register_netdevice() (networking-stable-20_06_28).
• net: Fix the arp error in some cases (networking-stable-20_06_28).
• net: hns3: fix error handling for desc filling (git-fixes).
• net: hns3: fix for not calculating TX BD send size correctly (git-fixes).
• net: hns3: fix return value error when query MAC link status fail (git-fixes).
• net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28).
• net: lan78xx: add missing endpoint sanity check (git-fixes).
• net: lan78xx: fix transfer-buffer memory leak (git-fixes).
• net: lan78xx: replace bogus endpoint lookup (git-fixes).
• net: mvneta: fix use of state->speed (networking-stable-20_07_17).
• net: phy: Check harder for errors in get_phy_id() (git-fixes).
• net: phy: fix memory leak in device-create error path (git-fixes).
• net: qrtr: Fix an out of bounds read qrtr_endpoint_post() (networking-stable-20_07_17).
• net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28).
• net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17).
• net_sched: fix a memory leak in atm_tc_init() (networking-stable-20_07_17).
• netdevsim: fix unbalaced locking in nsim_create() (git-fixes).
• nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes).
• nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes).
• ntb: Fix static check warning in perf_clear_test (git-fixes).
• ntb: Fix the default port and peer numbers for legacy drivers (git-fixes).
• ntb: hw: remove the code that sets the DMA mask (git-fixes).
• ntb: ntb_pingpong: Choose doorbells based on port number (git-fixes).
• ntb: ntb_test: Fix bug when counting remote files (git-fixes).
• ntb: ntb_tool: reading the link file should not end in a NULL byte (git-fixes).
• ntb: perf: Do not require one more memory window than number of peers (git-fixes).
• ntb: perf: Fix race condition when run with ntb_test (git-fixes).
• ntb: perf: Fix support for hardware that does not have port numbers (git-fixes).
• ntb: Revert the change to use the NTB device dev for DMA allocations (git-fixes).
• ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes).
• ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes).
• nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108).
• nvme-multipath: fix logic for non-optimized paths (bsc#1172108).
• nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108).
• nvme-multipath: set bdi capabilities once (bsc#1159058).
• nvme-pci: Re-order nvme_pci_free_ctrl (bsc#1159058).
• nvme-rdma: Add warning on state change failure at (bsc#1159058).
• nvme-tcp: Add warning on state change failure at (bsc#1159058).
• nvme-tcp: fix possible crash in write_zeroes processing (bsc#1159058).
• nvme: add a Identify Namespace Identification Descriptor list quirk (git-fixes).
• nvme: always search for namespace head (bsc#1159058).
• nvme: avoid an Identify Controller command for each namespace (bsc#1159058).
• nvme: check namespace head shared property (bsc#1159058).
• nvme: clean up nvme_scan_work (bsc#1159058).
• nvme: cleanup namespace identifier reporting in (bsc#1159058).
• nvme: consolidate chunk_sectors settings (bsc#1159058).
• nvme: consolodate io settings (bsc#1159058).
• nvme: expose hostid via sysfs for fabrics controllers (bsc#1159058).
• nvme: expose hostnqn via sysfs for fabrics controllers (bsc#1159058).
• nvme: factor out a nvme_ns_remove_by_nsid helper (bsc#1159058).
• nvme: fix a crash in nvme_mpath_add_disk (git-fixes, bsc#1159058).
• nvme: Fix controller creation races with teardown flow (bsc#1159058).
• nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1159058).
• nvme: fix identify error status silent ignore (git-fixes, bsc#1159058).
• nvme: fix possible hang when ns scanning fails during error (bsc#1159058).
• nvme: kABI fixes for nvme_ctrl (bsc#1159058).
• nvme: Make nvme_uninit_ctrl symmetric to nvme_init_ctrl (bsc#1159058).
• nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108).
• nvme: prevent double free in nvme_alloc_ns() error handling (bsc#1159058).
• nvme: provide num dword helper (bsc#1159058).
• nvme: refactor nvme_identify_ns_descs error handling (bsc#1159058).
• nvme: refine the Qemu Identify CNS quirk (bsc#1159058).
• nvme: release ida resources (bsc#1159058).
• nvme: release namespace head reference on error (bsc#1159058).
• nvme: remove the magic 1024 constant in nvme_scan_ns_list (bsc#1159058).
• nvme: remove unused parameter (bsc#1159058).
• nvme: Remove unused return code from nvme_delete_ctrl_sync (bsc#1159058).
• nvme: rename __nvme_find_ns_head to nvme_find_ns_head (bsc#1159058).
• nvme: revalidate after verifying identifiers (bsc#1159058).
• nvme: revalidate namespace stream parameters (bsc#1159058).
• nvme: unlink head after removing last namespace (bsc#1159058).
• ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
• ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
• ocfs2: fix remounting needed after setfacl command (bsc#1173954).
• ocfs2: load global_inode_alloc (bsc#1172963).
• omapfb: dss: Fix max fclk divider for omap36xx (git-fixes).
• openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (networking-stable-20_06_28).
• PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes).
• PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes).
• PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register (git-fixes).
• PCI: Fix pci_cfg_wait queue locking problem (git-fixes).
• PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes).
• PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, git-fixes).
• PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes).
• PCI: qcom: Add missing reset for ipq806x (git-fixes).
• PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes).
• PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes).
• PCI: rcar: Fix runtime PM imbalance on error (git-fixes).
• PCI: Release IVRS table in AMD ACS quirk (git-fixes).
• PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes).
• PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes).
• PCI: tegra: Revert tegra124 raw_violation_fixup (git-fixes).
• phy: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes).
• phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY (git-fixes).
• phy: renesas: rcar-gen3-usb2: move irq registration to init (git-fixes).
• phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes).
• pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes).
• pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes).
• pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes).
• pinctrl: single: fix function name in documentation (git-fixes).
• platform/chrome: cros_ec_ishtp: Fix a double-unlock issue (git-fixes).
• platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15 (git-fixes).
• platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes).
• platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes).
• platform/x86: ISST: Add new PCI device ids (git-fixes).
• PM: wakeup: Show statistics for deleted wakeup sources again (git-fixes).
• power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes).
• powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729).
• powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729).
• powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729).
• powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729).
• powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689).
• powerpc/fadump: Fix build error with CONFIG_PRESERVE_FA_DUMP=y (bsc#1156395).
• powerpc/iommu: Allow bypass-only for DMA (bsc#1156395).
• powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284).
• powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284).
• powerpc/papr_scm: Add support for fetching nvdimm 'fuel-gauge' metric (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769).
• powerpc/papr_scm: Fetch nvdimm health information from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769).
• powerpc/papr_scm: Fetch nvdimm performance stats from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769).
• powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769).
• powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769).
• powerpc/papr_scm: Mark papr_scm_ndctl() as static (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769).
• powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729).
• powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729).
• powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630).
• powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574).
• powerpc/pseries: PCIE PHB reset (bsc#1174689).
• powerpc/pseries: remove cede offline state for CPUs (bsc#1065729).
• powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729).
• powerpc/vdso: Fix vdso cpu truncation (bsc#1065729).
• powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729).
• powerpc: Document details on H_SCM_HEALTH hcall (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769).
• pseries: Fix 64 bit logical memory block panic (bsc#1065729).
• pwm: bcm-iproc: handle clk_get_rate() return (git-fixes).
• qed: suppress 'do not support RoCE & iWARP' flooding on HW init (git-fixes).
• qed: suppress false-positives interrupt error messages on HW init (git-fixes).
• r8169: fix jumbo configuration for RTL8168evl (bsc#1175296).
• r8169: fix jumbo packet handling on resume from suspend (bsc#1175296).
• r8169: fix resume on cable plug-in (bsc#1175296).
• r8169: fix rtl_hw_jumbo_disable for RTL8168evl (bsc#1175296).
• r8169: move disabling interrupt coalescing to RTL8169/RTL8168 init (bsc#1175296).
• r8169: read common register for PCI commit (bsc#1175296).
• random32: move the pseudo-random 32-bit definitions to prandom.h (git-fixes).
• random32: remove net_rand_state from the latent entropy gcc plugin (git-fixes).
• random: fix circular include dependency on arm64 after addition of percpu.h (git-fixes).
• RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (git-fixes).
• RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes).
• RDMA/cm: Fix checking for allowed duplicate listens (git-fixes).
• RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id() (git-fixes).
• RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes).
• RDMA/cm: Remove a race freeing timewait_info (git-fixes).
• RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes).
• RDMA/cma: Protect bind_list and listen_list while finding matching cm id (git-fixes).
• RDMA/core: Fix double destruction of uobject (git-fixes).
• RDMA/core: Fix double put of resource (git-fixes).
• RDMA/core: Fix missing error check on dev_set_name() (git-fixes).
• RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes).
• RDMA/core: Fix race between destroy and release FD object (git-fixes).
• RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes).
• RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes).
• RDMA/counter: Query a counter before release (git-fixes).
• RDMA/efa: Set maximum pkeys device attribute (git-fixes).
• RDMA/hns: Bugfix for querying qkey (git-fixes).
• RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes).
• RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes).
• RDMA/iwcm: Fix iwcm work deallocation (git-fixes).
• RDMA/mad: Do not crash if the rdma device does not have a umad interface (git-fixes).
• RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (git-fixes).
• RDMA/mlx4: Initialize ib_spec on the stack (git-fixes).
• RDMA/mlx5: Add init2init as a modify command (git-fixes).
