----------------------------------------- Version 1.0.0-OpenStack-Build1.2 2020-06-24T19:26:28 ----------------------------------------- Patch: SUSE-2018-1223 Released: Tue Jun 26 11:41:00 2018 Summary: Security update for gpg2 Severity: important References: 1096745,CVE-2018-12020 Description: This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745). ----------------------------------------- Patch: SUSE-2018-1327 Released: Tue Jul 17 08:07:24 2018 Summary: Security update for perl Severity: moderate References: 1096718,CVE-2018-12015 Description: This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) ----------------------------------------- Patch: SUSE-2018-1332 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Severity: moderate References: 1073299,1093392 Description: This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------- Patch: SUSE-2018-1333 Released: Tue Jul 17 09:03:21 2018 Summary: Recommended update for bind Severity: moderate References: 901577,965748 Description: This update for bind provides the following fix: - Fixed ldapdump to use a temporary pseudo nameserver that conforms to BIND's expected syntax. Prior versions would not work correctly with an LDAP backed DNS server. (bsc#965748) - Add SPF records in dnszone-schema file. (bsc#901577) ----------------------------------------- Patch: SUSE-2018-1334 Released: Tue Jul 17 09:06:41 2018 Summary: Recommended update for mozilla-nss Severity: moderate References: 1096515 Description: This update for mozilla-nss provides the following fixes: - Update to NSS 3.36.4 required by Firefox 60.0.2. (bsc#1096515) - Fix a problem that would cause connections to a server that was recently upgraded to TLS 1.3 to result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Use relro linker option. ----------------------------------------- Patch: SUSE-2018-1346 Released: Thu Jul 19 09:25:08 2018 Summary: Security update for glibc Severity: moderate References: 1082318,1092877,1094150,1094154,1094161,CVE-2017-18269,CVE-2018-11236,CVE-2018-11237 Description: This update for glibc fixes the following security issues: - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154). ----------------------------------------- Patch: SUSE-2018-1353 Released: Thu Jul 19 09:50:32 2018 Summary: Security update for e2fsprogs Severity: moderate References: 1009532,1038194,915402,918346,960273,CVE-2015-0247,CVE-2015-1572 Description: This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. ----------------------------------------- Patch: SUSE-2018-1362 Released: Thu Jul 19 12:47:33 2018 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1100415 Description: ca-certificates-mozilla was updated to the 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415) Following CAs were removed: * S-TRUST_Universal_Root_CA * TC_TrustCenter_Class_3_CA_II * TUeRKTRUST_Elektronik_Sertifika_Hizmet_Saglayicisi_H5 ----------------------------------------- Patch: SUSE-2018-1409 Released: Fri Jul 27 06:45:10 2018 Summary: Recommended update for systemd Severity: moderate References: 1039099,1083158,1088052,1091265,1093851,1095096,1095973,1098569 Description: This update for systemd provides the following fixes: - systemctl: Mask always reports the same unit names when different unknown units are passed. (bsc#1095973) - systemctl: Check the existence of all units, not just the first one. - scsi_id: Fix the prefix for pre-SPC inquiry reply. (bsc#1039099) - device: Make sure to always retroactively start device dependencies. (bsc#1088052) - locale-util: On overlayfs FTW_MOUNT causes nftw(3) to not list *any* files. - Fix pattern to detect distribution. - install: The 'user' and 'global' scopes are equivalent for user presets. (bsc#1093851) - install: Search for preset files in /run (#7715) - install: Consider globally enabled units as 'enabled' for the user. (bsc#1093851) - install: Consider non-Alias=/non-DefaultInstance= symlinks as 'indirect' enablement. - install: Only consider names in Alias= as 'enabling'. - udev: Whitelist mlx4_core locally-administered MAC addresses in the persistent rule generator. (bsc#1083158) - man: Updated systemd-analyze blame description for service-units with Type=simple. (bsc#1091265) - fileio: Support writing atomic files with timestamp. - fileio.c: Fix incorrect mtime - Drop runtime dependency on dracut, otherwise systemd pulls in tools to generate the initrd even in container/chroot installations that don't have a kernel. For environments where initrd matters, dracut should be pulled via a pattern. (bsc#1098569) - An update broke booting with encrypted partitions on NVMe (bsc#1095096) ----------------------------------------- Patch: SUSE-2018-1754 Released: Fri Aug 24 16:40:21 2018 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1104780 Description: This update for ca-certificates-mozilla fixes the following issues: Updated to the 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780) - removed server auth rights from following CAs: - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - removed CA - ComSign CA - new CA added: - GlobalSign ----------------------------------------- Patch: SUSE-2018-1756 Released: Fri Aug 24 17:12:55 2018 Summary: Recommended update for growpart Severity: moderate References: 1097455,1098681 Description: This update for growpart provides the following fix: - Support btrfs resize and handle ro setup in rootgrow. (bsc#1097455, bsc#1098681) ----------------------------------------- Patch: SUSE-2018-1760 Released: Fri Aug 24 17:14:53 2018 Summary: Recommended update for libtirpc Severity: moderate References: 1072183 Description: This update for libtirpc fixes the following issues: - rpcinfo: send RPC getport call as specified via parameter (bsc#1072183) ----------------------------------------- Patch: SUSE-2018-1775 Released: Tue Aug 28 12:40:50 2018 Summary: Recommended update for xfsprogs Severity: important References: 1089777,1105396 Description: This update for xfsprogs fixes the following issues: - avoid divide-by-zero when hardware reports optimal i/o size as 0 (bsc#1089777) - repair: shift inode back into place if corrupted by bad log replay (bsc#1105396). ----------------------------------------- Patch: SUSE-2018-1804 Released: Fri Aug 31 13:02:24 2018 Summary: Recommended update for docker Severity: moderate References: 1065609,1073877,1099277,1100727 Description: This update for docker fixes the following issues: - Build the client binary with -buildmode=pie to fix issues on POWER. (bsc#1100727) - Fix an issue where changed AppArmor profiles don't actually get applied on Docker daemon reboot. (bsc#1099277) - Update to AppArmor patch so that signal mediation also works for signals between in-container processes. (bsc#1073877) - Do not log incorrect warnings when attempting to inject non-existent host files. (bsc#1065609) ----------------------------------------- Patch: SUSE-2018-1999 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Severity: moderate References: 1071321 Description: This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------- Patch: SUSE-2018-2055 Released: Thu Sep 27 14:30:14 2018 Summary: Recommended update for openldap2 Severity: moderate References: 1089640 Description: This update for openldap2 provides the following fix: - Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640) ----------------------------------------- Patch: SUSE-2018-2138 Released: Thu Oct 4 15:52:15 2018 Summary: Recommended update for sudo Severity: low References: 1097643 Description: This update for sudo fixes the following issues: - fix permissions for /var/lib/sudo and /var/lib/sudo/ts (bsc#1097643) ----------------------------------------- Patch: SUSE-2018-2155 Released: Fri Oct 5 14:41:17 2018 Summary: Recommended update for ca-certificates Severity: moderate References: 1101470 Description: This update for ca-certificates fixes the following issues: - Changed 'openssl' requirement to 'openssl(cli)' (bsc#1101470) ----------------------------------------- Patch: SUSE-2018-2170 Released: Mon Oct 8 10:31:14 2018 Summary: Recommended update for python3 Severity: moderate References: 1107030 Description: This update for python3 fixes the following issues: - Add -fwrapv to OPTS, which is default for python3 for bugs which are caused by avoiding it. (bsc#1107030) ----------------------------------------- Patch: SUSE-2018-2177 Released: Tue Oct 9 09:00:13 2018 Summary: Recommended update for bash Severity: moderate References: 1095661,1095670,1100488 Description: This update for bash provides the following fixes: - Bugfix: Parse settings in inputrc for all screen TERM variables starting with 'screen.' (bsc#1095661) - Make the generation of bash.html reproducible. (bsc#1100488) - Use initgroups(3) instead of setgroups(2) to fix the usage of suid programs. (bsc#1095670) - Fix a problem that could cause hash table bash uses to store exit statuses from asynchronous processes to develop loops in circumstances involving long-running scripts that create and reap many processes. - Fix a problem that could cause the shell to loop if a SIGINT is received inside of a SIGINT trap handler. - Fix cases where a failing readline command (e.g., delete-char at the end of a line) can cause a multi-character key sequence to 'back up' and attempt to re-read some of the characters in the sequence. - Fix a problem when sourcing a file from an interactive shell, that setting the SIGINT handler to the default and typing ^C would cause the shell to exit. ----------------------------------------- Patch: SUSE-2018-2182 Released: Tue Oct 9 11:08:36 2018 Summary: Security update for libxml2 Severity: moderate References: 1088279,1102046,1105166,CVE-2018-14404,CVE-2018-14567,CVE-2018-9251 Description: This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) ----------------------------------------- Patch: SUSE-2018-2340 Released: Fri Oct 19 16:05:53 2018 Summary: Security update for fuse Severity: moderate References: 1101797,CVE-2018-10906 Description: This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) ----------------------------------------- Patch: SUSE-2018-2346 Released: Mon Oct 22 09:40:46 2018 Summary: Recommended update for logrotate Severity: moderate References: 1093617 Description: This update for logrotate provides the following fix: - Ensure the HOME environment variable is set to /root when logrotate is started via systemd. This allows mariadb to rotate its logs when the database has a root password defined. (bsc#1093617) ----------------------------------------- Patch: SUSE-2018-2370 Released: Mon Oct 22 14:02:01 2018 Summary: Recommended update for aaa_base Severity: moderate References: 1102310,1104531 Description: This update for aaa_base provides the following fixes: - Let bash.bashrc work even for (m)ksh. (bsc#1104531) - Fix an error at login if java system directory is empty. (bsc#1102310) ----------------------------------------- Patch: SUSE-2018-2412 Released: Tue Oct 23 17:28:04 2018 Summary: Recommended update for gettext-runtime Severity: moderate References: 1106843 Description: This update for gettext-runtime provides the following fix: - Reset the length of message string after a line has been removed to fix a crash in msgfmt when writing java source code and the .po file has a POT-Creation-Date header. (bsc#1106843) ----------------------------------------- Patch: SUSE-2018-2463 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Severity: moderate References: 1104700,1112310 Description: This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------- Patch: SUSE-2018-2485 Released: Fri Oct 26 12:38:01 2018 Summary: Recommended update for kmod Severity: moderate References: 1112928 Description: This update for kmod provides the following fixes: - Allow 'modprobe -c' print the status of 'allow_unsupported_modules' option. (bsc#1112928) ----------------------------------------- Patch: SUSE-2018-2486 Released: Fri Oct 26 12:38:27 2018 Summary: Recommended update for xfsprogs Severity: moderate References: 1105068 Description: This update for xfsprogs fixes the following issues: - Explictly disable systemd unit files for scrub (bsc#1105068). ----------------------------------------- Patch: SUSE-2018-2487 Released: Fri Oct 26 12:39:07 2018 Summary: Recommended update for glibc Severity: moderate References: 1102526 Description: This update for glibc fixes the following issues: - Fix build on aarch64 with binutils newer than 2.30. - Fix year 2039 bug for localtime with 64-bit time_t (bsc#1102526) ----------------------------------------- Patch: SUSE-2018-2550 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Severity: moderate References: 1113554 Description: This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------- Patch: SUSE-2018-2569 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Severity: moderate References: 1110700 Description: This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------- Patch: SUSE-2018-2595 Released: Wed Nov 7 11:14:42 2018 Summary: Security update for systemd Severity: important References: 1089761,1090944,1091677,1093753,1101040,1102908,1105031,1107640,1107941,1109197,1109252,1110445,1112024,1113083,1113632,1113665,1114135,991901,CVE-2018-15686,CVE-2018-15688 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - core: introduce systemd.early_core_pattern= kernel cmdline option - core: add missing 'continue' statement - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197) - emergency: make sure console password agents don't interfere with the emergency shell - man: document that 'nofail' also has an effect on ordering - journald: take leading spaces into account in syslog_parse_identifier - journal: do not remove multiple spaces after identifier in syslog message - syslog: fix segfault in syslog_parse_priority() - journal: fix syslog_parse_identifier() - install: drop left-over debug message (#6913) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. - Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761) - man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040) - systemctl: load unit if needed in 'systemctl is-active' (bsc#1102908) - core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944) - Enable or disable machines.target according to the presets (bsc#1107941) - cryptsetup: add support for sector-size= option (fate#325697) - nspawn: always use permission mode 555 for /sys (bsc#1107640) - Bugfix for a race condition between daemon-reload and other commands (bsc#1105031) - Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677) - Fix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901) - Does no longer adjust qgroups on existing subvolumes (bsc#1093753) - cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135) ----------------------------------------- Patch: SUSE-2018-2607 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Severity: low References: 1084812,1084842,1087550,1094222,1102564 Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------- Patch: SUSE-2018-2620 Released: Thu Nov 8 17:57:34 2018 Summary: Security update for libxkbcommon Severity: low References: 1105832,CVE-2018-15853,CVE-2018-15854,CVE-2018-15855,CVE-2018-15856,CVE-2018-15857,CVE-2018-15858,CVE-2018-15859,CVE-2018-15861,CVE-2018-15862,CVE-2018-15863,CVE-2018-15864 Description: This update for libxkbcommon to version 0.8.2 fixes the following issues: - Fix a few NULL-dereferences, out-of-bounds access and undefined behavior in the XKB text format parser. - CVE-2018-15853: Endless recursion could have been used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (bsc#1105832). - CVE-2018-15854: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (bsc#1105832). - CVE-2018-15855: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled (bsc#1105832). - CVE-2018-15856: An infinite loop when reaching EOL unexpectedly could be used by local attackers to cause a denial of service during parsing of crafted keymap files (bsc#1105832). - CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList could have been used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15858: Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled (bsc#1105832). - CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure (bsc#1105832). - CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers (bsc#1105832). - CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression (bsc#1105832). - CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created (bsc#1105832). ----------------------------------------- Patch: SUSE-2018-2641 Released: Mon Nov 12 20:39:30 2018 Summary: Recommended update for nfsidmap Severity: moderate References: 1098217 Description: This update for nfsidmap fixes the following issues: - Improve support for SAMBA