• RDMA/mlx5: Add missing srcu_read_lock in ODP implicit flow (jsc#SLE-8446).
• RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (git-fixes).
• RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails (jsc#SLE-8446).
• RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes).
• RDMA/mlx5: Fix typo in enum name (git-fixes).
• RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes).
• RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446).
• RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes).
• RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes).
• RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes).
• RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (git-fixes).
• RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes).
• RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (git-fixes).
• RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes).
• RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes).
• RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes).
• RDMA/rxe: Set default vendor ID (git-fixes).
• RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes).
• RDMA/siw: Fix failure handling during device creation (git-fixes).
• RDMA/siw: Fix passive connection establishment (git-fixes).
• RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes).
• RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr() (git-fixes).
• RDMA/siw: Fix reporting vendor_part_id (git-fixes).
• RDMA/siw: Fix setting active_mtu attribute (git-fixes).
• RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes).
• RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes).
• RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes).
• regmap: debugfs: check count when read regmap file (git-fixes).
• regmap: dev_get_regmap_match(): fix string comparison (git-fixes).
• regulator: gpio: Honor regulator-boot-on property (git-fixes).
• remoteproc: qcom: q6v5: Update running state before requesting stop (git-fixes).
• remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load (git-fixes).
• remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load (git-fixes).
• Revert 'ALSA: hda: call runtime_allow() for all hda controllers' (git-fixes).
• Revert 'drm/amd/display: Expose connector VRR range via debugfs' (bsc#1152489) * refreshed for context changes
• Revert 'drm/amdgpu: Fix NULL dereference in dpm sysfs handlers' (git-fixes).
• Revert 'i2c: cadence: Fix the hold bit setting' (git-fixes).
• Revert 'RDMA/cma: Simplify rdma_resolve_addr() error flow' (git-fixes).
• Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (bsc#1171688 bsc#1174003).
• Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (bsc#1171688 bsc#1174003).
• rhashtable: Document the right function parameters (bsc#1174880).
• rhashtable: drop duplicated word in (bsc#1174880).
• rhashtable: Drop raw RCU deref in nested_table_free (bsc#1174880).
• rhashtable: Fix unprotected RCU dereference in __rht_ptr (bsc#1174880).
• rhashtable: Restore RCU marking on rhash_lock_head (bsc#1174880).
• RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (git-fixes).
• rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28).
• rpm/modules.fips: * add ecdh_generic (boo#1173813)
• rtc: goldfish: Enable interrupt in set_alarm() when necessary (git-fixes).
• rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes).
• rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353).
• rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes).
• rtw88: fix LDPC field for RA info (git-fixes).
• rtw88: fix short GI capability based on current bandwidth (git-fixes).
• sch_cake: do not call diffserv parsing code when it is not needed (networking-stable-20_06_28).
• sch_cake: do not try to reallocate or unshare skb unconditionally (networking-stable-20_06_28).
• sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17).
• scsi/fc: kABI fixes for new ELS_RPD definition (bsc#1171688 bsc#1174003).
• scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026).
• scsi: Fix trivial spelling (bsc#1171688 bsc#1174003).
• scsi: ipr: Fix softlockup when rescanning devices in petitboot (jsc#SLE-13654).
• scsi: ipr: remove unneeded semicolon (jsc#SLE-13654).
• scsi: ipr: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-13654).
• scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003).
• scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003).
• scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418).
• scsi: smartpqi: add RAID bypass counter (bsc#1172418).
• scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418).
• scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418).
• scsi: smartpqi: Identify physical devices without issuing INQUIRY (bsc#1172418).
• scsi: smartpqi: support device deletion via sysfs (bsc#1172418).
• scsi: smartpqi: update logical volume size after expansion (bsc#1172418).
• scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418).
• scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790).
• sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28).
• selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995).
• selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995).
• selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995).
• selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995).
• seq_buf: Export seq_buf_printf (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769).
• serial: 8250: change lock order in serial8250_do_startup() (git-fixes).
• serial: 8250: fix null-ptr-deref in serial8250_start_tx() (git-fixes).
• serial: 8250_mtk: Fix high-speed baud rates clamping (git-fixes).
• serial: 8250_pci: Move Pericom IDs to pci_ids.h (git-fixes).
• serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes).
• serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X (git-fixes).
• serial: mxs-auart: add missed iounmap() in probe failure and remove (git-fixes).
• serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes).
• serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes).
• serial: tegra: fix CREAD handling for PIO (git-fixes).
• soc/tegra: pmc: Enable PMIC wake event on Tegra194 (bsc#1175834).
• soc/tegra: pmc: Enable PMIC wake event on Tegra210 (bsc#1175116).
• soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag (git-fixes).
• spi: davinci: Remove uninitialized_var() usage (git-fixes).
• spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM (git-fixes).
• spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes).
• spi: mediatek: use correct SPI_CFG2_REG MACRO (git-fixes).
• spi: pxa2xx: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411).
• spi: rockchip: Fix error in SPI slave pio read (git-fixes).
• spi: spi-geni-qcom: Actually use our FIFO (git-fixes).
• spi: spidev: Align buffers for DMA (git-fixes).
• spi: stm32: fixes suspend/resume management (git-fixes).
• spi: sun4i: update max transfer size reported (git-fixes).
• staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes).
• staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes).
• staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes).
• staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes).
• Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes).
• staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes).
• staging: rtl8712: handle firmware load failure (git-fixes).
• staging: vchiq_arm: Add a matching unregister call (git-fixes).
• staging: wlan-ng: properly check endpoint types (git-fixes).
• tcp: do not ignore ECN CWR on pure ACK (networking-stable-20_06_28).
• tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (networking-stable-20_07_17).
• tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28).
• tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17).
• tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17).
• tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17).
• tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17).
• tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28).
• thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() (git-fixes).
• tpm: Require that all digests are present in TCG_PCR_EVENT2 structures (git-fixes).
• tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362).
• tracepoint: Mark __tracepoint_string's __used (git-fixes).
• tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes).
• ubsan: check panic_on_warn (bsc#1174805).
• uio_pdrv_genirq: Remove warning when irq is not specified (bsc#1174762).
• update upstream reference
• usb: bdc: Halt controller on suspend (git-fixes).
• usb: core: fix quirks_param_set() writing to a const pointer (git-fixes).
• usb: dwc2: gadget: Make use of GINTMSK2 (git-fixes).
• usb: dwc3: pci: add support for the Intel Jasper Lake (git-fixes).
• usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant (git-fixes).
• usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength (git-fixes).
• usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes).
• usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes).
• usb: hso: check for return value in hso_serial_common_create() (git-fixes).
• usb: hso: Fix debug compile warning on sparc32 (git-fixes).
• usb: iowarrior: fix up report size handling for some devices (git-fixes).
• usb: mtu3: clear dual mode of u3port when disable device (git-fixes).
• usb: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes).
• usb: serial: cp210x: re-enable auto-RTS on open (git-fixes).
• usb: serial: iuu_phoenix: fix led-activity helpers (git-fixes).
• usb: serial: qcserial: add EM7305 QDL product ID (git-fixes).
• usb: tegra: Fix allocation for the FPCI context (git-fixes).
• usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes).
• usb: xhci: define IDs for various ASMedia host controllers (git-fixes).
• usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes).
• usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes).
• usbip: tools: fix module name in man page (git-fixes).
• video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes).
• video: fbdev: savage: fix memory leak on error handling path in probe (git-fixes).
• video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes).
• video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes).
• vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17).
• vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199).
• vt: Reject zero-sized screen buffer size (git-fixes).
• watchdog: f71808e_wdt: clear watchdog timeout occurred flag (git-fixes).
• watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (git-fixes).
• watchdog: f71808e_wdt: remove use of wrong watchdog_info option (git-fixes).
• watchdog: initialize device before misc_register (git-fixes).
• wireless: Use linux/stddef.h instead of stddef.h (git-fixes).
• wireless: Use offsetof instead of custom macro (git-fixes).
• wl1251: fix always return 0 error (git-fixes).
• x86/bugs/multihit: Fix mitigation reporting when VMX is not in use (git-fixes).
• xen/pvcalls-back: test for errors when calling backend_connect() (bsc#1065600).
• xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645).
• xfrm: policy: match with both mark and mask on user interfaces (bsc#1174645).
• xfs: do not eat an EIO/ENOSPC writeback error when scrubbing data fork (git-fixes).
• xfs: fix inode allocation block res calculation precedence (git-fixes).
• xfs: fix reflink quota reservation accounting error (git-fixes).
• xfs: preserve rmapbt swapext block reservation from freed blocks (git-fixes).

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bug was fixed:

• CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).

This update for openldap2 fixes the following issues:

• bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125.

This update for libxml2 fixes the following issues:

• CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179).

SUSE-IU-2020:90-1

This update for gpg2 fixes the following security issue:

• CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745).

This update for perl fixes the following issues:

• CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718)

This update for timezone provides the following fixes:

• North Korea switches back from +0830 to +09 on 2018-05-05.
• Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299)
• yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392)

This update for bind provides the following fix:

• Fixed ldapdump to use a temporary pseudo nameserver that conforms to BIND's expected syntax. Prior versions would not work correctly with an LDAP backed DNS server. (bsc#965748)
• Add SPF records in dnszone-schema file. (bsc#901577)

This update for mozilla-nss provides the following fixes:

• Update to NSS 3.36.4 required by Firefox 60.0.2. (bsc#1096515)
• Fix a problem that would cause connections to a server that was recently upgraded to TLS 1.3 to result in a SSL_RX_MALFORMED_SERVER_HELLO error.
• Fix a rare bug with PKCS#12 files.
• Use relro linker option.

This update for glibc fixes the following security issues:

• CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150).
• CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161).
• CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154).

This update for e2fsprogs fixes the following issues:
Security issues fixed:

• CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402).
• CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346).

• bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system.
• bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system.
• bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}.

This update for systemd provides the following fixes:

• systemctl: Mask always reports the same unit names when different unknown units are passed. (bsc#1095973)
• systemctl: Check the existence of all units, not just the first one.
• scsi_id: Fix the prefix for pre-SPC inquiry reply. (bsc#1039099)
• device: Make sure to always retroactively start device dependencies. (bsc#1088052)
• locale-util: On overlayfs FTW_MOUNT causes nftw(3) to not list *any* files.
• Fix pattern to detect distribution.
• install: The 'user' and 'global' scopes are equivalent for user presets. (bsc#1093851)
• install: Search for preset files in /run (#7715)
• install: Consider globally enabled units as 'enabled' for the user. (bsc#1093851)
• install: Consider non-Alias=/non-DefaultInstance= symlinks as 'indirect' enablement.
• install: Only consider names in Alias= as 'enabling'.
• udev: Whitelist mlx4_core locally-administered MAC addresses in the persistent rule generator. (bsc#1083158)
• man: Updated systemd-analyze blame description for service-units with Type=simple. (bsc#1091265)
• fileio: Support writing atomic files with timestamp.
• fileio.c: Fix incorrect mtime
• Drop runtime dependency on dracut, otherwise systemd pulls in tools to generate the initrd even in container/chroot installations that don't have a kernel. For environments where initrd matters, dracut should be pulled via a pattern. (bsc#1098569)
• An update broke booting with encrypted partitions on NVMe (bsc#1095096)

This update for cups fixes the following issues:
The following security vulnerabilities were fixed:

• Fixed a local privilege escalation to root and sandbox bypasses in the scheduler
• CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405)
• CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406)
• CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407)
• CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408)

This update for growpart provides the following fix:

• Support btrfs resize and handle ro setup in rootgrow. (bsc#1097455, bsc#1098681)

This update for libtirpc fixes the following issues:

• rpcinfo: send RPC getport call as specified via parameter (bsc#1072183)

This update for xfsprogs fixes the following issues:

• avoid divide-by-zero when hardware reports optimal i/o size as 0 (bsc#1089777)
• repair: shift inode back into place if corrupted by bad log replay (bsc#1105396).

This update for docker fixes the following issues:

• Build the client binary with -buildmode=pie to fix issues on POWER. (bsc#1100727)
• Fix an issue where changed AppArmor profiles don't actually get applied on Docker daemon reboot. (bsc#1099277)
• Update to AppArmor patch so that signal mediation also works for signals between in-container processes. (bsc#1073877)
• Do not log incorrect warnings when attempting to inject non-existent host files. (bsc#1065609)

This update for zlib provides the following fixes:

• Speedup zlib on power8. (fate#325307)
• Add safeguard against negative values in uInt. (bsc#1071321)

This update for openldap2 provides the following fix:

• Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640)

This update for sudo fixes the following issues:

• fix permissions for /var/lib/sudo and /var/lib/sudo/ts (bsc#1097643)

This update for ca-certificates fixes the following issues:

• Changed 'openssl' requirement to 'openssl(cli)' (bsc#1101470)

This update for python3 fixes the following issues:

• Add -fwrapv to OPTS, which is default for python3 for bugs which are caused by avoiding it. (bsc#1107030)

This update for bash provides the following fixes:

• Bugfix: Parse settings in inputrc for all screen TERM variables starting with 'screen.' (bsc#1095661)
• Make the generation of bash.html reproducible. (bsc#1100488)
• Use initgroups(3) instead of setgroups(2) to fix the usage of suid programs. (bsc#1095670)
• Fix a problem that could cause hash table bash uses to store exit statuses from asynchronous processes to develop loops in circumstances involving long-running scripts that create and reap many processes.
• Fix a problem that could cause the shell to loop if a SIGINT is received inside of a SIGINT trap handler.
• Fix cases where a failing readline command (e.g., delete-char at the end of a line) can cause a multi-character key sequence to 'back up' and attempt to re-read some of the characters in the sequence.
• Fix a problem when sourcing a file from an interactive shell, that setting the SIGINT handler to the default and typing ^C would cause the shell to exit.

This update for libxml2 fixes the following security issues:

• CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279)
• CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166)
• CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046)

This update for fuse fixes the following issues:

• CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797)

This update for logrotate provides the following fix:

• Ensure the HOME environment variable is set to /root when logrotate is started via systemd. This allows mariadb to rotate its logs when the database has a root password defined. (bsc#1093617)

This update for aaa_base provides the following fixes:

• Let bash.bashrc work even for (m)ksh. (bsc#1104531)
• Fix an error at login if java system directory is empty. (bsc#1102310)

This update for gettext-runtime provides the following fix:

• Reset the length of message string after a line has been removed to fix a crash in msgfmt when writing java source code and the .po file has a POT-Creation-Date header. (bsc#1106843)

This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:

• Volgograd moves from +03 to +04 on 2018-10-28.
• Fiji ends DST 2019-01-13, not 2019-01-20.
• Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
• Corrections to past timestamps of DST transitions
• Use 'PST' and 'PDT' for Philippine time
• minor code changes to zic handling of the TZif format
• documentation updates

• Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)

This update for kmod provides the following fixes:

• Allow 'modprobe -c' print the status of 'allow_unsupported_modules' option. (bsc#1112928)

This update for xfsprogs fixes the following issues:

• Explictly disable systemd unit files for scrub (bsc#1105068).

This update for glibc fixes the following issues:

• Fix build on aarch64 with binutils newer than 2.30.
• Fix year 2039 bug for localtime with 64-bit time_t (bsc#1102526)

This update provides the latest time zone definitions (2018g), including the following change:

• Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)

This update for pam fixes the following issues:

• Remove limits for nproc from /etc/security/limits.conf (bsc#1110700)

This update for systemd fixes the following issues:
Security issues fixed:

• CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632)
• CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665)

• dhcp6: split assert_return() to be more debuggable when hit
• core: skip unit deserialization and move to the next one when unit_deserialize() fails
• core: properly handle deserialization of unknown unit types (#6476)
• core: don't create Requires for workdir if 'missing ok' (bsc#1113083)
• logind: use manager_get_user_by_pid() where appropriate
• logind: rework manager_get_{user|session}_by_pid() a bit
• login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024)
• core: be more defensive if we can't determine per-connection socket peer (#7329)
• core: introduce systemd.early_core_pattern= kernel cmdline option
• core: add missing 'continue' statement
• core/mount: fstype may be NULL
• journald: don't ship systemd-journald-audit.socket (bsc#1109252)
• core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445)
• mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076)
• detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197)
• emergency: make sure console password agents don't interfere with the emergency shell
• man: document that 'nofail' also has an effect on ordering
• journald: take leading spaces into account in syslog_parse_identifier
• journal: do not remove multiple spaces after identifier in syslog message
• syslog: fix segfault in syslog_parse_priority()
• journal: fix syslog_parse_identifier()
• install: drop left-over debug message (#6913)
• Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool.
• Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761)
• man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040)
• systemctl: load unit if needed in 'systemctl is-active' (bsc#1102908)
• core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944)
• Enable or disable machines.target according to the presets (bsc#1107941)
• cryptsetup: add support for sector-size= option (fate#325697)
• nspawn: always use permission mode 555 for /sys (bsc#1107640)
• Bugfix for a race condition between daemon-reload and other commands (bsc#1105031)
• Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677)
• Fix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901)
• Does no longer adjust qgroups on existing subvolumes (bsc#1093753)
• cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135)