with Active Directory. (bsc#1098217) ----------------------------------------- Patch: SUSE-2018-2742 Released: Thu Nov 22 13:28:36 2018 Summary: Recommended update for rpcbind Severity: moderate References: 969953 Description: This update for rpcbind fixes the following issues: - Fix tool stack buffer overflow aborting (bsc#969953) ----------------------------------------- Patch: SUSE-2018-2825 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Severity: important References: 1115640,CVE-2018-17953 Description: This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------- Patch: SUSE-2018-2861 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Severity: important References: 1103320,1115929,CVE-2018-19211 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------- Patch: SUSE-2018-2945 Released: Fri Dec 14 16:43:57 2018 Summary: Security update for tcpdump Severity: moderate References: 1117267,CVE-2018-19519 Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) ----------------------------------------- Patch: SUSE-2018-2984 Released: Wed Dec 19 11:32:39 2018 Summary: Security update for perl Severity: moderate References: 1114674,1114675,1114681,1114686,CVE-2018-18311,CVE-2018-18312,CVE-2018-18313,CVE-2018-18314 Description: This update for perl fixes the following issues: Secuirty issues fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). ----------------------------------------- Patch: SUSE-2018-2986 Released: Wed Dec 19 13:53:22 2018 Summary: Security update for libnettle Severity: moderate References: 1118086,CVE-2018-16869 Description: This update for libnettle fixes the following issues: Security issues fixed: - CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086) ----------------------------------------- Patch: SUSE-2018-3044 Released: Fri Dec 21 18:47:21 2018 Summary: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Severity: important References: 1097410,1106873,1119069,1119105,CVE-2018-0495,CVE-2018-12384,CVE-2018-12404,CVE-2018-12405,CVE-2018-17466,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498 Description: This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) ----------------------------------------- Patch: SUSE-2018-3064 Released: Fri Dec 28 18:39:08 2018 Summary: Security update for containerd, docker and go Severity: important References: 1047218,1074971,1080978,1081495,1084533,1086185,1094680,1095817,1098017,1102522,1104821,1105000,1108038,1113313,1113978,1114209,1118897,1118898,1118899,1119634,1119706,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2018-7187 Description: This update for containerd, docker and go fixes the following issues: containerd and docker: - Add backport for building containerd (bsc#1102522, bsc#1113313) - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) - Enable seccomp support on SLE12 (fate#325877) - Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) - Put containerd under the podruntime slice (bsc#1086185) - 3rd party registries used the default Docker certificate (bsc#1084533) - Handle build breakage due to missing 'export GOPATH' (caused by resolution of boo#1119634). I believe Docker is one of the only packages with this problem. go: - golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634) - Fix a regression that broke go get for import path patterns containing '...' (bsc#1119706) Additionally, the package go1.10 has been added. ----------------------------------------- Patch: SUSE-2019-23 Released: Mon Jan 7 16:30:33 2019 Summary: Security update for gpg2 Severity: moderate References: 1120346,CVE-2018-1000858 Description: This update for gpg2 fixes the following issue: Security issue fixed: - CVE-2018-1000858: Fixed a Cross Site Request Forgery(CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF (bsc#1120346). ----------------------------------------- Patch: SUSE-2019-44 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Severity: low References: 953659 Description: This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------- Patch: SUSE-2019-62 Released: Thu Jan 10 20:30:58 2019 Summary: Recommended update for xfsprogs Severity: moderate References: 1119063 Description: This update for xfsprogs fixes the following issues: - Fix root inode's parent when it's bogus for sf directory (xfs repair). (bsc#1119063) ----------------------------------------- Patch: SUSE-2019-82 Released: Fri Jan 11 17:16:48 2019 Summary: Recommended update for suse-build-key Severity: moderate References: 1044232 Description: This update for suse-build-key fixes the following issues: - Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232) ----------------------------------------- Patch: SUSE-2019-91 Released: Tue Jan 15 14:14:43 2019 Summary: Recommended update for mozilla-nss Severity: moderate References: 1090767,1121045,1121207 Description: This update for mozilla-nss fixes the following issues: - The hmac packages used in FIPS certification inadvertently removed in last update: re-added. (bsc#1121207) - Added 'Suggest:' for libfreebl3 and libsoftokn3 respective -hmac packages to avoid dependency issues during updates (bsc#1090767, bsc#1121045) ----------------------------------------- Patch: SUSE-2019-93 Released: Tue Jan 15 14:48:33 2019 Summary: Security update for wget Severity: important References: 1120382,CVE-2018-20483 Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2018-20483: Fixed an information disclosure through file metadata (bsc#1120382) ----------------------------------------- Patch: SUSE-2019-102 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Severity: moderate References: 1120402 Description: This update for timezone fixes the following issues: - Update 2018i: São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------- Patch: SUSE-2019-104 Released: Tue Jan 15 18:03:13 2019 Summary: Recommended update for chrony Severity: moderate References: 1117147 Description: This update for chrony fixes the following issues: - Generate chronyd sysconfig file. (bsc#1117147) ----------------------------------------- Patch: SUSE-2019-137 Released: Mon Jan 21 15:52:45 2019 Summary: Security update for systemd Severity: important References: 1005023,1045723,1076696,1080919,1093753,1101591,1111498,1114933,1117063,1119971,1120323,CVE-2018-16864,CVE-2018-16865,CVE-2018-16866,CVE-2018-6954 Description: This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498) - systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933) - systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723) - Fixed installation issue with /etc/machine-id during update (bsc#1117063) - btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) ----------------------------------------- Patch: SUSE-2019-147 Released: Wed Jan 23 17:57:31 2019 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1121446 Description: This update for ca-certificates-mozilla fixes the following issues: The package was updated to the 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446) Removed Root CAs: - AC Raiz Certicamara S.A. - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - Visa eCommerce Root Added Root CAs: - Certigna Root CA (email and server auth) - GTS Root R1 (server auth) - GTS Root R2 (server auth) - GTS Root R3 (server auth) - GTS Root R4 (server auth) - OISTE WISeKey Global Root GC CA (email and server auth) - UCA Extended Validation Root (server auth) - UCA Global G2 Root (email and server auth) ----------------------------------------- Patch: SUSE-2019-170 Released: Fri Jan 25 13:43:29 2019 Summary: Recommended update for kmod Severity: moderate References: 1118629 Description: This update for kmod fixes the following issues: - Fixes module dependency file corruption on parallel invocation (bsc#1118629). - Allows 'modprobe -c' to print the status of 'allow_unsupported_modules' option. ----------------------------------------- Patch: SUSE-2019-215 Released: Thu Jan 31 15:59:57 2019 Summary: Security update for python3 Severity: important References: 1120644,1122191,CVE-2018-20406,CVE-2019-5010 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) ----------------------------------------- Patch: SUSE-2019-247 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Severity: moderate References: 1123043,CVE-2019-6706 Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------- Patch: SUSE-2019-273 Released: Wed Feb 6 16:48:18 2019 Summary: Security update for MozillaFirefox Severity: important References: 1119069,1120374,1122983,CVE-2018-12404,CVE-2018-18500,CVE-2018-18501,CVE-2018-18505 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issues fixed: - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: - Update to MozillaFirefox ESR 60.5.0 - Update to mozilla-nss 3.41.1 ----------------------------------------- Patch: SUSE-2019-286 Released: Thu Feb 7 13:45:27 2019 Summary: Security update for docker Severity: moderate References: 1001161,1112980,1115464,1118897,1118898,1118899,1118990,1121412,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875 Description: This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues: Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: - CVE-2018-16873: cmd/go: remote command execution during 'go get -u' (bsc#1118897) - CVE-2018-16874: cmd/go: directory traversal in 'go get' via curly braces in import paths (bsc#1118898) - CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899) Non-security issues fixed for docker: - Disable leap based builds for kubic flavor (bsc#1121412) - Allow users to explicitly specify the NIS domainname of a container (bsc#1001161) - Update docker.service to match upstream and avoid rlimit problems (bsc#1112980) - Allow docker images larger then 23GB (bsc#1118990) - Docker version update to version 18.09.0-ce (bsc#1115464) ----------------------------------------- Patch: SUSE-2019-362 Released: Wed Feb 13 13:31:56 2019 Summary: Security update for docker-runc Severity: important References: 1121967,CVE-2019-5736 Description: This update for docker-runc fixes the following issues: Security issue fixed: - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) ----------------------------------------- Patch: SUSE-2019-369 Released: Wed Feb 13 14:01:42 2019 Summary: Recommended update for itstool Severity: moderate References: 1065270,1111019 Description: This update for itstool and python-libxml2-python fixes the following issues: Package: itstool - Updated version to support Python3. (bnc#1111019) Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270) ----------------------------------------- Patch: SUSE-2019-426 Released: Mon Feb 18 17:46:55 2019 Summary: Security update for systemd Severity: important References: 1117025,1121563,1122000,1123333,1123727,1123892,1124153,1125352,CVE-2019-6454 Description: This update for systemd fixes the following issues: - CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352) - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - logind: fix bad error propagation - login: log session state 'closing' (as well as New/Removed) - logind: fix borked r check - login: don't remove all devices from PID1 when only one was removed - login: we only allow opening character devices - login: correct comment in session_device_free() - login: remember that fds received from PID1 need to be removed eventually - login: fix FDNAME in call to sd_pid_notify_with_fds() - logind: fd 0 is a valid fd - logind: rework sd_eviocrevoke() - logind: check file is device node before using .st_rdev - logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153) - core: add a new sd_notify() message for removing fds from the FD store again - logind: make sure we don't trip up on half-initialized session devices (bsc#1123727) - fd-util: accept that kcmp might fail with EPERM/EACCES - core: Fix use after free case in load_from_path() (bsc#1121563) - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - core: free lines after reading them (bsc#1123892) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. ----------------------------------------- Patch: SUSE-2019-464 Released: Fri Feb 22 09:43:52 2019 Summary: Recommended update for xkeyboard-config Severity: moderate References: 1123784 Description: This update for xkeyboard-config fixes the following issues: - Fixes missing mappings for evdev keys KEY_RFKILL and KEY_WWAN. (bsc#1123784) ----------------------------------------- Patch: SUSE-2019-480 Released: Mon Feb 25 11:55:21 2019 Summary: Security update for supportutils Severity: important References: 1043311,1046681,1051797,1071545,1105849,1112461,1115245,1117776,1118460,1118462,1118463,1125609,1125666,CVE-2018-19637,CVE-2018-19638,CVE-2018-19639,CVE-2018-19640 Description: This update for supportutils fixes the following issues: Security issues fixed: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). Other issues fixed: - Fixed invalid exit code commands (bsc#1125666). - Included additional SUSE separation (bsc#1125609). - Merged added listing of locked packes by zypper. - Exclude pam.txt per GDPR by default (bsc#1112461). - Clarified -x functionality in supportconfig(8) (bsc#1115245). - udev service and provide the whole journal content in supportconfig (bsc#1051797). - supportconfig collects tuned profile settings (bsc#1071545). - sfdisk -d no disk device specified (bsc#1043311). - Added vulnerabilites status check in basic-health.txt (bsc#1105849). - Added only sched_domain from cpu0. - Blacklist sched_domain from proc.txt (bsc#1046681). - Added firewall-cmd info. - Add ls -lA --time-style=long-iso /etc/products.d/ - Dump lsof errors. - Added corosync status to ha_info. - Dump find errors in ib_info. ----------------------------------------- Patch: SUSE-2019-495 Released: Tue Feb 26 16:42:35 2019 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc Severity: important References: 1048046,1051429,1114832,1118897,1118898,1118899,1121967,1124308,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues: Security issues fixed: - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. ----------------------------------------- Patch: SUSE-2019-565 Released: Thu Mar 7 17:46:16 2019 Summary: Recommended update for supportutils Severity: moderate References: 1094225,1109664,1120049,1121043,1127063,1127069 Description: This update for supportutils fixes the following issues: - Dont show error if /proc/fb is not present (bsc#1127069) - Fixed issue where dasdview got called with wrong arguments (bsc#1109664) - Clarified -t argument description in help output (bsc#1121043) - Fixed grep error in NTP when /etc/cron.d is empty (bsc#1127063) - Collect systemd journal logs with minimum installation (bsc#1094225) - Fixed tar file generation (bsc#1120049) ----------------------------------------- Patch: SUSE-2019-570 Released: Thu Mar 7 17:50:46 2019 Summary: Recommended update for bind Severity: moderate References: 1094236 Description: This update for bind fixes the following issues: - Fixes dynamic DNS updates against samba and Microsoft DNS servers (bsc#1094236). ----------------------------------------- Patch: SUSE-2019-571 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------- Patch: SUSE-2019-641 Released: Tue Mar 19 13:17:28 2019 Summary: Recommended update for glibc Severity: moderate References: 1112570,1114984,1114993 Description: This update for glibc provides the following fixes: - Fix Haswell CPU string flags. (bsc#1114984) - Fix waiters-after-spinning case. (bsc#1114993) - Do not relocate absolute symbols. (bsc#1112570) - Add glibc-locale-base subpackage containing only C, C.UTF-8 and en_US.UTF-8 locales. (fate#326551) - Add HWCAP_ATOMICS to HWCAP_IMPORTANT (fate#325962) - Remove slow paths from math routines. (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882) ----------------------------------------- Patch: SUSE-2019-700 Released: Thu Mar 21 19:54:00 2019 Summary: Recommended update for cyrus-sasl Severity: moderate References: 1044840 Description: This update for cyrus-sasl provides the following fix: - Fix a problem that was causing syslog to be polluted with messages 'GSSAPI client step 1'. By server context the connection will be sent to the log function but the client content does not have log level information, so there is no way to stop DEBUG level logs. (bsc#1044840) ----------------------------------------- Patch: SUSE-2019-713 Released: Fri Mar 22 15:55:05 2019 Summary: Recommended update for glibc Severity: moderate References: 1063675,1126590 Description: This update for glibc fixes the following issues: - Add MAP_SYNC from Linux 4.15 (bsc#1126590) - Add MAP_SHARED_VALIDATE from Linux 4.15 (bsc#1126590) - nptl: Preserve error in setxid thread broadcast in coredumps (bsc#1063675, BZ #22153) ----------------------------------------- Patch: SUSE-2019-732 Released: Mon Mar 25 14:10:04 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1088524,1118364,1128246 Description: This update for aaa_base fixes the following issues: - Restore old position of ssh/sudo source of profile (bsc#1118364). - Update logic for JRE_HOME env variable (bsc#1128246) ----------------------------------------- Patch: SUSE-2019-788 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Severity: moderate References: 1119687,CVE-2018-20346 Description: This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------- Patch: SUSE-2019-790 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Severity: moderate References: 1130557 Description: This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------- Patch: SUSE-2019-791 Released: Thu Mar 28 12:06:50 2019 Summary: Security update for libnettle Severity: moderate References: 1129598 Description: This update for libnettle to version 3.4.1 fixes the following issues: Issues addressed and new features: - Updated to 3.4.1 (fate#327114 and bsc#1129598) - Fixed a missing break statements in the parsing of PEM input files in pkcs1-conv. - Fixed a link error on the pss-mgf1-test which was affecting builds without public key support. - All functions using RSA private keys are now side-channel silent. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. - Changes in behavior: The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. ----------------------------------------- Patch: SUSE-2019-858 Released: Wed Apr 3 15:50:37 2019 Summary: Recommended update for libtirpc Severity: moderate References: 1120689,1126096 Description: This update for libtirpc fixes the following issues: - Fix a yp_bind_client_create_v3: RPC: Unknown host error (bsc#1126096). - add an option to enforce connection via protocol version 2 first (bsc#1120689). ----------------------------------------- Patch: SUSE-2019-903 Released: Mon Apr 8 15:41:44 2019 Summary: Security update for glibc Severity: moderate References: 1100396,1122729,1130045,CVE-2016-10739 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729). Other issue fixed: - Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045). - Added new Japanese Era name support (bsc#1100396). ----------------------------------------- Patch: SUSE-2019-909 Released: Tue Apr 9 08:04:44 2019 Summary: Recommended update for chrony Severity: moderate References: 1129914 Description: This update for chrony fixes the following issues: - Fix ordering and dependencies of chronyd.service, so that it is started after name resolution is up (bsc#1129914). ----------------------------------------- Patch: SUSE-2019-925 Released: Wed Apr 10 16:32:50 2019 Summary: Security update for wget Severity: important References: 1131493,CVE-2019-5953 Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). ----------------------------------------- Patch: SUSE-2019-926 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 Description: This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------- Patch: SUSE-2019-966 Released: Wed Apr 17 12:20:13 2019 Summary: Recommended update for python-rpm-macros Severity: moderate References: 1128323 Description: This update for python-rpm-macros fixes the following issues: The Python RPM macros were updated to version 20190408.32abece, fixing bugs (bsc#1128323) * Add missing $ expansion on the pytest call * Rewrite pytest and pytest_arch into Lua macros with multiple arguments. * We should preserve existing PYTHONPATH. * Add --ignore to pytest calls to ignore build directories. * Actually make pytest into function to capture arguments as well * Add pytest definitions. * Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros. * Fix an issue with epoch printing having too many \ * add epoch while printing 'Provides:' ----------------------------------------- Patch: SUSE-2019-971 Released: Wed Apr 17 14:43:26 2019 Summary: Security update for python3 Severity: important References: 1129346,CVE-2019-9636 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). ----------------------------------------- Patch: SUSE-2019-1002 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Severity: moderate References: 1110304,1129576 Description: This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------- Patch: SUSE-2019-1034 Released: Thu Apr 25 13:39:50 2019 Summary: Recommended update for docker-runc Severity: important References: 1131314,1131553 Description: This update for docker-runc fixes the following issues: - Backport various upstream patches to fix some kernel regression related to O_TMPFILE. bsc#1131314 bsc#1131553 ----------------------------------------- Patch: SUSE-2019-1040 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------- Patch: SUSE-2019-1127 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 Description: This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------- Patch: SUSE-2019-1156 Released: Mon May 6 13:46:07 2019 Summary: Security update for python-Jinja2 Severity: important References: 1125815,1132174,1132323,CVE-2016-10745,CVE-2019-10906,CVE-2019-8341 Description: This update for python-Jinja2 to version 2.10.1 fixes the following issues: Security issues fixed: - CVE-2019-8341: Fixed a command injection in from_string() (bsc#1125815). - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323). ----------------------------------------- Patch: SUSE-2019-1160 Released: Mon May 6 14:24:31 2019 Summary: Recommended update for sg3_utils Severity: moderate References: 1005063,1069384,1131482,1133418,840054 Description: This update for sg3_utils fixes the following issues: - Update to version 1.44~763+19.1ed0757: * rescan-scsi-bus.sh: use LUN wildcard in idlist (bsc#1069384) * 40-usb-blacklist.rules: use ID_SCSI_INQUIRY (bsc#840054, bsc#1131482) * Changed versioning scheme (svn r763, pre-release of upstream 1.44, plus 16 SUSE patches, SUSE git commit b2fedfa) * 59-fc-wwpn-id.rules: fix rule syntax (bsc#1133418) - Spec file: add fc_wwpn_id to generate by-path links for fibrechannel (bsc#1005063) ----------------------------------------- Patch: SUSE-2019-1206 Released: Fri May 10 14:01:55 2019 Summary: Security update for bzip2 Severity: low References: 985657,CVE-2016-3189 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------- Patch: SUSE-2019-1234 Released: Tue May 14 18:31:52 2019 Summary: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork Severity: important References: 1114209,1114832,1118897,1118898,1118899,1121397,1121967,1123013,1128376,1128746,1134068,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736,CVE-2019-6486 Description: This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). ----------------------------------------- Patch: SUSE-2019-1312 Released: Wed May 22 12:19:12 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1096191 Description: This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) ----------------------------------------- Patch: SUSE-2019-1352 Released: Fri May 24 14:41:44 2019 Summary: Security update for python3 Severity: moderate References: 1130840,1133452,CVE-2019-9947 Description: This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452). ----------------------------------------- Patch: SUSE-2019-1364 Released: Tue May 28 10:51:38 2019 Summary: Security update for systemd Severity: moderate References: 1036463,1121563,1124122,1125352,1125604,1126056,1127557,1130230,1132348,1132400,1132721,1133506,1133509,CVE-2019-3842,CVE-2019-3843,CVE-2019-3844,CVE-2019-6454,SLE-5933 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). - CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). - CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: - logind: fix killing of scopes (bsc#1125604) - namespace: make MountFlags=shared work again (bsc#1124122) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - Do not automatically online memory on s390x (bsc#1127557) - Removed sg.conf (bsc#1036463) ----------------------------------------- Patch: SUSE-2019-1368 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Severity: important References: 1134524,CVE-2019-5021 Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------- Patch: SUSE-2019-1372 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Severity: moderate References: 1105435,CVE-2018-1000654 Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------- Patch: SUSE-2019-1383 Released: Thu May 30 08:11:26 2019 Summary: Recommended update for supportutils Severity: moderate References: 1081326,1088234,1100529,1120967,1125623,1132865,1133844,1134599 Description: This update for supportutils fixes the following issues: - Updated to version 3.1.3 + Uses SUSE FTP servers (bsc#1132865) + btrfs quota #43 + supportconfig: open-files: add file flags #44 + Merged etc_info: Add support for .cfg files in /etc dir #46 + Silence warning in rpm backup db collection path #47 + Set files in tarball to 660 instead of 600 #48 + SUSE separation finalized (bsc#1125623) + Default compression through xz, but -z forces bzip2 + Updated man pages (bsc#1088234) + Changed VAR_OPTION_BIN_TIMEOUT_SEC from 300 to 120 + Avoids some IO delays (bsc#1100529) + Corrected supported services help info for -U + Collects iSCSI Target information (bsc#1133844) + FTPES uses --ssl-reqd instead of depricated --ftp-ssl + Defaults to https FTP server uploads (bsc#1134599) - Updated to version 3.1.2 + Fixed missing sapconf and log (bsc#1081326) + Added timed_log_cmd to hwinfo and showmount commands (bsc#1120967) ----------------------------------------- Patch: SUSE-2019-1398 Released: Fri May 31 12:54:22 2019 Summary: Security update for libpng16 Severity: low References: 1100687,1121624,1124211,CVE-2018-13785,CVE-2019-7317 Description: This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687) ----------------------------------------- Patch: SUSE-2019-1407 Released: Mon Jun 3 13:33:51 2019 Summary: Security update for bind Severity: important References: 1104129,1126068,1126069,1133185,CVE-2018-5740,CVE-2018-5743,CVE-2018-5745,CVE-2019-6465 Description: This update for bind fixes the following issues: Security issues fixed: - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). ----------------------------------------- Patch: SUSE-2019-1457 Released: Tue Jun 11 10:09:14 2019 Summary: Security update for vim Severity: important References: 1137443,CVE-2019-12735 Description: This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). ----------------------------------------- Patch: SUSE-2019-1484 Released: Thu Jun 13 07:46:46 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1128383 Description: This update for e2fsprogs fixes the following issues: - Check and fix tails of all bitmap blocks (bsc#1128383) ----------------------------------------- Patch: SUSE-2019-1486 Released: Thu Jun 13 09:40:24 2019 Summary: Security update for elfutils Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 Description: This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) ----------------------------------------- Patch: SUSE-2019-1487 Released: Thu Jun 13 09:40:56 2019 Summary: Security update for python-requests Severity: moderate References: 1111622,CVE-2018-18074 Description: This update for python-requests to version 2.20.1 fixes the following issues: Security issue fixed: - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622). ----------------------------------------- Patch: SUSE-2019-1492 Released: Thu Jun 13 14:51:01 2019 Summary: Recommended update for libidn Severity: low References: 1132869 Description: This update for libidn fixes the following issue: - The missing libidn11-32bit compat library package was provided. (bsc#1132869) ----------------------------------------- Patch: SUSE-2019-1562 Released: Wed Jun 19 09:16:07 2019 Summary: Security update for docker Severity: moderate References: 1096726,CVE-2018-15664 Description: This update for docker fixes the following issues: Security issue fixed: - CVE-2018-15664: Fixed an issue which could make docker cp vulnerable to symlink-exchange race attacks (bsc#1096726). ----------------------------------------- Patch: SUSE-2019-1595 Released: Fri Jun 21 10:17:44 2019 Summary: Security update for dbus-1 Severity: important References: 1137832,CVE-2019-12749 Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). ----------------------------------------- Patch: SUSE-2019-1616 Released: Fri Jun 21 11:04:39 2019 Summary: Recommended update for rpcbind Severity: moderate References: 1134659 Description: This update for rpcbind fixes the following issues: - Change rpcbind locking path from /var/run/rpcbind.lock to /run/rpcbind.lock. (bsc#1134659) - Change the order of socket/service in the %postun scriptlet to avoid an error from rpcbind.socket when rpcbind is running during package update. ----------------------------------------- Patch: SUSE-2019-1627 Released: Fri Jun 21 11:15:11 2019 Summary: Recommended update for xfsprogs Severity: moderate References: 1073421,1122271,1129859 Description: This update for xfsprogs fixes the following issues: - xfs_repair: will now allow '/' in attribute names (bsc#1122271) - xfs_repair: will now allow zeroing of corrupt log (bsc#1073421) - enabdled offline (unmounted) filesystem geometry queries (bsc#1129859) ----------------------------------------- Patch: SUSE-2019-1631 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Severity: low References: 1135709 Description: This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------- Patch: SUSE-2019-1635 Released: Fri Jun 21 12:45:53 2019 Summary: Recommended update for krb5 Severity: moderate References: 1134217 Description: This update for krb5 provides the following fix: - Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap. (bsc#1134217) ----------------------------------------- Patch: SUSE-2019-1700 Released: Tue Jun 25 13:19:21 2019 Summary: Security update for libssh Severity: moderate References: 1134193 Description: This update for libssh fixes the following issue: Issue addressed: - Added support for new AES-GCM encryption types (bsc#1134193). ----------------------------------------- Patch: SUSE-2019-1804 Released: Wed Jul 10 10:40:44 2019 Summary: Security update for ruby-bundled-gems-rpmhelper, ruby2.5 Severity: important References: 1082007,1082008,1082009,1082010,1082011,1082014,1082058,1087433,1087434,1087436,1087437,1087440,1087441,1112530,1112532,1130028,1130611,1130617,1130620,1130622,1130623,1130627,1133790,CVE-2017-17742,CVE-2018-1000073,CVE-2018-1000074,CVE-2018-1000075,CVE-2018-1000076,CVE-2018-1000077,CVE-2018-1000078,CVE-2018-1000079,CVE-2018-16395,CVE-2018-16396,CVE-2018-6914,CVE-2018-8777,CVE-2018-8778,CVE-2018-8779,CVE-2018-8780,CVE-2019-8320,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323,CVE-2019-8324,CVE-2019-8325 Description: This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: - CVE-2019-8320: Delete directory using symlink when decompressing tar (bsc#1130627) - CVE-2019-8321: Escape sequence injection vulnerability in verbose (bsc#1130623) - CVE-2019-8322: Escape sequence injection vulnerability in gem owner (bsc#1130622) - CVE-2019-8323: Escape sequence injection vulnerability in API response handling (bsc#1130620) - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution (bsc#1130617) - CVE-2019-8325: Escape sequence injection vulnerability in errors (bsc#1130611) Ruby 2.5 was updated to 2.5.3: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives (bsc#1112532) - CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly (bsc#1112530) Ruby 2.5 was updated to 2.5.1: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434) - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441) - CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436) - CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433) - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440) - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437) - Multiple vulnerabilities in RubyGems were fixed: - CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058) - CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014) - CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011) - CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010) - CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009) - CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008) - CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007) Other changes: - Fixed Net::POPMail methods modify frozen literal when using default arg - ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790) - build with PIE support (bsc#1130028) Changes in ruby-bundled-gems-rpmhelper: - Add a new helper for bundled ruby gems. ----------------------------------------- Patch: SUSE-2019-1808 Released: Wed Jul 10 13:16:29 2019 Summary: Recommended update for libgcrypt Severity: moderate