The GNU Compiler GCC 8 is being added to the Development Tools Module by this update.
The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15.
Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved.
The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened:
https://gcc.gnu.org/gcc-8/changes.html
Also changes needed or common pitfalls when porting software are described on:
https://gcc.gnu.org/gcc-8/porting_to.html

This update for libxkbcommon to version 0.8.2 fixes the following issues:

• Fix a few NULL-dereferences, out-of-bounds access and undefined behavior in the XKB text format parser.
• CVE-2018-15853: Endless recursion could have been used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (bsc#1105832).
• CVE-2018-15854: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (bsc#1105832).
• CVE-2018-15855: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled (bsc#1105832).
• CVE-2018-15856: An infinite loop when reaching EOL unexpectedly could be used by local attackers to cause a denial of service during parsing of crafted keymap files (bsc#1105832).
• CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList could have been used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file (bsc#1105832).
• CVE-2018-15858: Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file (bsc#1105832).
• CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled (bsc#1105832).
• CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure (bsc#1105832).
• CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers (bsc#1105832).
• CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression (bsc#1105832).
• CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created (bsc#1105832).

This update for nfsidmap fixes the following issues:

• Improve support for SAMBA with Active Directory. (bsc#1098217)

This update for rpcbind fixes the following issues:

• Fix tool stack buffer overflow aborting (bsc#969953)

This update for pam fixes the following issue:
Security issue fixed:

• CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640).

This update for ncurses fixes the following issues:
Security issue fixed:

• CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).

• Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).

This update for cups fixes the following issues:
Security issue fixed:

• CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750).

This update for tcpdump fixes the following issues:
Security issues fixed:

• CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267)

This update for perl fixes the following issues:
Secuirty issues fixed:

• CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674).
• CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675).
• CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681).
• CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686).

This update for libnettle fixes the following issues:
Security issues fixed:

• CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086)

This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues:
Issues fixed in MozillaFirefox:

• Update to Firefox ESR 60.4 (bsc#1119105)
• CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
• CVE-2018-18492: Fixed a use-after-free with select element
• CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia
• CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
• CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images
• CVE-2018-12405: Fixed a few memory safety bugs

• Update to NSS 3.40.1 (bsc#1119105)
• CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069)
• CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873)
• CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410)
• Fixed a decryption failure during FFDHE key exchange
• Various security fixes in the ASN.1 code

• Update mozilla-nspr to 4.20 (bsc#1119105)

This update for containerd, docker and go fixes the following issues:
containerd and docker:

• Add backport for building containerd (bsc#1102522, bsc#1113313)
• Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522)
• Enable seccomp support on SLE12 (fate#325877)
• Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522)
• Put containerd under the podruntime slice (bsc#1086185)
• 3rd party registries used the default Docker certificate (bsc#1084533)
• Handle build breakage due to missing 'export GOPATH' (caused by resolution of boo#1119634). I believe Docker is one of the only packages with this problem.

• golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187)
• Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634)
• Fix a regression that broke go get for import path patterns containing '...' (bsc#1119706)

This update for gpg2 fixes the following issue:
Security issue fixed:

• CVE-2018-1000858: Fixed a Cross Site Request Forgery(CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF (bsc#1120346).

This update for acl fixes the following issues:

• test: Add helper library to fake passwd/group files.
• quote: Escape literal backslashes. (bsc#953659)

This update for xfsprogs fixes the following issues:

• Fix root inode's parent when it's bogus for sf directory (xfs repair). (bsc#1119063)

This update for suse-build-key fixes the following issues:

• Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232)

This update for mozilla-nss fixes the following issues:

• The hmac packages used in FIPS certification inadvertently removed in last update: re-added. (bsc#1121207)
• Added 'Suggest:' for libfreebl3 and libsoftokn3 respective -hmac packages to avoid dependency issues during updates (bsc#1090767, bsc#1121045)

This update for wget fixes the following issues:
Security issue fixed:

• CVE-2018-20483: Fixed an information disclosure through file metadata (bsc#1120382)

This update for timezone fixes the following issues:

• Update 2018i: São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
• Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090

This update for chrony fixes the following issues:

• Generate chronyd sysconfig file. (bsc#1117147)

This update for systemd provides the following fixes:
Security issues fixed:

• CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323)
• CVE-2018-16866: Fixed an information leak in journald (bsc#1120323)
• CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919)
• Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971)

• pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498)
• systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933)
• systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723)
• Fixed installation issue with /etc/machine-id during update (bsc#1117063)
• btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753)
• logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591)
• udev: Downgrade message when settting inotify watch up fails. (bsc#1005023)
• udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696)

This update for kmod fixes the following issues:

• Fixes module dependency file corruption on parallel invocation (bsc#1118629).
• Allows 'modprobe -c' to print the status of 'allow_unsupported_modules' option.

This update for python3 fixes the following issues:
Security issue fixed:

• CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191)
• CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644)

This update for lua53 fixes the following issues:
Security issue fixed:

• CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043)

This update for MozillaFirefox, mozilla-nss fixes the following issues:
Security issues fixed:

• CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983).
• CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983).
• CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983).
• CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069).

• Update to MozillaFirefox ESR 60.5.0
• Update to mozilla-nss 3.41.1

This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues:
Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork:

• CVE-2018-16873: cmd/go: remote command execution during 'go get -u' (bsc#1118897)
• CVE-2018-16874: cmd/go: directory traversal in 'go get' via curly braces in import paths (bsc#1118898)
• CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899)

• Disable leap based builds for kubic flavor (bsc#1121412)
• Allow users to explicitly specify the NIS domainname of a container (bsc#1001161)
• Update docker.service to match upstream and avoid rlimit problems (bsc#1112980)
• Allow docker images larger then 23GB (bsc#1118990)
• Docker version update to version 18.09.0-ce (bsc#1115464)

This update for docker-runc fixes the following issues: Security issue fixed:

• CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967)

This update for itstool and python-libxml2-python fixes the following issues:
Package: itstool - Updated version to support Python3. (bnc#1111019)
Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270)

This update for systemd fixes the following issues:

• CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352)

• units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333)
• logind: fix bad error propagation
• login: log session state 'closing' (as well as New/Removed)
• logind: fix borked r check
• login: don't remove all devices from PID1 when only one was removed
• login: we only allow opening character devices
• login: correct comment in session_device_free()
• login: remember that fds received from PID1 need to be removed eventually
• login: fix FDNAME in call to sd_pid_notify_with_fds()
• logind: fd 0 is a valid fd
• logind: rework sd_eviocrevoke()
• logind: check file is device node before using .st_rdev
• logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153)
• core: add a new sd_notify() message for removing fds from the FD store again
• logind: make sure we don't trip up on half-initialized session devices (bsc#1123727)
• fd-util: accept that kcmp might fail with EPERM/EACCES
• core: Fix use after free case in load_from_path() (bsc#1121563)
• core: include Found state in device dumps
• device: fix serialization and deserialization of DeviceFound
• fix path in btrfs rule (#6844)
• assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025)
• Update systemd-system.conf.xml (bsc#1122000)
• units: inform user that the default target is started after exiting from rescue or emergency mode
• core: free lines after reading them (bsc#1123892)
• sd-bus: if we receive an invalid dbus message, ignore and proceeed
• automount: don't pass non-blocking pipe to kernel.

This update for xkeyboard-config fixes the following issues:

• Fixes missing mappings for evdev keys KEY_RFKILL and KEY_WWAN. (bsc#1123784)

This update for supportutils fixes the following issues:
Security issues fixed:

• CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463).
• CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460).
• CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462).
• CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776).

• Fixed invalid exit code commands (bsc#1125666).
• Included additional SUSE separation (bsc#1125609).
• Merged added listing of locked packes by zypper.
• Exclude pam.txt per GDPR by default (bsc#1112461).
• Clarified -x functionality in supportconfig(8) (bsc#1115245).
• udev service and provide the whole journal content in supportconfig (bsc#1051797).
• supportconfig collects tuned profile settings (bsc#1071545).
• sfdisk -d no disk device specified (bsc#1043311).
• Added vulnerabilites status check in basic-health.txt (bsc#1105849).
• Added only sched_domain from cpu0.
• Blacklist sched_domain from proc.txt (bsc#1046681).
• Added firewall-cmd info.
• Add ls -lA --time-style=long-iso /etc/products.d/
• Dump lsof errors.
• Added corosync status to ha_info.
• Dump find errors in ib_info.

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:
Security issues fixed:

• CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).
• CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).
• CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).
• CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967).

• Update shell completion to use Group: System/Shells.
• Add daemon.json file with rotation logs configuration (bsc#1114832)
• Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
• Update go requirements to >= go1.10
• Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).
• Remove the usage of 'cp -r' to reduce noise in the build logs.

This update for supportutils fixes the following issues:

• Dont show error if /proc/fb is not present (bsc#1127069)
• Fixed issue where dasdview got called with wrong arguments (bsc#1109664)
• Clarified -t argument description in help output (bsc#1121043)
• Fixed grep error in NTP when /etc/cron.d is empty (bsc#1127063)
• Collect systemd journal logs with minimum installation (bsc#1094225)
• Fixed tar file generation (bsc#1120049)

This update for bind fixes the following issues:

• Fixes dynamic DNS updates against samba and Microsoft DNS servers (bsc#1094236).

This update for file fixes the following issues:
The following security vulnerabilities were addressed:

• CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974)
• CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118)
• CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119)
• CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117)

This update for cups fixes the following issues:

• Fixed validation of UTF-8 filenames to avoid crashes (bsc#1118118)

This update for glibc provides the following fixes:

• Fix Haswell CPU string flags. (bsc#1114984)
• Fix waiters-after-spinning case. (bsc#1114993)
• Do not relocate absolute symbols. (bsc#1112570)
• Add glibc-locale-base subpackage containing only C, C.UTF-8 and en_US.UTF-8 locales. (fate#326551)
• Add HWCAP_ATOMICS to HWCAP_IMPORTANT (fate#325962)
• Remove slow paths from math routines. (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882)

This update for cyrus-sasl provides the following fix:

• Fix a problem that was causing syslog to be polluted with messages 'GSSAPI client step 1'. By server context the connection will be sent to the log function but the client content does not have log level information, so there is no way to stop DEBUG level logs. (bsc#1044840)

This update for glibc fixes the following issues:

• Add MAP_SYNC from Linux 4.15 (bsc#1126590)
• Add MAP_SHARED_VALIDATE from Linux 4.15 (bsc#1126590)
• nptl: Preserve error in setxid thread broadcast in coredumps (bsc#1063675, BZ #22153)

This update for aaa_base fixes the following issues:

• Restore old position of ssh/sudo source of profile (bsc#1118364).
• Update logic for JRE_HOME env variable (bsc#1128246)

This update for sqlite3 to version 3.27.2 fixes the following issue:
Security issue fixed:

• CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687).

This update for timezone fixes the following issues:
timezone was updated 2019a:

• Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
• Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
• Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
• zic now has an -r option to limit the time range of output data

This update for libnettle to version 3.4.1 fixes the following issues:
Issues addressed and new features:

• Updated to 3.4.1 (fate#327114 and bsc#1129598)
• Fixed a missing break statements in the parsing of PEM input files in pkcs1-conv.
• Fixed a link error on the pss-mgf1-test which was affecting builds without public key support.
• All functions using RSA private keys are now side-channel silent. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption.
• Changes in behavior: The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended.

This update for libtirpc fixes the following issues:

• Fix a yp_bind_client_create_v3: RPC: Unknown host error (bsc#1126096).
• add an option to enforce connection via protocol version 2 first (bsc#1120689).

This update for glibc fixes the following issues:
Security issue fixed:

• CVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729).

• Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045).
• Added new Japanese Era name support (bsc#1100396).

This update for chrony fixes the following issues:

• Fix ordering and dependencies of chronyd.service, so that it is started after name resolution is up (bsc#1129914).

This update for wget fixes the following issues:
Security issue fixed:

• CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493).

This update for tar fixes the following issues:
Security issues fixed:

• CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).
• CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610).

This update for python-rpm-macros fixes the following issues:
The Python RPM macros were updated to version 20190408.32abece, fixing bugs (bsc#1128323)

• Add missing $ expansion on the pytest call
• Rewrite pytest and pytest_arch into Lua macros with multiple arguments.
• We should preserve existing PYTHONPATH.
• Add --ignore to pytest calls to ignore build directories.
• Actually make pytest into function to capture arguments as well
• Add pytest definitions.
• Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros.
• Fix an issue with epoch printing having too many \
• add epoch while printing 'Provides:'

This update for python3 fixes the following issues:
Security issue fixed:

• CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346).

This update for zlib fixes the following issues:

• Fixes a segmentation fault error (bsc#1110304, bsc#1129576)

This update for docker-runc fixes the following issues:

• Backport various upstream patches to fix some kernel regression related to O_TMPFILE. bsc#1131314 bsc#1131553

This update for samba fixes the following issues:
Security issue fixed:

• CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060).

• Out of bound read in ldb_wildcard_compare
• Hold at most 10 outstanding paged result cookies
• Put 'results_store' into a doubly linked list
• Refuse to build Samba against a newer minor version of ldb

• Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377).
• Abide to the load_printers parameter in smb.conf (bsc#1124223).
• Provide the 32bit samba winbind PAM module and its dependend 32bit libraries.

This update for sqlite3 to version 3.28.0 fixes the following issues:
Security issues fixed:

• CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326).
• CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325).

This update for python-Jinja2 to version 2.10.1 fixes the following issues:
Security issues fixed:

• CVE-2019-8341: Fixed a command injection in from_string() (bsc#1125815).
• CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323).

This update for sg3_utils fixes the following issues:

• Update to version 1.44~763+19.1ed0757: * rescan-scsi-bus.sh: use LUN wildcard in idlist (bsc#1069384) * 40-usb-blacklist.rules: use ID_SCSI_INQUIRY (bsc#840054, bsc#1131482) * Changed versioning scheme (svn r763, pre-release of upstream 1.44, plus 16 SUSE patches, SUSE git commit b2fedfa) * 59-fc-wwpn-id.rules: fix rule syntax (bsc#1133418)
• Spec file: add fc_wwpn_id to generate by-path links for fibrechannel (bsc#1005063)

This update for bzip2 fixes the following issues:
Security issue fixed:

• CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657).

This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:

• CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).
• CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).
• CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).
• CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).
• CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).

• Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).
• Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).
• Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).
• docker-test: Improvements to test packaging (bsc#1128746).
• Move daemon.json file to /etc/docker directory (bsc#1114832).
• Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209).
• Fix go build failures (bsc#1121397).

This update for aaa_base fixes the following issue:
* Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191)

This update for python3 to version 3.6.8 fixes the following issues:
Security issue fixed:

• CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840).

• Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452).

This update for systemd fixes the following issues:
Security issues fixed:

• CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348).
• CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352).
• CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509).

• logind: fix killing of scopes (bsc#1125604)
• namespace: make MountFlags=shared work again (bsc#1124122)
• rules: load drivers only on 'add' events (bsc#1126056)
• sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
• systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933)
• udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400)
• sd-bus: bump message queue size again (bsc#1132721)
• Do not automatically online memory on s390x (bsc#1127557)
• Removed sg.conf (bsc#1036463)

This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:

• CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)

This update for libtasn1 fixes the following issues:
Security issue fixed:

• CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).

This update for supportutils fixes the following issues:

• Updated to version 3.1.3 + Uses SUSE FTP servers (bsc#1132865) + btrfs quota #43 + supportconfig: open-files: add file flags #44 + Merged etc_info: Add support for .cfg files in /etc dir #46 + Silence warning in rpm backup db collection path #47 + Set files in tarball to 660 instead of 600 #48 + SUSE separation finalized (bsc#1125623) + Default compression through xz, but -z forces bzip2 + Updated man pages (bsc#1088234) + Changed VAR_OPTION_BIN_TIMEOUT_SEC from 300 to 120 + Avoids some IO delays (bsc#1100529) + Corrected supported services help info for -U + Collects iSCSI Target information (bsc#1133844) + FTPES uses --ssl-reqd instead of depricated --ftp-ssl + Defaults to https FTP server uploads (bsc#1134599)

• Updated to version 3.1.2 + Fixed missing sapconf and log (bsc#1081326) + Added timed_log_cmd to hwinfo and showmount commands (bsc#1120967)

This update for libpng16 fixes the following issues:
Security issues fixed:

• CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211).
• CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687)

This update for bind fixes the following issues:
Security issues fixed:

• CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).
• CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068).
• CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185).
• CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).