References: 1133808 Description: This update for libgcrypt fixes the following issues: - Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808 ----------------------------------------- Patch: SUSE-2019-1815 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Severity: moderate References: 1140016 Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------- Patch: SUSE-2019-1835 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Severity: moderate References: 1139937,CVE-2018-20843 Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------- Patch: SUSE-2019-1846 Released: Mon Jul 15 11:36:33 2019 Summary: Security update for bzip2 Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). ----------------------------------------- Patch: SUSE-2019-1853 Released: Mon Jul 15 16:03:36 2019 Summary: Recommended update for systemd Severity: moderate References: 1107617,1137053 Description: This update for systemd fixes the following issues: - conf-parse: remove 4K line length limit (bsc#1137053) - udevd: change the default value of udev.children-max (again) (bsc#1107617) - meson: stop creating enablement symlinks in /etc during installation (sequel) - Fixed build for openSUSE Leap 15+ - Make sure we don't ship any static enablement symlinks in /etc Those symlinks must only be created by the presets. There are no changes in practice since systemd/udev doesn't ship such symlinks in /etc but let's make sure no future changes will introduce new ones by mistake. ----------------------------------------- Patch: SUSE-2019-1869 Released: Wed Jul 17 14:03:20 2019 Summary: Security update for MozillaFirefox Severity: important References: 1140868,CVE-2019-11709,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11715,CVE-2019-11717,CVE-2019-11719,CVE-2019-11729,CVE-2019-11730,CVE-2019-9811 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases ----------------------------------------- Patch: SUSE-2019-1877 Released: Thu Jul 18 11:31:46 2019 Summary: Security update for glibc Severity: moderate References: 1117993,1123710,1127223,1127308,1131330,CVE-2009-5155,CVE-2019-9169 Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Does no longer compress debug sections in crt*.o files (bsc#1123710) - Fixes a concurrency problem in ldconfig (bsc#1117993) - Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) ----------------------------------------- Patch: SUSE-2019-1971 Released: Thu Jul 25 14:58:52 2019 Summary: Security update for libgcrypt Severity: moderate References: 1138939,CVE-2019-12904 Description: This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939). ----------------------------------------- Patch: SUSE-2019-1994 Released: Fri Jul 26 16:12:05 2019 Summary: Recommended update for libxml2 Severity: moderate References: 1135123 Description: This update for libxml2 fixes the following issues: - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123) ----------------------------------------- Patch: SUSE-2019-2001 Released: Fri Jul 26 18:09:41 2019 Summary: Recommended update for docker Severity: important References: 1138920 Description: This update for docker fixes the following issues: - Mark daemon.json as %config(noreplace) to not overwrite it during installation (bsc#1138920) ----------------------------------------- Patch: SUSE-2019-2004 Released: Mon Jul 29 13:01:59 2019 Summary: Security update for bzip2 Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------- Patch: SUSE-2019-2005 Released: Mon Jul 29 13:02:15 2019 Summary: Recommended update for cloud-init Severity: moderate References: 1116767,1119397,1121878,1123694,1125950,1125992,1126101,1132692,1136440 Description: This update for cloud-init fixes the following issues: - Fixes a bug where only the last defined route was written to the routes configuration file (bsc#1132692) - Fixes a bug where a new network rules file for network devices didn't apply immediately (bsc#1125950) - Improved the writing of route config files to avoid issues (bsc#1125992) - Fixes a bug where OpenStack instances where not detected on VIO (bsc#1136440) - Fixes a bug where IPv4 and IPv6 were not set up as default routes (bsc#1121878) - Added a fix to prevent the resolv.conf to be empty (bsc#1119397) - Uses now the proper name to designate IPv6 addresses in ifcfg-* files (bsc#1126101) - Fixes an issue where the ifroute-eth0 file got corrupted when cloning an existing instance (bsc#1123694) Some more fixes were included within the 19.1 update of cloud-init. Please refer to the package changelog for more details. ----------------------------------------- Patch: SUSE-2019-2006 Released: Mon Jul 29 13:02:49 2019 Summary: Security update for gpg2 Severity: important References: 1124847,1141093,CVE-2019-13050 Description: This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed a denial of service attacks via big keys (bsc#1141093). Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847) ----------------------------------------- Patch: SUSE-2019-2050 Released: Tue Aug 6 09:42:37 2019 Summary: Security update for python3 Severity: important References: 1094814,1138459,1141853,CVE-2018-20852,CVE-2019-10160 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Non-security issue fixed: - Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814). ----------------------------------------- Patch: SUSE-2019-2087 Released: Wed Aug 7 18:16:48 2019 Summary: Security update for tcpdump Severity: moderate References: 1068716,1142439,CVE-2017-16808,CVE-2019-1010220 Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439). - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716). ----------------------------------------- Patch: SUSE-2019-2096 Released: Fri Aug 9 06:57:23 2019 Summary: Recommended update for docker-img-store-setup Severity: moderate References: 1138201 Description: This update for docker-img-store-setup fixes the following issues: - Support creation of the container storage filesystem with XFS to use the overlay fs driver. (bsc#1138201) ----------------------------------------- Patch: SUSE-2019-2097 Released: Fri Aug 9 09:31:17 2019 Summary: Recommended update for libgcrypt Severity: important References: 1097073 Description: This update for libgcrypt fixes the following issues: - Fixed a regression where system were unable to boot in fips mode, caused by an incomplete implementation of previous change (bsc#1097073). ----------------------------------------- Patch: SUSE-2019-2117 Released: Tue Aug 13 14:56:55 2019 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Severity: important References: 1100331,1121967,1138920,1139649,1142160,1142413,1143409,CVE-2018-10892,CVE-2019-13509,CVE-2019-14271,CVE-2019-5736 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc: - Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). - Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd: - CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). - Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork: - Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). ----------------------------------------- Patch: SUSE-2019-2134 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Severity: moderate References: 1136717,1137624,1141059,SLE-5807 Description: This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------- Patch: SUSE-2019-2142 Released: Wed Aug 14 18:14:04 2019 Summary: Recommended update for mozilla-nspr, mozilla-nss Severity: moderate References: 1141322 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.45 (bsc#1141322) : * New function in pk11pub.h: PK11_FindRawCertsWithSubject * The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374) * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078). * Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579) * Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262) * Add IPSEC IKE support to softoken (bmo#1546229) * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616) * Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed. * Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime. mozilla-nspr was updated to version 4.21 * Changed prbit.h to use builtin function on aarch64. * Removed Gonk/B2G references. ----------------------------------------- Patch: SUSE-2019-2188 Released: Wed Aug 21 10:10:29 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1140647 Description: This update for aaa_base fixes the following issues: - Make systemd detection cgroup oblivious. (bsc#1140647) ----------------------------------------- Patch: SUSE-2019-2218 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Severity: moderate References: 1141883 Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------- Patch: SUSE-2019-2241 Released: Wed Aug 28 14:58:49 2019 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1144169 Description: This update for ca-certificates-mozilla fixes the following issues: ca-certificates-mozillawas updated to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169) Removed CAs: - Certinomis - Root CA Includes new root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) ----------------------------------------- Patch: SUSE-2019-2306 Released: Thu Sep 5 14:39:23 2019 Summary: Recommended update for parted Severity: moderate References: 1082318,1136245 Description: This update for parted fixes the following issues: - Included several minor bug fixes - for more details please refer to this rpm's changelog (bsc#1136245) - Installs the license file in the correct directory (bsc#1082318) ----------------------------------------- Patch: SUSE-2019-2307 Released: Thu Sep 5 14:45:08 2019 Summary: Security update for util-linux and shadow Severity: moderate References: 1081947,1082293,1085196,1106214,1121197,1122417,1125886,1127701,1135534,1135708,1141113,353876 Description: This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Prevent outdated pam files (bsc#1082293). - De-duplicate fstrim -A properly (bsc#1127701). - Do not trim read-only volumes (bsc#1106214). - Integrate pam_keyinit pam module to login (bsc#1081947). - Perform one-time reset of /etc/default/su (bsc#1121197). - Fix problems in reading of login.defs values (bsc#1121197) - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add RemainAfterExit=yes (bsc#1135534). - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - libmount: print a blacklist hint for 'unknown filesystem type' (jsc#SUSE-4085, fate#326832) - Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197). shadow: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Fix segfault in useradd during setting password inactivity period. (bsc#1141113) - Hardening for su wrappers (bsc#353876) ----------------------------------------- Patch: SUSE-2019-2332 Released: Mon Sep 9 10:17:16 2019 Summary: Security update for python-urllib3 Severity: moderate References: 1129071,1132663,1132900,CVE-2019-11236,CVE-2019-11324,CVE-2019-9740 Description: This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). ----------------------------------------- Patch: SUSE-2019-2361 Released: Thu Sep 12 07:54:54 2019 Summary: Recommended update for krb5 Severity: moderate References: 1081947,1144047 Description: This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------- Patch: SUSE-2019-2395 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 Description: This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------- Patch: SUSE-2019-2422 Released: Fri Sep 20 16:36:43 2019 Summary: Recommended update for python-urllib3 Severity: moderate References: 1150895 Description: This update for python-urllib3 fixes the following issues: - Add missing dependency on python-six (bsc#1150895) ----------------------------------------- Patch: SUSE-2019-2423 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1146866,SLE-9132 Description: This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------- Patch: SUSE-2019-2429 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Severity: moderate References: 1149429,CVE-2019-15903 Description: This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------- Patch: SUSE-2019-2494 Released: Mon Sep 30 16:22:20 2019 Summary: Recommended update for cloud-init Severity: important References: 1141969,1144363,1144881 Description: This update for cloud-init provides the following fixes: - Properly handle static routes. The EphemeralDHCP context manager did not parse or handle rfc3442 classless static routes which prevented reading datasource metadata in some clouds. (bsc#1141969) - The __str__ implementation no longer delivers the name of the interface, use the 'name' attribute instead to form a proper path in the sysfs tree. (bsc#1144363) - If no routes are set for a subnet but the subnet has a gateway specified, set the gateway as the default route for the interface. (bsc#1144881) ----------------------------------------- Patch: SUSE-2019-2517 Released: Wed Oct 2 10:49:20 2019 Summary: Security update for libseccomp Severity: moderate References: 1082318,1128828,1142614,CVE-2019-9893 Description: This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828) libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893): - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates libseccomp was updated to release 2.3.3: - Updated the syscall table for Linux v4.15-rc7 ----------------------------------------- Patch: SUSE-2019-2533 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Severity: moderate References: 1150137,CVE-2019-16168 Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------- Patch: SUSE-2019-2550 Released: Fri Oct 4 13:17:15 2019 Summary: Security update for bind Severity: important References: 1118367,1118368,1138687,CVE-2019-6471 Description: This update for bind fixes the following issues: Security issue fixed: - CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) Non-security issue fixed: - bind will no longer rely on /etc/insserv.conf (bsc#1118367, bsc#1118368) ----------------------------------------- Patch: SUSE-2019-2656 Released: Mon Oct 14 17:02:24 2019 Summary: Security update for sudo Severity: important References: 1153674,CVE-2019-14287 Description: This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). ----------------------------------------- Patch: SUSE-2019-2657 Released: Mon Oct 14 17:04:07 2019 Summary: Security update for dhcp Severity: moderate References: 1089524,1134078,1136572,CVE-2019-6470 Description: This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078). Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524). - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572). ----------------------------------------- Patch: SUSE-2019-2673 Released: Tue Oct 15 16:53:08 2019 Summary: Security update for libpcap Severity: important References: 1153332,CVE-2018-16301,CVE-2019-15165 Description: This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). ----------------------------------------- Patch: SUSE-2019-2674 Released: Tue Oct 15 16:53:28 2019 Summary: Security update for tcpdump Severity: important References: 1068716,1153098,1153332,CVE-2017-16808,CVE-2018-10103,CVE-2018-10105,CVE-2018-14461,CVE-2018-14462,CVE-2018-14463,CVE-2018-14464,CVE-2018-14465,CVE-2018-14466,CVE-2018-14467,CVE-2018-14468,CVE-2018-14469,CVE-2018-14470,CVE-2018-14879,CVE-2018-14880,CVE-2018-14881,CVE-2018-14882,CVE-2018-16227,CVE-2018-16228,CVE-2018-16229,CVE-2018-16230,CVE-2018-16300,CVE-2018-16301,CVE-2018-16451,CVE-2018-16452,CVE-2019-1010220,CVE-2019-15166,CVE-2019-15167 Description: This update for tcpdump fixes the following issues: - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098). - CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098). - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098). - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098). ----------------------------------------- Patch: SUSE-2019-2676 Released: Tue Oct 15 21:06:54 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1145716,1152101,CVE-2019-5094 Description: This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101) Non-security issue fixed: - libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716) ----------------------------------------- Patch: SUSE-2019-2681 Released: Tue Oct 15 22:01:40 2019 Summary: Recommended update for libdb-4_8 Severity: moderate References: 1148244 Description: This update for libdb-4_8 fixes the following issues: - Add off-page deadlock patch as found and documented by Red Hat. (bsc#1148244) ----------------------------------------- Patch: SUSE-2019-2693 Released: Wed Oct 16 16:43:30 2019 Summary: Recommended update for rpcbind Severity: moderate References: 1142343 Description: This update for rpcbind fixes the following issues: - Return correct IP address with multiple ip addresses in the same subnet. (bsc#1142343) ----------------------------------------- Patch: SUSE-2019-2722 Released: Mon Oct 21 11:14:20 2019 Summary: Recommended update for pciutils-ids Severity: moderate References: 1127840,1133581 Description: This is a version update for pciutils-ids to version 20190830 (bsc#1133581, bsc#1127840) ----------------------------------------- Patch: SUSE-2019-2730 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 Description: This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------- Patch: SUSE-2019-2757 Released: Wed Oct 23 17:21:17 2019 Summary: Security update for lz4 Severity: moderate References: 1153936,CVE-2019-17543 Description: This update for lz4 fixes the following issues: - CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). ----------------------------------------- Patch: SUSE-2019-2762 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Severity: moderate References: 1150451 Description: This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------- Patch: SUSE-2019-2777 Released: Thu Oct 24 16:13:20 2019 Summary: Recommended update for fipscheck Severity: moderate References: 1149792 Description: This update for fipscheck fixes the following issues: - Remove #include of unused fips.h to fix build with OpenSSL 1.1.1 (bsc#1149792) ----------------------------------------- Patch: SUSE-2019-2782 Released: Fri Oct 25 14:27:52 2019 Summary: Security update for nfs-utils Severity: moderate References: 1150733,CVE-2019-3689 Description: This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) ----------------------------------------- Patch: SUSE-2019-2786 Released: Fri Oct 25 15:56:35 2019 Summary: Security update for docker-runc Severity: moderate References: 1152308,CVE-2019-16884 Description: This update for docker-runc fixes the following issues: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) ----------------------------------------- Patch: SUSE-2019-2802 Released: Tue Oct 29 11:39:05 2019 Summary: Security update for python3 Severity: moderate References: 1149121,1149792,1149955,1151490,1153238,CVE-2019-16056,CVE-2019-16935,PM-1350,SLE-9426 Description: This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Non-security issues fixed: - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490) - Improved locale handling by implementing PEP 538. ----------------------------------------- Patch: SUSE-2019-2812 Released: Tue Oct 29 14:57:55 2019 Summary: Recommended update for systemd Severity: moderate References: 1139459,1140631,1145023,1150595,SLE-7687 Description: This update for systemd provides the following fixes: - Fix a problem that would cause invoking try-restart to an inactive service to hang when a daemon-reload is invoked before the try-restart returned. (bsc#1139459) - man: Add a note about _netdev usage. - units: Replace remote-cryptsetup-pre.target with remote-fs-pre.target. - units: Add [Install] section to remote-cryptsetup.target. - cryptsetup: Ignore _netdev, since it is used in generator. - cryptsetup-generator: Use remote-cryptsetup.target when _netdev is present. (jsc#SLE-7687) - cryptsetup-generator: Add a helper utility to create symlinks. - units: Add remote-cryptsetup.target and remote-cryptsetup-pre.target. - man: Add an explicit description of _netdev to systemd.mount(5). - man: Order fields alphabetically in crypttab(5). - man: Make crypttab(5) a bit easier to read. - units: Order cryptsetup-pre.target before cryptsetup.target. - Fix reporting of enabled-runtime units. - sd-bus: Deal with cookie overruns. (bsc#1150595) - rules: Add by-id symlinks for persistent memory. (bsc#1140631) - Buildrequire polkit so /usr/share/polkit-1/rules.d subdir can be only owned by polkit. (bsc#1145023) ----------------------------------------- Patch: SUSE-2019-2870 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1051143,1138869,1151023 Description: This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------- Patch: SUSE-2019-2891 Released: Mon Nov 4 17:47:10 2019 Summary: Security update for python-ecdsa Severity: moderate References: 1153165,1154217,CVE-2019-14853,CVE-2019-14859 Description: This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165). - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217). ----------------------------------------- Patch: SUSE-2019-2418 Released: Thu Nov 14 11:53:03 2019 Summary: Recommended update for bash Severity: moderate References: 1133773,1143055 Description: This update for bash fixes the following issues: - Rework patch readline-7.0-screen (bsc#1143055): map all 'screen(-xxx)?.yyy(-zzz)?' to 'screen' as well as map 'konsole(-xxx)?' and 'gnome(-xxx)?' to 'xterm' - Add a backport from bash 5.0 to perform better with large numbers of sub processes. (bsc#1133773) ----------------------------------------- Patch: SUSE-2019-2992 Released: Mon Nov 18 11:52:10 2019 Summary: Recommended update for supportutils Severity: moderate References: 1111029,1127734,1137336 Description: This update for supportutils fixes the following issues: - Removed LPM/DLPAR data for POWER. (bsc#1111029) - Prevent running 'systool -vb memory' by default on systems with 16TB or more. (bsc#1127734) - Added sed and gawk to spec requirements (bsc#1137336) ----------------------------------------- Patch: SUSE-2019-2997 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------- Patch: SUSE-2019-3018 Released: Wed Nov 20 12:48:21 2019 Summary: Recommended update for xkeyboard-config Severity: moderate References: 1153774 Description: This update for xkeyboard-config fixes the following issues: - Fix capslock in Old Hungarian layout (bsc#1153774) ----------------------------------------- Patch: SUSE-2019-3059 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Severity: moderate References: 1155199,CVE-2019-14866 Description: This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------- Patch: SUSE-2019-3061 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 Description: This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------- Patch: SUSE-2019-3070 Released: Tue Nov 26 12:39:29 2019 Summary: Recommended update for gpg2 Severity: low References: 1152755 Description: This update for gpg2 provides the following fix: - Remove a build requirement on self. This is causing Leap 15.2 bootstrap to fail. (bsc#1152755) ----------------------------------------- Patch: SUSE-2019-3086 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 Description: This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------- Patch: SUSE-2019-3087 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Severity: low References: 1123919 Description: This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------- Patch: SUSE-2019-3096 Released: Thu Nov 28 16:48:21 2019 Summary: Security update for cloud-init Severity: moderate References: 1099358,1129124,1136440,1142988,1144363,1151488,1154092,CVE-2019-0816 Description: This update for cloud-init to version 19.2 fixes the following issues: Security issue fixed: - CVE-2019-0816: Fixed the unnecessary extra ssh keys that were added to authorized_keys (bsc#1129124). Non-security issues fixed: - Short circuit the conditional for identifying the sysconfig renderer (bsc#1154092, bsc#1142988). - If /etc/resolv.conf is a symlink, break it. This will avoid netconfig from clobbering the changes cloud-init applied (bsc#1151488). ----------------------------------------- Patch: SUSE-2019-3118 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1154295 Description: This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------- Patch: SUSE-2019-3166 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1007715,1084934,1157278 Description: This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------- Patch: SUSE-2019-3173 Released: Wed Dec 4 20:22:45 2019 Summary: Recommended update for growpart, growpart-rootgrow Severity: moderate References: 1154357,ECO-550 Description: This update for growpart, growpart-rootgrow contains the following fixes: growpart: - Removed rootgrow sub-package as it is a standalone package now. (bsc#1154357, jsc#ECO-550) growpart-rootgrow: - Added growpart-rootgrow as a standalone package. (bsc#1154357, jsc#ECO-550) - Bump from version 1.0.0 to 1.0.1: - Fixed binary location in service unit file. ----------------------------------------- Patch: SUSE-2019-3240 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Severity: moderate References: 1154871 Description: This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------- Patch: SUSE-2019-3267 Released: Wed Dec 11 11:19:53 2019 Summary: Security update for libssh Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------- Patch: SUSE-2019-3392 Released: Fri Dec 27 13:33:29 2019 Summary: Security update for libgcrypt Severity: moderate References: 1148987,1155338,1155339,CVE-2019-13627 Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. ----------------------------------------- Patch: SUSE-2019-3395 Released: Mon Dec 30 14:05:06 2019 Summary: Security update for mozilla-nspr, mozilla-nss Severity: moderate References: 1141322,1158527,1159819,CVE-2018-18508,CVE-2019-11745,CVE-2019-17006 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. ----------------------------------------- Patch: SUSE-2020-9 Released: Thu Jan 2 12:33:47 2020 Summary: Recommended update for xfsprogs Severity: moderate References: 1157438 Description: This update for xfsprogs fixes the following issues: - Remove the 'xfs_scrub_all' script from the package, and the corresponding dependency of python. (bsc#1157438) ----------------------------------------- Patch: SUSE-2020-35 Released: Wed Jan 8 09:06:32 2020 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Severity: moderate References: 1122469,1143349,1150397,1152308,1153367,1158590,CVE-2019-16884 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory (bsc#1152308). Bug fixes: - Update to Docker 19.03.5-ce (bsc#1158590). - Update to Docker 19.03.3-ce (bsc#1153367). - Update to Docker 19.03.2-ce (bsc#1150397). - Fixed default installation such that --userns-remap=default works properly (bsc#1143349). - Fixed nginx blocked by apparmor (bsc#1122469). ----------------------------------------- Patch: SUSE-2020-114 Released: Thu Jan 16 10:11:52 2020 Summary: Security update for python3 Severity: important References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Description: This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). ----------------------------------------- Patch: SUSE-2020-119 Released: Thu Jan 16 15:42:39 2020 Summary: Recommended update for python-jsonpatch Severity: moderate References: 1160978 Description: This update for python-jsonpatch fixes the following issues: - Drop jsondiff binary to avoid conflict with python-jsondiff package. ----------------------------------------- Patch: SUSE-2020-129 Released: Mon Jan 20 09:21:13 2020 Summary: Security update for libssh Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------- Patch: SUSE-2020-225 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------- Patch: SUSE-2020-245 Released: Tue Jan 28 09:42:30 2020 Summary: Recommended update for cloud-init Severity: moderate References: 1155376,1156139,1157894,1161132,1161133 Description: This update for cloud-init fixes the following issues: - Fixed an issue where it was not possible to add SSH keys and thus it was not possible to log into the system (bsc#1161132, bsc#1161133) - Fixes an issue where the IPv6 interface variable was not correctly set in an ifcfg file (bsc#1156139) - The route's destination network will now be written in CIDR notation. This provides support for correctly recording IPv6 routes (bsc#1155376) - Many smaller fixes came with this package as well. For a full list of all changes, refer to the rpm's changes file. ----------------------------------------- Patch: SUSE-2020-256 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1157794,1160970 Description: This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------- Patch: SUSE-2020-262 Released: Thu Jan 30 11:02:42 2020 Summary: Security update for glibc Severity: moderate References: 1149332,1151582,1157292,1157893,1158996,CVE-2019-19126 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292). Bug fixes: - Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). - Fixed Hardware support in toolchain (bsc#1151582). - Fixed syscalls during early process initialization (SLE-8348). - Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - Moved to posix_spawn on popen (bsc#1149332). ----------------------------------------- Patch: SUSE-2020-265 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Severity: moderate References: 1160571,CVE-2019-5188 Description: This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------- Patch: SUSE-2020-279 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Severity: moderate References: 1013125 Description: This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------- Patch: SUSE-2020-325 Released: Wed Feb 5 14:57:02 2020 Summary: Recommended update for dmidecode Severity: moderate References: 1153533,1158833 Description: This update for dmidecode fixes the following issues: - Add enumerated values from SMBIOS 3.3.0 preventing incorrect report of new VGA card. (bsc#1153533, bsc#1158833, jsc#SLE-10875) - Only scan '/dev/mem' for entry point on x86 (fixes reboot on ARM64). - Fix formatting of TPM table output (missing newlines). - Fix displaying system slot information for PCIe SSD. ----------------------------------------- Patch: SUSE-2020-335 Released: Thu Feb 6 11:37:24 2020 Summary: Security update for systemd Severity: important References: 1084671,1092920,1106383,1133495,1151377,1154256,1155207,1155574,1156213,1156482,1158485,1159814,1161436,1162108,CVE-2019-20386,CVE-2020-1712 Description: This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485) - logind: never elect a session that is stopping as display - journal: include kmsg lines from the systemd process which exec()d us (#8078) - udevd: don't use monitor after manager_exit() - udevd: capitalize log messages in on_sigchld() - udevd: merge conditions to decrease indentation - Revert 'udevd: fix crash when workers time out after exit is signal caught' - core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) - udevd: fix crash when workers time out after exit is signal caught - udevd: wait for workers to finish when exiting (bsc#1106383) - Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457) - networkd: VXLan Make group and remote variable separate (bsc#1156213) - networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) - fs-util: let's avoid unnecessary strerror() - fs-util: introduce inotify_add_watch_and_warn() helper - ask-password: improve log message when inotify limit is reached (bsc#1155574) - shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) - man: alias names can't be used with enable command (bsc#1151377) - Add boot option to not use swap at system start (jsc#SLE-7689) - Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920) ----------------------------------------- Patch: SUSE-2020-339 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Severity: low References: 1158921 Description: This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) ----------------------------------------- Patch: SUSE-2020-340 Released: Thu Feb 6 13:03:56 2020 Summary: Recommended update for python-rpm-macros Severity: moderate References: 1161770 Description: This update for python-rpm-macros fixes the following issues: - Add macros related to the Python dist metadata dependency generator. (bsc#1161770) ----------------------------------------- Patch: SUSE-2020-375 Released: Fri Feb 7 17:30:25 2020 Summary: Security update for docker-runc Severity: moderate References: 1160452,CVE-2019-19921 Description: This update for docker-runc fixes the following issues: - CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452). ----------------------------------------- Patch: SUSE-2020-408 Released: Wed Feb 19 09:32:46 2020 Summary: Security update for sudo Severity: important References: 1162202,1162675,CVE-2019-18634 Description: This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Non-security issue fixed: - Fixed an issue where sudo -l would ask for a password even though `listpw` was set to `never` (bsc#1162675). ----------------------------------------- Patch: SUSE-2020-417 Released: Wed Feb 19 11:40:02 2020 Summary: Recommended update for chrony Severity: moderate References: 1159840 Description: This update for chrony fixes the following issues: - Fix 'make check' builds made after 2019-12-20. Existing installations do not need to be updated as the bug only affects the test, but not chrony itself (bsc#1159840). ----------------------------------------- Patch: SUSE-2020-451 Released: Tue Feb 25 10:50:35 