This update for vim fixes the following issue:
Security issue fixed:

• CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443).

This update for e2fsprogs fixes the following issues:

• Check and fix tails of all bitmap blocks (bsc#1128383)

This update for elfutils fixes the following issues:
Security issues fixed:

• CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084)
• CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085)
• CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086)
• CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087)
• CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088)
• CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089)
• CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090)
• CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
• CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066)
• CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)
• CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973)
• CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726)
• CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
• CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
• CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007)

This update for python-requests to version 2.20.1 fixes the following issues:
Security issue fixed:

• CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622).

This update for libidn fixes the following issue:

• The missing libidn11-32bit compat library package was provided. (bsc#1132869)

This update for docker fixes the following issues:
Security issue fixed:

• CVE-2018-15664: Fixed an issue which could make docker cp vulnerable to symlink-exchange race attacks (bsc#1096726).

This update for dbus-1 fixes the following issues:
Security issue fixed:

• CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832).

This update for rpcbind fixes the following issues:

• Change rpcbind locking path from /var/run/rpcbind.lock to /run/rpcbind.lock. (bsc#1134659)
• Change the order of socket/service in the %postun scriptlet to avoid an error from rpcbind.socket when rpcbind is running during package update.

This update for xfsprogs fixes the following issues:

• xfs_repair: will now allow '/' in attribute names (bsc#1122271)
• xfs_repair: will now allow zeroing of corrupt log (bsc#1073421)
• enabdled offline (unmounted) filesystem geometry queries (bsc#1129859)

This update for xz fixes the following issues:
Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709]

This update for krb5 provides the following fix:

• Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap. (bsc#1134217)

This update for libssh fixes the following issue:
Issue addressed:

• Added support for new AES-GCM encryption types (bsc#1134193).

This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues:
Changes in ruby2.5:
Update to 2.5.5 and 2.5.4:
https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/
Security issues fixed:

• CVE-2019-8320: Delete directory using symlink when decompressing tar (bsc#1130627)
• CVE-2019-8321: Escape sequence injection vulnerability in verbose (bsc#1130623)
• CVE-2019-8322: Escape sequence injection vulnerability in gem owner (bsc#1130622)
• CVE-2019-8323: Escape sequence injection vulnerability in API response handling (bsc#1130620)
• CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution (bsc#1130617)
• CVE-2019-8325: Escape sequence injection vulnerability in errors (bsc#1130611)

• CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives (bsc#1112532)
• CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly (bsc#1112530)

• CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434)
• CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441)
• CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436)
• CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433)
• CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440)
• CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437)

• Multiple vulnerabilities in RubyGems were fixed:

• Fixed Net::POPMail methods modify frozen literal when using default arg
• ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790)
• build with PIE support (bsc#1130028)

• Add a new helper for bundled ruby gems.

This update for libgcrypt fixes the following issues:

• Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808

This update for timezone fixes the following issues:

• Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation.

This update for expat fixes the following issues:
Security issue fixed:

• CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937).

This update for bzip2 fixes the following issues:
Security issue fixed:

• CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083).

This update for systemd fixes the following issues:

• conf-parse: remove 4K line length limit (bsc#1137053)
• udevd: change the default value of udev.children-max (again) (bsc#1107617)
• meson: stop creating enablement symlinks in /etc during installation (sequel)
• Fixed build for openSUSE Leap 15+
• Make sure we don't ship any static enablement symlinks in /etc Those symlinks must only be created by the presets. There are no changes in practice since systemd/udev doesn't ship such symlinks in /etc but let's make sure no future changes will introduce new ones by mistake.

This update for MozillaFirefox, mozilla-nss fixes the following issues:
MozillaFirefox to version ESR 60.8:

• CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868).
• CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868).
• CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868).
• CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868).
• CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868).
• CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868).
• CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868).
• CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868).
• CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868).
• CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868).

• Added IPSEC IKE support to softoken
• Many new FIPS test cases

This update for glibc fixes the following issues:
Security issues fixed:

• CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308).
• CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223).

• Does no longer compress debug sections in crt*.o files (bsc#1123710)
• Fixes a concurrency problem in ldconfig (bsc#1117993)
• Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330)

This update for libgcrypt fixes the following issues:
Security issue fixed:

• CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939).

This update for libxml2 fixes the following issues:

• Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123)

This update for docker fixes the following issues:

• Mark daemon.json as %config(noreplace) to not overwrite it during installation (bsc#1138920)

This update for bzip2 fixes the following issues:

• Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083).

This update for cloud-init fixes the following issues:

• Fixes a bug where only the last defined route was written to the routes configuration file (bsc#1132692)
• Fixes a bug where a new network rules file for network devices didn't apply immediately (bsc#1125950)
• Improved the writing of route config files to avoid issues (bsc#1125992)
• Fixes a bug where OpenStack instances where not detected on VIO (bsc#1136440)
• Fixes a bug where IPv4 and IPv6 were not set up as default routes (bsc#1121878)
• Added a fix to prevent the resolv.conf to be empty (bsc#1119397)
• Uses now the proper name to designate IPv6 addresses in ifcfg-* files (bsc#1126101)
• Fixes an issue where the ifroute-eth0 file got corrupted when cloning an existing instance (bsc#1123694)

This update for gpg2 fixes the following issues:
Security issue fixed:

• CVE-2019-13050: Fixed a denial of service attacks via big keys (bsc#1141093).

• Allow coredumps in X11 desktop sessions (bsc#1124847)

This update for python3 fixes the following issues:
Security issue fixed:

• CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459).
• CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853).

• Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814).

This update for tcpdump fixes the following issues:
Security issues fixed:

• CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439).
• CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716).

This update for docker-img-store-setup fixes the following issues:

• Support creation of the container storage filesystem with XFS to use the overlay fs driver. (bsc#1138201)

This update for libgcrypt fixes the following issues:

• Fixed a regression where system were unable to boot in fips mode, caused by an incomplete implementation of previous change (bsc#1097073).

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:
Docker:

• CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409).
• CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160).
• Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649).

• Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920).
• Update to runc 425e105d5a03, which is required by Docker (bsc#1139649).

• CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967).
• Update to containerd v1.2.6, which is required by docker (bsc#1139649).

• Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649).

This update for zlib fixes the following issues:

• Update the s390 patchset. (bsc#1137624)
• Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059)
• Use FAT LTO objects in order to provide proper static library.
• Do not enable the previous patchset on s390 but just s390x. (bsc#1137624)
• Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717)

This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to NSS 3.45 (bsc#1141322) :

• New function in pk11pub.h: PK11_FindRawCertsWithSubject
• The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374)
• Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078).
• Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579)
• Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262)
• Add IPSEC IKE support to softoken (bmo#1546229)
• Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616)
• Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed.
• Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime.

• Changed prbit.h to use builtin function on aarch64.
• Removed Gonk/B2G references.

This update for aaa_base fixes the following issues:

• Make systemd detection cgroup oblivious. (bsc#1140647)

This update for pinentry fixes the following issues:

• Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883)

This update for parted fixes the following issues:

• Included several minor bug fixes - for more details please refer to this rpm's changelog (bsc#1136245)
• Installs the license file in the correct directory (bsc#1082318)

This update for util-linux and shadow fixes the following issues:
util-linux:

• Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197)
• Prevent outdated pam files (bsc#1082293).
• De-duplicate fstrim -A properly (bsc#1127701).
• Do not trim read-only volumes (bsc#1106214).
• Integrate pam_keyinit pam module to login (bsc#1081947).
• Perform one-time reset of /etc/default/su (bsc#1121197).
• Fix problems in reading of login.defs values (bsc#1121197)
• libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417).
• raw.service: Add RemainAfterExit=yes (bsc#1135534).
• agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886)
• libmount: print a blacklist hint for 'unknown filesystem type' (jsc#SUSE-4085, fate#326832)
• Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197).

• Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197)
• Fix segfault in useradd during setting password inactivity period. (bsc#1141113)
• Hardening for su wrappers (bsc#353876)

This update for python-urllib3 fixes the following issues:
Security issues fixed:

• CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071).
• CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900).
• CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663).

This update for lmdb fixes the following issues:

• Fix occasional crash when freed pages landed on the dirty list twice (bsc#1136132).

This update for krb5 contains the following fixes:

• Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947)

This update for openldap2 fixes the following issues:
Security issue fixed:

• CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194).
• CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273).
• CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313)

• Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845).
• Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388)
• Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388).