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1155337,1161215,1161216,1161218,1161219,1161220 Description: This update for libgcrypt fixes the following issues: - ECDSA: Check range of coordinates (bsc#1161216) - FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219] - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215] - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220] - FIPS: keywrap gives incorrect results [bsc#1161218] - FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337] ----------------------------------------- Patch: SUSE-2020-462 Released: Tue Feb 25 11:49:30 2020 Summary: Recommended update for xfsprogs Severity: moderate References: 1158504,1158509,1158630,1158758 Description: This update for xfsprogs fixes the following issues: - Allow the filesystem utility xfs_io to suffix sizes with k,m,g for kilobytes, megabytes or gigabytes respectively. (bsc#1158630) - Validate extent size hint parameters through libxfs to avoid output mismatch. (bsc#1158509) - Fix for 'xfs_repair' not to fail recovery of orphaned shortform directories. (bsc#1158504) - Fix for 'xfs_quota' to avoid false error reporting of project inheritance flag is not set. (bsc#1158758) ----------------------------------------- Patch: SUSE-2020-467 Released: Tue Feb 25 12:00:39 2020 Summary: Security update for python3 Severity: moderate References: 1162224,1162367,1162423,1162825,CVE-2019-9674,CVE-2020-8492 Description: This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367). Non-security issue fixed: - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). ----------------------------------------- Patch: SUSE-2020-476 Released: Tue Feb 25 14:23:14 2020 Summary: Recommended update for perl Severity: moderate References: 1102840,1160039 Description: This update for perl fixes the following issues: - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) ----------------------------------------- Patch: SUSE-2020-480 Released: Tue Feb 25 17:38:22 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1160735 Description: This update for aaa_base fixes the following issues: - Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735) ----------------------------------------- Patch: SUSE-2020-498 Released: Wed Feb 26 17:59:44 2020 Summary: Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized Severity: moderate References: 1122669,1136184,1146853,1146854,1159018 Description: This update for aws-cli, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized, python-boto3, python-botocore, python-s3transfer fixes the following issues: python-aws-sam-translator was updated to 1.11.0 (bsc#1159018, jsc#PM-1507): Upgrade to 1.11.0: * Add ReservedConcurrentExecutions to globals * Fix ElasticsearchHttpPostPolicy resource reference * Support using AWS::Region in Ref and Sub * Documentation and examples updates * Add VersionDescription property to Serverless::Function * Update ServerlessRepoReadWriteAccessPolicy * Add additional template validation Upgrade to 1.10.0: * Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy * Add DynamoDBReconfigurePolicy * Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy * Add EKSDescribePolicy * Add SESBulkTemplatedCrudPolicy * Add FilterLogEventsPolicy * Add SSMParameterReadPolicy * Add SESEmailTemplateCrudPolicy * Add s3:PutObjectAcl to S3CrudPolicy * Add allow_credentials CORS option * Add support for AccessLogSetting and CanarySetting Serverless::Api properties * Add support for X-Ray in Serverless::Api * Add support for MinimumCompressionSize in Serverless::Api * Add Auth to Serverless::Api globals * Remove trailing slashes from APIGW permissions * Add SNS FilterPolicy and an example application * Add Enabled property to Serverless::Function event sources * Add support for PermissionsBoundary in Serverless::Function * Fix boto3 client initialization * Add PublicAccessBlockConfiguration property to S3 bucket resource * Make PAY_PER_REQUEST default mode for Serverless::SimpleTable * Add limited support for resolving intrinsics in Serverless::LayerVersion * SAM now uses Flake8 * Add example application for S3 Events written in Go * Updated several example applications python-cfn-lint was added in version 0.21.4: - Add upstream patch to fix EOL dates for lambda runtimes - Add upstream patch to fix test_config_expand_paths test - Rename to python-cfn-lint. This package has a python API, which is required by python-moto. Update to version 0.21.4: + Features * Include more resource types in W3037 + CloudFormation Specifications * Add Resource Type `AWS::CDK::Metadata` + Fixes * Uncap requests dependency in setup.py * Check Join functions have lists in the correct sections * Pass a parameter value for AutoPublishAlias when doing a Transform * Show usage examples when displaying the help Update to version 0.21.3 + Fixes * Support dumping strings for datetime objects when doing a Transform Update to version 0.21.2 + CloudFormation Specifications * Update CloudFormation specs to 3.3.0 * Update instance types from pricing API as of 2019.05.23 Update to version 0.21.1 + Features * Add `Info` logging capability and set the default logging to `NotSet` + Fixes * Only do rule logging (start/stop/time) when the rule is going to be called * Update rule E1019 to allow `Fn::Transform` inside a `Fn::Sub` * Update rule W2001 to not break when `Fn::Transform` inside a `Fn::Sub` * Update rule E2503 to allow conditions to be used and to not default to `network` load balancer when an object is used for the Load Balancer type Update to version 0.21.0 + Features * New rule E3038 to check if a Serverless resource includes the appropriate Transform * New rule E2531 to validate a Lambda's runtime against the deprecated dates * New rule W2531 to validate a Lambda's runtime against the EOL dates * Update rule E2541 to include updates to Code Pipeline capabilities * Update rule E2503 to include checking of values for load balancer attributes + CloudFormation Specifications * Update CloudFormation specs to 3.2.0 * Update instance types from pricing API as of 2019.05.20 + Fixes * Include setuptools in setup.py requires Update to version 0.20.3 + CloudFormation Specifications * Update instance types from pricing API as of 2019.05.16 + Fixes * Update E7001 to allow float/doubles for mapping values * Update W1020 to check pre-transformed Fn::Sub(s) to determine if a Sub is needed * Pin requests to be below or equal to 2.21.0 to prevent issues with botocore Update to version 0.20.2 + Features * Add support for List Parameter types + CloudFormation Specifications * Add allowed values for AWS::EC2 EIP, FlowLog, CustomerGateway, DHCPOptions, EC2Fleet * Create new property type for Security Group IDs or Names * Add new Lambda runtime environment for NodeJs 10.x * Move AWS::ServiceDiscovery::Service Health checks from Only One to Exclusive * Update Glue Crawler Role to take an ARN or a name * Remove PrimitiveType from MaintenanceWindowTarget Targets * Add Min/Max values for Load Balancer Ports to be between 1-65535 + Fixes * Include License file in the pypi package to help with downstream projects * Filter out dynamic references from rule E3031 and E3030 * Convert Python linting and Code Coverage from Python 3.6 to 3.7 Update to version 0.20.1 + Fixes * Update rule E8003 to support more functions inside a Fn::Equals Update to version 0.20.0 + Features * Allow a rule's exception to be defined in a resource's metadata * Add rule configuration capabilities * Update rule E3012 to allow for non strict property checking * Add rule E8003 to test Fn::Equals structure and syntax * Add rule E8004 to test Fn::And structure and syntax * Add rule E8005 to test Fn::Not structure and syntax * Add rule E8006 to test Fn::Or structure and syntax * Include Path to error in the JSON output * Update documentation to describe how to install cfn-lint from brew + CloudFormation Specifications * Update CloudFormation specs to version 3.0.0 * Add new region ap-east-1 * Add list min/max and string min/max for CloudWatch Alarm Actions * Add allowed values for EC2::LaunchTemplate * Add allowed values for EC2::Host * Update allowed values for Amazon MQ to include 5.15.9 * Add AWS::Greengrass::ResourceDefinition to GreenGrass supported regions * Add AWS::EC2::VPCEndpointService to all regions * Update AWS::ECS::TaskDefinition ExecutionRoleArn to be a IAM Role ARN * Patch spec files for SSM MaintenanceWindow to look for Target and not Targets * Update ManagedPolicyArns list size to be 20 which is the hard limit. 10 is the soft limit. + Fixes * Fix rule E3033 to check the string size when the string is inside a list * Fix an issue in which AWS::NotificationARNs was not a list * Add AWS::EC2::Volume to rule W3010 * Fix an issue with W2001 where SAM translate would remove the Ref to a parameter causing this error to falsely trigger * Fix rule W3010 to not error when the availability zone is 'all' Update to version 0.19.1 + Fixes * Fix core Condition processing to support direct Condition in another Condition * Fix the W2030 to check numbers against string allowed values Update to version 0.19.0 + Features * Add NS and PTR Route53 record checking to rule E3020 * New rule E3050 to check if a Ref to IAM Role has a Role path of '/' * New rule E3037 to look for duplicates in a list that doesn't support duplicates * New rule I3037 to look for duplicates in a list when duplicates are allowed + CloudFormation Specifications * Add Min/Max values to AWS::ElasticLoadBalancingV2::TargetGroup HealthCheckTimeoutSeconds * Add Max JSON size to AWS::IAM::ManagedPolicy PolicyDocument * Add allowed values for AWS::EC2 SpotFleet, TransitGateway, NetworkAcl NetworkInterface, PlacementGroup, and Volume * Add Min/max values to AWS::Budgets::Budget.Notification Threshold * Update RDS Instance types by database engine and license definitions using the pricing API * Update AWS::CodeBuild::Project ServiceRole to support Role Name or ARN * Update AWS::ECS::Service Role to support Role Name or ARN + Fixes * Update E3025 to support the new structure of data in the RDS instance type json * Update E2540 to remove all nested conditions from the object * Update E3030 to not do strict type checking * Update E3020 to support conditions nested in the record sets * Update E3008 to better handle CloudFormation sub stacks with different GetAtt formats Update to version 0.18.1 + CloudFormation Specifications * Update CloudFormation Specs to 2.30.0 * Fix IAM Regex Path to support more character types * Update AWS::Batch::ComputeEnvironment.ComputeResources InstanceRole to reference an InstanceProfile or GetAtt the InstanceProfile Arn * Allow VPC IDs to Ref a Parameter of type String + Fixes * Fix E3502 to check the size of the property instead of the parent object Update to version 0.18.0 + Features * New rule E3032 to check the size of lists * New rule E3502 to check JSON Object Size using definitions in the spec file * New rule E3033 to test the minimum and maximum length of a string * New rule E3034 to validate the min and max of a number * Remove Ebs Iops check from E2504 and use rule E3034 instead * Remove rule E2509 and use rule E3033 instead * Remove rule E2508 as it replaced by E3032 and E3502 * Update rule E2503 to check that there are at least two 2 Subnets or SubnetMappings for ALBs * SAM requirement upped to minimal version of 1.10.0 + CloudFormation Specifications * Extend specs to include: > `ListMin` and `ListMax` for the minimum and maximum size of a list > `JsonMax` to check the max size of a JSON Object > `StringMin` and `StringMax` to check the minimum and maximum length of a String > `NumberMin` and `NumberMax` to check the minimum and maximum value of a Number, Float, Long * Update State and ExecutionRoleArn to be required on AWS::DLM::LifecyclePolicy * Add AllowedValues for PerformanceInsightsRetentionPeriod for AWS::RDS::Instance * Add AllowedValues for the AWS::GuardDuty Resources * Add AllowedValues for AWS::EC2 VPC and VPN Resources * Switch IAM Instance Profiles for certain resources to the type that only takes the name * Add regex pattern for IAM Instance Profile when a name (not Arn) is used * Add regex pattern for IAM Paths * Add Regex pattern for IAM Role Arn * Update OnlyOne spec to require require at least one of Subnets or SubnetMappings with ELB v2 + Fixes * Fix serverless transform to use DefinitionBody when Auth is in the API definition * Fix rule W2030 to not error when checking SSM or List Parameters Update to version 0.17.1 + Features * Update rule E2503 to make sure NLBs don't have a Security Group configured + CloudFormation Specifications * Add all the allowed values of the `AWS::Glue` Resources * Update OnlyOne check for `AWS::CloudWatch::Alarm` to only `MetricName` or `Metrics` * Update Exclusive check for `AWS::CloudWatch::Alarm` for properties mixed with `Metrics` and `Statistic` * Update CloudFormation specs to 2.29.0 * Fix type with MariaDB in the AllowedValues * Update pricing information for data available on 2018.3.29 + Fixes * Fix rule E1029 to not look for a sub is needed when looking for iot strings in policies * Fix rule E2541 to allow for ActionId Versions of length 1-9 and meets regex `[0-9A-Za-z_-]+` * Fix rule E2532 to allow for `Parameters` inside a `Pass` action * Fix an issue when getting the location of an error in which numbers are causing an attribute error Update to version 0.17.0 + Features * Add new rule E3026 to validate Redis cluster settings including AutomaticFailoverEnabled and NumCacheClusters. Status: Released * Add new rule W3037 to validate IAM resource policies. Status: Experimental * Add new parameter `-e/--include-experimental` to allow for new rules in that aren't ready to be fully released + CloudFormation Specifications * Update Spec files to 2.28.0 * Add all the allowed values of the AWS::Redshift::* Resources * Add all the allowed values of the AWS::Neptune::* Resources * Patch spec to make AWS::CloudFront::Distribution.LambdaFunctionAssociation.LambdaFunctionARN required * Patch spec to make AWS::DynamoDB::Table AttributeDefinitions required + Fixes * Remove extra blank lines when there is no errors in the output * Add exception to rule E1029 to have exceptions for EMR CloudWatchAlarmDefinition * Update rule E1029 to allow for literals in a Sub * Remove sub checks from rule E3031 as it won't match in all cases of an allowed pattern regex check * Correct typos for errors in rule W1001 * Switch from parsing a template as Yaml to Json when finding an escape character * Fix an issue with SAM related to transforming templates with Serverless Application and Lambda Layers * Fix an issue with rule E2541 when non strings were used for Stage Names Update to version 0.16.0 + Features * Add rule E3031 to look for regex patterns based on the patched spec file * Remove regex checks from rule E2509 * Add parameter `ignore-templates` to allow the ignoring of templates when doing bulk linting + CloudFormation Specifications * Update Spec files to 2.26.0 * Add all the allowed values of the AWS::DirectoryService::* Resources * Add all the allowed values of the AWS::DynamoDB::* Resources * Added AWS::Route53Resolver resources to the Spec Patches of ap-southeast-2 * Patch the spec file with regex patterns * Add all the allowed values of the AWS::DocDb::* Resources + Fixes * Update rule E2504 to have '20000' as the max value * Update rule E1016 to not allow ImportValue inside of Conditions * Update rule E2508 to check conditions when providing limit checks on managed policies * Convert unicode to strings when in Py 3.4/3.5 and updating specs * Convert from `awslabs` to `aws-cloudformation` organization * Remove suppression of logging that was removed from samtranslator >1.7.0 and incompatibility with samtranslator 1.10.0 Update to version 0.15.0 + Features * Add scaffolding for arbitrary Match attributes, adding attributes for Type checks * Add rule E3024 to validate that ProvisionedThroughput is not specified with BillingMode PAY_PER_REQUEST + CloudFormation Specifications * Update Spec files to 2.24.0 * Update OnlyOne spec to have BlockDeviceMapping to include NoDevice with Ebs and VirtualName * Add all the allowed values of the AWS::CloudFront::* Resources * Add all the allowed values of the AWS::DAX::* Resources + Fixes * Update config parsing to use the builtin Yaml decoder * Add condition support for Inclusive E2521, Exclusive E2520, and AtLeastOne E2522 rules * Update rule E1029 to better check Resource strings inside IAM Policies * Improve the line/column information of a Match with array support Update to version 0.14.1 + CloudFormation Specifications * Update CloudFormation Specs to version 2.23.0 * Add allowed values for AWS::Config::* resources * Add allowed values for