This update for python-urllib3 fixes the following issues:

• Add missing dependency on python-six (bsc#1150895)

This update for aaa_base fixes the following issues:
Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132)
Following settings have been tightened (and set to 0):

• net.ipv4.conf.all.accept_redirects
• net.ipv4.conf.default.accept_redirects
• net.ipv4.conf.default.accept_source_route
• net.ipv6.conf.all.accept_redirects
• net.ipv6.conf.default.accept_redirects

This update for expat fixes the following issues:
Security issues fixed:

• CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429)

This update for cloud-init provides the following fixes:

• Properly handle static routes. The EphemeralDHCP context manager did not parse or handle rfc3442 classless static routes which prevented reading datasource metadata in some clouds. (bsc#1141969)
• The __str__ implementation no longer delivers the name of the interface, use the 'name' attribute instead to form a proper path in the sysfs tree. (bsc#1144363)
• If no routes are set for a subnet but the subnet has a gateway specified, set the gateway as the default route for the interface. (bsc#1144881)

This update for libseccomp fixes the following issues:
Security issues fixed:

• CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828)

• Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks.

• Update the syscall table for Linux v5.0-rc5
• Added support for the SCMP_ACT_KILL_PROCESS action
• Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute
• Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension
• Added support for the parisc and parisc64 architectures
• Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3)
• Return -EDOM on an endian mismatch when adding an architecture to a filter
• Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run()
• Fix PFC generation when a syscall is prioritized, but no rule exists
• Numerous fixes to the seccomp-bpf filter generation code
• Switch our internal hashing function to jhash/Lookup3 to MurmurHash3
• Numerous tests added to the included test suite, coverage now at ~92%
• Update our Travis CI configuration to use Ubuntu 16.04
• Numerous documentation fixes and updates

• Updated the syscall table for Linux v4.15-rc7

This update for sqlite3 fixes the following issues:
Security issue fixed:

• CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137).

This update for bind fixes the following issues:
Security issue fixed:

• CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687)

• bind will no longer rely on /etc/insserv.conf (bsc#1118367, bsc#1118368)

This update for sudo fixes the following issue:

• CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674).

This update for dhcp fixes the following issues:
Secuirty issue fixed:

• CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078).

• Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524).
• Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572).

This update for libpcap fixes the following issues:

• CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332).
• CVE-2018-16301: Fixed a buffer overflow (bsc#1153332).

This update for tcpdump fixes the following issues:

• CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).
• CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).
• CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).
• CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).
• CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).
• CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).
• CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).
• CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).
• CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).
• CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).
• CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).
• CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).
• CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).
• CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).
• CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).
• CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).
• CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).
• CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).
• CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).
• CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).
• CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).
• CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).
• CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).
• CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098).
• CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).
• CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).
• CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).

This update for e2fsprogs fixes the following issues:
Security issue fixed:

• CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101)

• libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716)

This update for libdb-4_8 fixes the following issues:

• Add off-page deadlock patch as found and documented by Red Hat. (bsc#1148244)

This update for rpcbind fixes the following issues:

• Return correct IP address with multiple ip addresses in the same subnet. (bsc#1142343)

This is a version update for pciutils-ids to version 20190830 (bsc#1133581, bsc#1127840)

This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:

• CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100).
• CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100).
• CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100).
• CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
• CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100).

• Fix CPU summary showing old data. (bsc#1121753)

• library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures
• library: Just check for SIGLOST and don't delete it
• library: Fix integer overflow and LPE in file2strvec CVE-2018-1124
• library: Use size_t for alloc functions CVE-2018-1126
• library: Increase comm size to 64
• pgrep: Fix stack-based buffer overflow CVE-2018-1125
• pgrep: Remove >15 warning as comm can be longer
• ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123
• ps: Increase command name selection field to 64
• top: Don't use cwd for location of config CVE-2018-1122
• update translations
• library: build on non-glibc systems
• free: fix scaling on 32-bit systems
• Revert 'Support running with child namespaces'
• library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
• doc: Document I idle state in ps.1 and top.1
• free: fix some of the SI multiples
• kill: -l space between name parses correctly
• library: dont use vm_min_free on non Linux
• library: don't strip off wchan prefixes (ps & top)
• pgrep: warn about 15+ char name only if -f not used
• pgrep/pkill: only match in same namespace by default
• pidof: specify separator between pids
• pkill: Return 0 only if we can kill process
• pmap: fix duplicate output line under '-x' option
• ps: avoid eip/esp address truncations
• ps: recognizes SCHED_DEADLINE as valid CPU scheduler
• ps: display NUMA node under which a thread ran
• ps: Add seconds display for cputime and time
• ps: Add LUID field
• sysctl: Permit empty string for value
• sysctl: Don't segv when file not available
• sysctl: Read and write large buffers
• top: add config file support for XDG specification
• top: eliminated minor libnuma memory leak
• top: show fewer memory decimal places (configurable)
• top: provide command line switch for memory scaling
• top: provide command line switch for CPU States
• top: provides more accurate cpu usage at startup
• top: display NUMA node under which a thread ran
• top: fix argument parsing quirk resulting in SEGV
• top: delay interval accepts non-locale radix point
• top: address a wishlist man page NLS suggestion
• top: fix potential distortion in 'Mem' graph display
• top: provide proper multi-byte string handling
• top: startup defaults are fully customizable
• watch: define HOST_NAME_MAX where not defined
• vmstat: Fix alignment for disk partition format
• watch: Support ANSI 39,49 reset sequences

This update for lz4 fixes the following issues:

• CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936).

This update for timezone fixes the following issues:

• Fiji observes DST from 2019-11-10 to 2020-01-12.
• Norfolk Island starts observing Australian-style DST.

This update for fipscheck fixes the following issues:

• Remove #include of unused fips.h to fix build with OpenSSL 1.1.1 (bsc#1149792)

This update for nfs-utils fixes the following issues:

• CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733)

This update for docker-runc fixes the following issues:

• CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308)

This update for python3 to 3.6.9 fixes the following issues:
Security issues fixed:

• CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955)
• CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238).

• Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490)
• Improved locale handling by implementing PEP 538.

This update for systemd provides the following fixes:

• Fix a problem that would cause invoking try-restart to an inactive service to hang when a daemon-reload is invoked before the try-restart returned. (bsc#1139459)
• man: Add a note about _netdev usage.
• units: Replace remote-cryptsetup-pre.target with remote-fs-pre.target.
• units: Add [Install] section to remote-cryptsetup.target.
• cryptsetup: Ignore _netdev, since it is used in generator.
• cryptsetup-generator: Use remote-cryptsetup.target when _netdev is present. (jsc#SLE-7687)
• cryptsetup-generator: Add a helper utility to create symlinks.
• units: Add remote-cryptsetup.target and remote-cryptsetup-pre.target.
• man: Add an explicit description of _netdev to systemd.mount(5).
• man: Order fields alphabetically in crypttab(5).
• man: Make crypttab(5) a bit easier to read.
• units: Order cryptsetup-pre.target before cryptsetup.target.
• Fix reporting of enabled-runtime units.
• sd-bus: Deal with cookie overruns. (bsc#1150595)
• rules: Add by-id symlinks for persistent memory. (bsc#1140631)
• Buildrequire polkit so /usr/share/polkit-1/rules.d subdir can be only owned by polkit. (bsc#1145023)

This update for aaa_base provides the following fixes:

• Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869)
• Add s390x compressed kernel support. (bsc#1151023)
• service: Check if there is a second argument before using it. (bsc#1051143)

This update for python-ecdsa to version 0.13.3 fixes the following issues:
Security issues fixed:

• CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165).
• CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217).

This update for bash fixes the following issues:

• Rework patch readline-7.0-screen (bsc#1143055): map all 'screen(-xxx)?.yyy(-zzz)?' to 'screen' as well as map 'konsole(-xxx)?' and 'gnome(-xxx)?' to 'xterm'
• Add a backport from bash 5.0 to perform better with large numbers of sub processes. (bsc#1133773)

This update for supportutils fixes the following issues:

• Removed LPM/DLPAR data for POWER. (bsc#1111029)
• Prevent running 'systool -vb memory' by default on systems with 16TB or more. (bsc#1127734)
• Added sed and gawk to spec requirements (bsc#1137336)

This update for ncurses fixes the following issues:
Security issues fixed:

• CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
• CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).

• Removed screen.xterm from terminfo database (bsc#1103320).

This update for xkeyboard-config fixes the following issues:

• Fix capslock in Old Hungarian layout (bsc#1153774)

This update for cups fixes the following issues:

• CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358).
• CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359).

This update for cpio fixes the following issues:

• CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199).

This update includes the GNU Compiler Collection 9.
A full changelog is provided by the GCC team on:
https://www.gnu.org/software/gcc/gcc-9/changes.html

The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages.
To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it.

Security issues fixed:

• CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
• CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)

• Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
• Fixed miscompilation for vector shift on s390. (bsc#1141897)

This update for gpg2 provides the following fix:

• Remove a build requirement on self. This is causing Leap 15.2 bootstrap to fail. (bsc#1152755)

This update for libidn2 to version 2.2.0 fixes the following issues:

• CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
• CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).

This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past.

This update for cloud-init to version 19.2 fixes the following issues:
Security issue fixed:

• CVE-2019-0816: Fixed the unnecessary extra ssh keys that were added to authorized_keys (bsc#1129124).

• Short circuit the conditional for identifying the sysconfig renderer (bsc#1154092, bsc#1142988).
• If /etc/resolv.conf is a symlink, break it. This will avoid netconfig from clobbering the changes cloud-init applied (bsc#1151488).

This update for e2fsprogs fixes the following issues:

• Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295)

This update for aaa_base fixes the following issues:

• Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934)
• Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715)
• Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278)

This update for growpart, growpart-rootgrow contains the following fixes:
growpart:

• Removed rootgrow sub-package as it is a standalone package now. (bsc#1154357, jsc#ECO-550)

• Added growpart-rootgrow as a standalone package. (bsc#1154357, jsc#ECO-550)
• Bump from version 1.0.0 to 1.0.1: - Fixed binary location in service unit file.

This update for ca-certificates-mozilla, p11-kit fixes the following issues:
Changes in ca-certificates-mozilla:

• export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871).

• support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871)

This update for libssh fixes the following issues:

• CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095).

This update for libgcrypt fixes the following issues:
Security issues fixed:

• CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987).

• Added CMAC AES self test (bsc#1155339).
• Added CMAC TDES self test missing (bsc#1155338).
• Fix test dsa-rfc6979 in FIPS mode.

This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to NSS 3.47.1:
Security issues fixed:

• CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
• CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527).
• CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322).

• Whitespace in C files was cleaned up and no longer uses tab characters for indenting.

This update for xfsprogs fixes the following issues:

• Remove the 'xfs_scrub_all' script from the package, and the corresponding dependency of python. (bsc#1157438)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues:
Security issue fixed:

• CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory (bsc#1152308).

• Update to Docker 19.03.5-ce (bsc#1158590).
• Update to Docker 19.03.3-ce (bsc#1153367).
• Update to Docker 19.03.2-ce (bsc#1150397).
• Fixed default installation such that --userns-remap=default works properly (bsc#1143349).
• Fixed nginx blocked by apparmor (bsc#1122469).

This update for python3 to version 3.6.10 fixes the following issues:

• CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).
• CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955).
• CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).

This update for python-jsonpatch fixes the following issues:

• Drop jsondiff binary to avoid conflict with python-jsondiff package.

This update for libssh fixes the following issues:

• CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095).

This update for procps fixes the following issues:

• Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830)

This update for cloud-init fixes the following issues:

• Fixed an issue where it was not possible to add SSH keys and thus it was not possible to log into the system (bsc#1161132, bsc#1161133)
• Fixes an issue where the IPv6 interface variable was not correctly set in an ifcfg file (bsc#1156139)
• The route's destination network will now be written in CIDR notation. This provides support for correctly recording IPv6 routes (bsc#1155376)
• Many smaller fixes came with this package as well. For a full list of all changes, refer to the rpm's changes file.

This update for aaa_base fixes the following issues:

• Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794)
• Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970)

This update for glibc fixes the following issues:
Security issue fixed:

• CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292).

• Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893).
• Fixed Hardware support in toolchain (bsc#1151582).
• Fixed syscalls during early process initialization (SLE-8348).
• Fixed an array overflow in backtrace for PowerPC (bsc#1158996).
• Moved to posix_spawn on popen (bsc#1149332).

This update for e2fsprogs fixes the following issues:

• CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571).

This update for p11-kit fixes the following issues:

• Also build documentation (bsc#1013125)

This update for dmidecode fixes the following issues:

• Add enumerated values from SMBIOS 3.3.0 preventing incorrect report of new VGA card. (bsc#1153533, bsc#1158833, jsc#SLE-10875)
• Only scan '/dev/mem' for entry point on x86 (fixes reboot on ARM64).
• Fix formatting of TPM table output (missing newlines).
• Fix displaying system slot information for PCIe SSD.

This update for systemd fixes the following issues:

• CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages.

• Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683)

• libblkid: open device in nonblock mode. (bsc#1084671)
• udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256)
• bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386)
• fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814)
• fileio: initialize errno to zero before we do fread()
• fileio: try to read one byte too much in read_full_stream()
• logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485)
• logind: never elect a session that is stopping as display

• journal: include kmsg lines from the systemd process which exec()d us (#8078)
• udevd: don't use monitor after manager_exit()
• udevd: capitalize log messages in on_sigchld()
• udevd: merge conditions to decrease indentation
• Revert 'udevd: fix crash when workers time out after exit is signal caught'
• core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482)
• udevd: fix crash when workers time out after exit is signal caught
• udevd: wait for workers to finish when exiting (bsc#1106383)

• Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457)

• networkd: VXLan Make group and remote variable separate (bsc#1156213)
• networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213)
• fs-util: let's avoid unnecessary strerror()
• fs-util: introduce inotify_add_watch_and_warn() helper
• ask-password: improve log message when inotify limit is reached (bsc#1155574)
• shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377)
• man: alias names can't be used with enable command (bsc#1151377)

• Add boot option to not use swap at system start (jsc#SLE-7689)

• Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920)

This update for openldap2 provides the following fix:

• Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921)

This update for python-rpm-macros fixes the following issues:

• Add macros related to the Python dist metadata dependency generator. (bsc#1161770)

This update for lmdb fixes the following issues:

• Fix assert in LMBD during 'mdb_page_search_root'. (bsc#1159086).

This update for docker-runc fixes the following issues:

• CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452).

This update for sudo fixes the following issues:
Security issue fixed:

• CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202).

• Fixed an issue where sudo -l would ask for a password even though `listpw` was set to `never` (bsc#1162675).

This update for chrony fixes the following issues:

• Fix 'make check' builds made after 2019-12-20. Existing installations do not need to be updated as the bug only affects the test, but not chrony itself (bsc#1159840).

This update for libgcrypt fixes the following issues:

• ECDSA: Check range of coordinates (bsc#1161216)
• FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219]
• FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215]
• FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220]
• FIPS: keywrap gives incorrect results [bsc#1161218]
• FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337]

This update for xfsprogs fixes the following issues:

• Allow the filesystem utility xfs_io to suffix sizes with k,m,g for kilobytes, megabytes or gigabytes respectively. (bsc#1158630)
• Validate extent size hint parameters through libxfs to avoid output mismatch. (bsc#1158509)
• Fix for 'xfs_repair' not to fail recovery of orphaned shortform directories. (bsc#1158504)
• Fix for 'xfs_quota' to avoid false error reporting of project inheritance flag is not set. (bsc#1158758)

This update for python3 fixes the following issues:
Security issues fixed:

• CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825).
• CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367).

• If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423).

This update for perl fixes the following issues:

• Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039)

This update for aaa_base fixes the following issues:

• Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735)

This update for aws-cli, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized, python-boto3, python-botocore, python-s3transfer fixes the following issues:
python-aws-sam-translator was updated to 1.11.0 (bsc#1159018, jsc#PM-1507):
Upgrade to 1.11.0:
* Add ReservedConcurrentExecutions to globals * Fix ElasticsearchHttpPostPolicy resource reference * Support using AWS::Region in Ref and Sub * Documentation and examples updates * Add VersionDescription property to Serverless::Function * Update ServerlessRepoReadWriteAccessPolicy * Add additional template validation
Upgrade to 1.10.0:
* Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy * Add DynamoDBReconfigurePolicy * Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy * Add EKSDescribePolicy * Add SESBulkTemplatedCrudPolicy * Add FilterLogEventsPolicy * Add SSMParameterReadPolicy * Add SESEmailTemplateCrudPolicy * Add s3:PutObjectAcl to S3CrudPolicy * Add allow_credentials CORS option * Add support for AccessLogSetting and CanarySetting Serverless::Api properties * Add support for X-Ray in Serverless::Api * Add support for MinimumCompressionSize in Serverless::Api * Add Auth to Serverless::Api globals * Remove trailing slashes from APIGW permissions * Add SNS FilterPolicy and an example application * Add Enabled property to Serverless::Function event sources * Add support for PermissionsBoundary in Serverless::Function * Fix boto3 client initialization * Add PublicAccessBlockConfiguration property to S3 bucket resource * Make PAY_PER_REQUEST default mode for Serverless::SimpleTable * Add limited support for resolving intrinsics in Serverless::LayerVersion * SAM now uses Flake8 * Add example application for S3 Events written in Go * Updated several example applications
python-cfn-lint was added in version 0.21.4:

• Add upstream patch to fix EOL dates for lambda runtimes
• Add upstream patch to fix test_config_expand_paths test

• Rename to python-cfn-lint. This package has a python API, which is required by python-moto.