AWS::ServiceDiscovery::* resources * Fix allowed values for Apache MQ + Fixes * Update rule E3008 to not error when using a list from a custom resource * Support simple types in the CloudFormation spec * Add tests for the formatters Update to version 0.14.0 + Features * Add rule E3035 to check the values of DeletionPolicy * Add rule E3036 to check the values of UpdateReplacePolicy * Add rule E2014 to check that there are no REFs in the Parameter section * Update rule E2503 to support TLS on NLBs + CloudFormation Specifications * Update CloudFormation spec to version 2.22.0 * Add allowed values for AWS::Cognito::* resources + Fixes * Update rule E3002 to allow GetAtts to Custom Resources under a Condition Update to version 0.13.2 + Features * Introducing the cfn-lint logo! * Update SAM dependency version + Fixes * Fix CloudWatchAlarmComparisonOperator allowed values. * Fix typo resoruce_type_spec in several files * Better support for nested And, Or, and Not when processing Conditions Update to version 0.13.1 + CloudFormation Specifications * Add allowed values for AWS::CloudTrail::Trail resources * Patch spec to have AWS::CodePipeline::CustomActionType Version included + Fixes * Fix conditions logic to use AllowedValues when REFing a Parameter that has AllowedValues specified Update to version 0.13.0 + Features * New rule W1011 to check if a FindInMap is using the correct map name and keys * New rule W1001 to check if a Ref/GetAtt to a resource that exists when Conditions are used * Removed logic in E1011 and moved it to W1011 for validating keys * Add property relationships for AWS::ApplicationAutoScaling::ScalingPolicy into Inclusive, Exclusive, and AtLeastOne * Update rule E2505 to check the netmask bit * Include the ability to update the CloudFormation Specs using the Pricing API + CloudFormation Specifications * Update to version 2.21.0 * Add allowed values for AWS::Budgets::Budget * Add allowed values for AWS::CertificateManager resources * Add allowed values for AWS::CodePipeline resources * Add allowed values for AWS::CodeCommit resources * Add allowed values for EC2 InstanceTypes from pricing API * Add allowed values for RedShift InstanceTypes from pricing API * Add allowed values for MQ InstanceTypes from pricing API * Add allowed values for RDS InstanceTypes from pricing API + Fixes * Fixed README indentation issue with .pre-commit-config.yaml * Fixed rule E2541 to allow for multiple inputs/outputs in a CodeBuild task * Fixed rule E3020 to allow for a period or no period at the end of a ACM registration record * Update rule E3001 to support UpdateReplacePolicy * Fix a cli issue where `--template` wouldn't be used when a .cfnlintrc was in the same folder * Update rule E3002 and E1024 to support packaging of AWS::Lambda::LayerVersion content - Initial build + Version 0.12.1 Update to 0.9.1 * the prof plugin now uses cProfile instead of hotshot for profiling * skipped tests now include the user's reason in junit XML's message field * the prettyassert plugin mishandled multi-line function definitions * Using a plugin's CLI flag when the plugin is already enabled via config no longer errors * nose2.plugins.prettyassert, enabled with --pretty-assert * Cleanup code for EOLed python versions * Dropped support for distutils. * Result reporter respects failure status set by other plugins * JUnit XML plugin now includes the skip reason in its output Upgrade to 0.8.0: - List of changes is too long to show here, see https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst changes between 0.6.5 and 0.8.0 Update to 0.7.0: * Added parameterized_class feature, for parameterizing entire test classes (many thanks to @TobyLL for their suggestions and help testing!) * Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh; https://github.com/wolever/parameterized/issues/67) * Make sure that `setUp` and `tearDown` methods work correctly (#40) * Raise a ValueError when input is empty (thanks @danielbradburn; https://github.com/wolever/parameterized/pull/48) * Fix the order when number of cases exceeds 10 (thanks @ntflc; https://github.com/wolever/parameterized/pull/49) aws-cli was updated to version 1.16.223: For detailed changes see the changes entries: https://github.com/aws/aws-cli/blob/1.16.223/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.189/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.182/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.176/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.103/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.94/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.84/CHANGELOG.rst python-boto3 was updated to 1.9.213, python-botocore was updated to 1.9.188, and python-s3transfer was updated to 1.12.74, fixing lots of bugs and adding features (bsc#1146853, bsc#1146854) ----------------------------------------- Patch: SUSE-2020-503 Released: Wed Feb 26 19:29:07 2020 Summary: Recommended update for zypper-migration-plugin Severity: moderate References: 1100137,1107238 Description: This update for zypper-migration-plugin fixes the following issues: - Check if snapper is configured. (jsc#SLE-7752) - Fix for returning non-zero exit code if there are possible migrations, but none is mirrored on registration server. (bsc#1107238) - Check for closed stdin in salt by transactional-update. (bsc#1100137) ----------------------------------------- Patch: SUSE-2020-521 Released: Thu Feb 27 18:08:56 2020 Summary: Recommended update for c-ares Severity: moderate References: 1125306,1159006 Description: This update for c-ares fixes the following issues: c-ares version update to 1.15.0: * Add ares_init_options() configurability for path to resolv.conf file * Ability to exclude building of tools (adig, ahost, acountry) in CMake * Report ARES_ENOTFOUND for .onion domain names as per RFC7686 (bsc#1125306) * Apply the IPv6 server blacklist to all nameserver sources * Prevent changing name servers while queries are outstanding * ares_set_servers_csv() on failure should not leave channel in a bad state * getaddrinfo - avoid infinite loop in case of NXDOMAIN * ares_getenv - return NULL in all cases * implement ares_getaddrinfo - Fixed a regression in DNS results that contain both A and AAAA answers. - Add netcfg as the build requirement and runtime requirement. ----------------------------------------- Patch: SUSE-2020-525 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Severity: moderate References: 1164562 Description: This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------- Patch: SUSE-2020-566 Released: Tue Mar 3 09:14:05 2020 Summary: Recommended update for supportutils Severity: important References: 1023308,1089877,1145233,1154482,1156837,1162357,1162539 Description: This update for supportutils fixes the following issues: - Exclude /proc/pagetypeinfo as it can be an expensive operation on some systems (bsc#1162357). - Readded LPM/DLPAR data for power (bsc#1162539). - Strip trailing commas from process names #64 (bsc#1156837). - Dynamically select compression method (bsc#1145233). - Updated detailed unit information fix in systemd.txt (bsc#1023308). - Include IPv6 routes (bsc#1089877). - Removed root .snapshots directory from full file list (bsc#1154482). ----------------------------------------- Patch: SUSE-2020-572 Released: Tue Mar 3 13:25:41 2020 Summary: Recommended update for cyrus-sasl Severity: moderate References: 1162518 Description: This update for cyrus-sasl fixes the following issues: - Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) ----------------------------------------- Patch: SUSE-2020-573 Released: Tue Mar 3 13:37:28 2020 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1160160 Description: This update for ca-certificates-mozilla to 2.40 fixes the following issues: Updated to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160): Removed certificates: - Certplus Class 2 Primary CA - Deutsche Telekom Root CA 2 - CN=Swisscom Root CA 2 - UTN-USERFirst-Client Authentication and Email added certificates: - Entrust Root Certification Authority - G4 ----------------------------------------- Patch: SUSE-2020-597 Released: Thu Mar 5 15:24:09 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1164950 Description: This update for libgcrypt fixes the following issues: - FIPS: Run the self-tests from the constructor [bsc#1164950] ----------------------------------------- Patch: SUSE-2020-633 Released: Tue Mar 10 16:23:08 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1139939,1151023 Description: This update for aaa_base fixes the following issues: - get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939) - added '-h'/'--help' to the command old - change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues ----------------------------------------- Patch: SUSE-2020-655 Released: Thu Mar 12 13:17:03 2020 Summary: Recommended update for growpart Severity: moderate References: 1164736 Description: This update for growpart fixes the following issues: - Operation system disk is not automatically resized beyond 2TB on Azure hosts. (bsc#1164736) ----------------------------------------- Patch: SUSE-2020-668 Released: Fri Mar 13 10:48:58 2020 Summary: Security update for glibc Severity: moderate References: 1163184,1164505,1165784,CVE-2020-10029 Description: This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a potential overflow in on-stack buffer during range reduction (bsc#1165784). - Fixed an issue where pthread were not always locked correctly (bsc#1164505). - Document mprotect and introduce section on memory protection (bsc#1163184). ----------------------------------------- Patch: SUSE-2020-689 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-690 Released: Fri Mar 13 17:09:28 2020 Summary: Recommended update for suse-build-key Severity: moderate References: 1166334 Description: This update for suse-build-key fixes the following issues: - created a new security@suse.de communication key (bsc#1166334) ----------------------------------------- Patch: SUSE-2020-475 Released: Thu Mar 19 11:00:46 2020 Summary: Recommended update for systemd Severity: moderate References: 1160595 Description: This update for systemd fixes the following issues: - Remove TasksMax limit for both user and system slices (jsc#SLE-10123) - Backport IP filtering feature (jsc#SLE-7743 bsc#1160595) ----------------------------------------- Patch: SUSE-2020-729 Released: Thu Mar 19 14:44:22 2020 Summary: Recommended update for glibc Severity: moderate References: 1166106 Description: This update for glibc fixes the following issues: - Allow dlopen of filter object to work (bsc#1166106, BZ #16272) ----------------------------------------- Patch: SUSE-2020-737 Released: Fri Mar 20 13:47:16 2020 Summary: Recommended update for ruby2.5 Severity: important References: 1140844,1152990,1152992,1152994,1152995,1162396,1164804,CVE-2012-6708,CVE-2015-9251,CVE-2019-15845,CVE-2019-16201,CVE-2019-16254,CVE-2019-16255,CVE-2020-8130 Description: This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804). - CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990). - CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992). - CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995). - CVE-2012-6708: Fixed an XSS in JQuery - CVE-2015-9251: Fixed an XSS in JQuery - Fixed unit tests (bsc#1140844) - Removed some unneeded test files (bsc#1162396). ----------------------------------------- Patch: SUSE-2020-751 Released: Mon Mar 23 16:32:44 2020 Summary: Security update for cloud-init Severity: moderate References: 1162936,1162937,1163178,CVE-2020-8631,CVE-2020-8632 Description: This update for cloud-init fixes the following security issues: - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG (bsc#1162937). - CVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936). ----------------------------------------- Patch: SUSE-2020-777 Released: Tue Mar 24 18:07:52 2020 Summary: Recommended update for python3 Severity: moderate References: 1165894 Description: This update for python3 fixes the following issue: - Rename idle icons to idle3 in order to not conflict with python2 variant of the package (bsc#1165894) ----------------------------------------- Patch: SUSE-2020-793 Released: Wed Mar 25 15:16:00 2020 Summary: Recommended update for systemd Severity: moderate References: 1139459,1161262,1162108,1164717,1165579,CVE-2020-1712 Description: This update for systemd fixes the following issues: - manager: fix job mode when signalled to shutdown etc (bsc#1161262) - remove fallback for user/exit.target - dbus method Manager.Exit() does not start exit.target - do not install rescue.target for alt-↑ - %j/%J unit specifiers Added support for I/O scheduler selection with blk-mq (bsc#1165579, bsc#1164717). Added the udev 60-ssd-scheduler.rules: - This rules file which select the default IO scheduler for SSDs is being moved out from the git repo since this is not related to systemd or udev at all and is maintained by the kernel team. - core: coldplug possible nop_job (bsc#1139459) - Revert 'udev: use 'deadline' IO scheduler for SSD disks' - Fix typo in function name - polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it (bsc#1162108 CVE-2020-1712) - sd-bus: introduce API for re-enqueuing incoming messages - polkit: on async pk requests, re-validate action/details ----------------------------------------- Patch: SUSE-2020-820 Released: Tue Mar 31 13:02:22 2020 Summary: Security update for glibc Severity: important References: 1167631,CVE-2020-1752 Description: This update for glibc fixes the following issues: - CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution (bsc#1167631). ----------------------------------------- Patch: SUSE-2020-823 Released: Tue Mar 31 13:28:14 2020 Summary: Recommended update for parted Severity: moderate References: 1161783,1164260 Description: This update for parted fixes the following issue: - Make parted work with pmemXs devices. (bsc#1164260) - Fix for error when parted output size crashing parted in yast. (bsc#1161783) ----------------------------------------- Patch: SUSE-2020-846 Released: Thu Apr 2 07:24:07 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1164950,1166748,1167674 Description: This update for libgcrypt fixes the following issues: - FIPS: Remove an unneeded check in _gcry_global_constructor (bsc#1164950) - FIPS: Fix drbg to be threadsafe (bsc#1167674) - FIPS: Run self-tests from constructor during power-on [bsc#1166748] * Set up global_init as the constructor function: * Relax the entropy requirements on selftest. This is especially important for virtual machines to boot properly before the RNG is available: ----------------------------------------- Patch: SUSE-2020-848 Released: Thu Apr 2 11:24:38 2020 Summary: Recommended update for GeoIP Severity: moderate References: 1156194 Description: This update for GeoIP fixes the following issues: - Update README.SUSE with a description how to get the latest Geo IP data after the distribution changes. (jsc#SLE-11184, bsc#1156194, jsc#ECO-1405) ----------------------------------------- Patch: SUSE-2020-850 Released: Thu Apr 2 14:37:31 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1155350,1155357,1155360,1166880 Description: This update for mozilla-nss fixes the following issues: Added various fixes related to FIPS certification: * Use getrandom() to obtain entropy where possible. * Make DSA KAT FIPS compliant. * Use FIPS compliant hash when validating keypair. * Enforce FIPS requirements on RSA key generation. * Miscellaneous fixes to CAVS tests. * Enforce FIPS limits on how much data can be processed without rekeying. * Run self tests on library initialization in FIPS mode. * Disable non-compliant algorithms in FIPS mode (hashes and the SEED cipher). * Clear various temporary variables after use. * Allow MD5 to be used in TLS PRF. * Preferentially gather entropy from /dev/random over /dev/urandom. * Allow enabling FIPS mode consistently with NSS_FIPS environment variable. * Fix argument parsing bug in lowhashtest. ----------------------------------------- Patch: SUSE-2020-914 Released: Fri Apr 3 12:07:10 2020 Summary: Recommended update for btrfsprogs Severity: moderate References: 1131334,1158560 Description: This update for btrfsprogs fixes the following issue: - handling metadata created by a very old kernel. (bsc#1131334) - 'btrfs check' tool segfaulting. (bsc#1158560) ----------------------------------------- Patch: SUSE-2020-917 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-934 Released: Tue Apr 7 03:46:20 2020 Summary: Recommended update for wget Severity: moderate References: 1167919 Description: This update for wget fixes the following issues: wget was updated to 1.20.3, fixing various bugs, including: - Fix for wget ignoring domains with leading '.' in environment variable 'no_proxy'. (bsc#1167919) ----------------------------------------- Patch: SUSE-2020-935 Released: Tue Apr 7 03:46:39 2020 Summary: Recommended update for xfsprogs Severity: moderate References: 1158630,1167205,1167206 Description: This update for xfsprogs fixes the following issues: - xfs_quota: reformat commands in the manpage. (bsc#1167206) Reformat commands in the manpage so that fstest can check that each command is actually documented. - xfs_db: document missing commands. (bsc#1167205) Document the commands 'attr_set', 'attr_remove', 'logformat' in the manpage. - xfs_io: allow size suffixes for the copy_range command. (bsc#1158630) Allow the usage of size suffixes k,m,g for kilobytes, megabytes or gigabytes respectively for the copy_range command ----------------------------------------- Patch: SUSE-2020-948 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 Description: This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------- Patch: SUSE-2020-949 Released: Wed Apr 8 07:45:48 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1168669 Description: This update for mozilla-nss fixes the following issues: - Use secure_getenv() to avoid PR_GetEnvSecure() being called when NSPR is unavailable, resulting in an abort (bsc#1168669). ----------------------------------------- Patch: SUSE-2020-959 Released: Wed Apr 8 12:59:50 2020 Summary: Security update for python-PyYAML Severity: important References: 1165439,CVE-2020-1747 Description: This update for python-PyYAML fixes the following issues: - CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader (bsc#1165439). ----------------------------------------- Patch: SUSE-2020-961 Released: Wed Apr 8 13:34:06 2020 Summary: Recommended update for e2fsprogs Severity: moderate References: 1160979 Description: This update for e2fsprogs fixes the following issues: - e2fsck: clarify overflow link count error message (bsc#1160979) - ext2fs: update allocation info earlier in ext2fs_mkdir() (bsc#1160979) - ext2fs: implement dir entry creation in htree directories (bsc#1160979) - tests: add test to excercise indexed directories with metadata_csum (bsc#1160979) - tune2fs: update dir checksums when clearing dir_index feature (bsc#1160979) ----------------------------------------- Patch: SUSE-2020-967 Released: Thu Apr 9 11:41:53 2020 Summary: Security update for libssh Severity: moderate References: 1168699,CVE-2020-1730 Description: This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR (bsc#1168699). ----------------------------------------- Patch: SUSE-2020-979 Released: Mon Apr 13 15:42:59 2020 Summary: Recommended update for parted Severity: moderate References: 1168756 Description: This update for parted fixes the following issue: - fix null pointer dereference. (bsc#1168756) ----------------------------------------- Patch: SUSE-2020-995 Released: Wed Apr 15 08:30:39 2020 Summary: Security update for ruby2.5 Severity: moderate References: 1167244,1168938,CVE-2020-10663,CVE-2020-10933 Description: This update for ruby2.5 to version 2.5.8 fixes the following issues: - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (bsc#1167244). - CVE-2020-10933: Heap exposure vulnerability in the socket library (bsc#1168938). ----------------------------------------- Patch: SUSE-2020-1000 Released: Wed Apr 15 14:18:57 2020 Summary: Recommended update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager Severity: moderate References: 1014478,1054413,1140565,982804,999200 Description: This update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager fixes the following issues: The Azure python modules and client tool stack was updated to the 2020 state. Various other python modules were added and updated. - python-PyYAML was updated to 5.1.2. - python-humanfriendly was updated 4.16.1. ----------------------------------------- Patch: SUSE-2020-1037 Released: Mon Apr 20 10:49:39 2020 Summary: Recommended update for python-pytest Severity: low References: 1002895,1107105,1138666,1167732 Description: This update fixes the following issues: New python-pytest versions are provided. In Basesystem: - python3-pexpect: updated to 4.8.0 - python3-py: updated to 1.8.1 - python3-zipp: shipped as dependency in version 0.6.0 In Python2: - python2-pexpect: updated to 4.8.0 - python2-py: updated to 1.8.1 ----------------------------------------- Patch: SUSE-2020-1042 Released: Tue Apr 21 08:00:15 2020 Summary: Recommended update for supportutils Severity: important References: 1162539,1165475 Description: This update for supportutils fixes the following issues: - Replaced Novell with SUSE FTP servers (bsc#1165475) - Added missed Power collection (bsc#1162539) - Added core file validation (bsc#1166126) - Changed filename prefixes from nts_ to scc_ referencing the SUSE Customer Center (SLE-8702, SLE-6762) ----------------------------------------- Patch: SUSE-2020-1056 Released: Tue Apr 21 16:26:22 2020 Summary: Recommended update for cloud-init Severity: important References: 1099358,1144881,1145622,1148645,1163178,1165296 Description: This update for cloud-init contains the following fixes: - Update previous patches with the following additions: + In cases where the config contains 2 or more default gateway specifications for an interface only write the first default route, log warning message about skipped routes + Avoid writing invalid route specification if neither the network nor destination is specified in the route configuration + Still need to consider the 'network' configuration uption for the v1 config implementation. Fixes regression introduced with update from Wed Feb 12 19:30:42. + Add the default gateway to the ifroute config file when specified as part of the subnet configuration. (bsc#1165296) + Fix typo to properly extrakt provided netmask data (bsc#1163178, bsc#1165296) + Fix for default gateway and IPv6. (bsc#1144881) + Routes will be written if there is only a default gateway. (bsc#1148645) - BuildRequire pkgconfig(udev) instead of udev, which allow OS to shortcut through the -mini flavor. - Update to cloud-init 19.2. (bsc#1099358, bsc#1145622) ----------------------------------------- Patch: SUSE-2020-1061 Released: Wed Apr 22 10:45:41 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1169872 Description: This update for mozilla-nss fixes the following issues: - This implements API mechanisms for performing DSA and ECDSA hash-and-sign in a single call, which will be required in future FIPS cycles (bsc#1169872). - Always perform nssdbm checksumming on softoken load, even if nssdbm itself is not loaded. ----------------------------------------- Patch: SUSE-2020-1063 Released: Wed Apr 22 10:46:50 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1165539,1169569 Description: This update for libgcrypt fixes the following issues: This update for libgcrypt fixes the following issues: - FIPS: Switch the PCT to use the new signature operation (bsc#1165539) - FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC (bsc#1165539) - Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates. - Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569) ----------------------------------------- Patch: SUSE-2020-1112 Released: Fri Apr 24 16:44:20 2020 Summary: Recommended update for suse-build-key Severity: moderate References: 1170347 Description: This update for suse-build-key fixes the following issues: - add a /usr/share/container-keys/ directory for GPG based Container verification. - Add the SUSE build key as 'suse-container-key.asc'. (PM-1845 bsc#1170347) ----------------------------------------- Patch: SUSE-2020-1131 Released: Tue Apr 28 11:59:17 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1170571,1170572 Description: This update for mozilla-nss fixes the following issues: - FIPS: Add Softoken POSTs for new DSA and ECDSA hash-and-sign update functions. (bsc#1170571) - FIPS: Add pairwise consistency check for CKM_SHA224_RSA_PKCS. Remove ditto checks for CKM_RSA_PKCS, CKM_DSA and CKM_ECDSA, since these are served by the new CKM_SHA224_RSA_PKCS, CKM_DSA_SHA224, CKM_ECDSA_SHA224 checks. - FIPS: Replace bad attempt at unconditional nssdbm checksumming with a dlopen(), so it can be located consistently and perform its own self-tests. - FIPS: This fixes an instance of inverted logic due to a boolean being mistaken for a SECStatus, which caused key derivation to fail when the caller provided a valid subprime. ----------------------------------------- Patch: SUSE-2020-1175 Released: Tue May 5 08:33:43 2020 Summary: Recommended update for systemd Severity: moderate References: 1165011,1168076 Description: This update for systemd fixes the following issues: - Fix check for address to keep interface names stable. (bsc#1168076) - Fix for checking non-normalized WHAT for network FS. (bsc#1165011) - Allow to specify an arbitrary string for when vfs is used. (bsc#1165011) ----------------------------------------- Patch: SUSE-2020-1181 Released: Tue May 5 12:02:39 2020 Summary: Recommended update for pciutils-ids Severity: moderate References: 1170160 Description: This update for pciutils-ids fixes the following issues: - Update the PCI utilities database to 20200324. (bsc#1170160) ----------------------------------------- Patch: SUSE-2020-1182 Released: Tue May 5 12:06:55 2020 Summary: Recommended update for chrony Severity: moderate References: 1099272,1156884,1161119 Description: This update for chrony fixes the following issues: - Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272, bsc#1161119) - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. - Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE. (bsc#1156884, SLE-11424) - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. ----------------------------------------- Patch: SUSE-2020-1214 Released: Thu May 7 11:20:34 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1169944 Description: This update for libgcrypt fixes the following issues: - FIPS: libgcrypt: Fixed a double free in test_keys() on failed signature verification (bsc#1169944) ----------------------------------------- Patch: SUSE-2020-1219 Released: Thu May 7 17:10:42 2020 Summary: Security update for openldap2 Severity: important References: 1170771,CVE-2020-12243 Description: This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). ----------------------------------------- Patch: SUSE-2020-1226 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Severity: moderate References: 1149995,1152590,1167898 Description: This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------- Patch: SUSE-2020-1266 Released: Wed May 13 10:20:54 2020 Summary: Recommended update for jq Severity: moderate References: 1170838 Description: This update for jq fixes the following issues: jq was updated to version 1.6: * Destructuring Alternation * many new builtins (see docs) * Add support for ASAN and UBSAN * Make it easier to use jq with shebangs * Add $ENV builtin variable to access environment * Add JQ_COLORS env var for configuring the output colors * change: Calling jq without a program argument now always assumes '.' for the program, regardless of stdin/stdout * fix: Make sorting stable regardless of qsort. - Make jq depend on libjq1, so upgrading jq upgrades both ----------------------------------------- Patch: SUSE-2020-1294 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Severity: moderate References: 1154661,1169512,CVE-2019-18218 Description: This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------- Patch: SUSE-2020-1299 Released: Mon May 18 07:43:21 2020 Summary: Security update for libxml2 Severity: moderate References: 1159928,1161517,1161521,CVE-2019-19956,CVE-2019-20388,CVE-2020-7595 Description: This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2019-19956: Fixed a memory leak (bsc#1159928). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). ----------------------------------------- Patch: SUSE-2020-1303 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Severity: moderate References: 1169582 Description: This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------- Patch: SUSE-2020-1328 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Severity: moderate References: 1155271 Description: This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------- Patch: SUSE-2020-1342 Released: Tue May 19 13:27:31 2020 Summary: Recommended update for python3 Severity: moderate References: 1149955,1165894,CVE-2019-16056 Description: This update for python3 fixes the following issues: - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). ----------------------------------------- Patch: SUSE-2020-1348 Released: Wed May 20 11:37:41 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1170908 Description: This update for mozilla-nss fixes the following issues: The following issues are fixed: - Add AES Keywrap POST. - Accept EACCES in lieu of ENOENT when trying to access /proc/sys/crypto/fips_enabled (bsc#1170908). ----------------------------------------- Patch: SUSE-2020-1353 Released: Wed May 20 13:02:32 2020 Summary: Security update for freetype2 Severity: moderate References: 1079603,1091109,CVE-2018-6942 Description: This update for freetype2 to version 2.10.1 fixes the following issues: Security issue fixed: - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603). Non-security issues fixed: - Update to version 2.10.1 * The bytecode hinting of OpenType variation fonts was flawed, since the data in the `CVAR' table wasn't correctly applied. * Auto-hinter support for Mongolian. * The handling of the default character in PCF fonts as introduced in version 2.10.0 was partially broken, causing premature abortion of charmap iteration for many fonts. * If `FT_Set_Named_Instance' was called with the same arguments twice in a row, the function returned an incorrect error code the second time. * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug introduced in version 2.10.0). * Increased precision while computing OpenType font variation instances. * The flattening algorithm of cubic Bezier curves was slightly changed to make it faster. This can cause very subtle rendering changes, which aren't noticeable by the eye, however. * The auto-hinter now disables hinting if there are blue zones defined for a `style' (i.e., a certain combination of a script and its related typographic features) but the font doesn't contain any characters needed to set up at least one blue zone. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * A bunch of new functions has been added to access and process COLR/CPAL data of OpenType fonts with color-layered glyphs. * As a GSoC 2018 project, Nikhil Ramakrishnan completely overhauled and modernized the API reference. * The logic for computing the global ascender, descender, and height of OpenType fonts has been slightly adjusted for consistency. * `TT_Set_MM_Blend' could fail if called repeatedly with the same arguments. * The precision of handling deltas in Variation Fonts has been increased.The problem did only show up with multidimensional designspaces. * New function `FT_Library_SetLcdGeometry' to set up the geometry of LCD subpixels. * FreeType now uses the `defaultChar' property of PCF fonts to set the glyph for the undefined character at glyph index 0 (as FreeType already does for all other supported font formats). As a consequence, the order of glyphs of a PCF font if accessed with FreeType can be different now compared to previous versions. This change doesn't affect PCF font access with cmaps. * `FT_Select_Charmap' has been changed to allow parameter value `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT formats to access built-in cmaps that don't have a predefined `FT_Encoding' value. * A previously reserved field in the `FT_GlyphSlotRec' structure now holds the glyph index. * The usual round of fuzzer bug fixes to better reject malformed fonts. * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been removed.These two functions were public by oversight only and were never documented. * A new function `FT_Error_String' returns descriptions of error codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined. * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new functions limited to Adobe MultiMaster fonts to directly set and get the weight vector. - Enable subpixel rendering with infinality config: - Re-enable freetype-config, there is just too many fallouts. - Update to version 2.9.1 * Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). * CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage. * Emboldening of bitmaps didn't work correctly sometimes, showing various artifacts (bug introduced in version 2.8.1). * The auto-hinter script ranges have been updated for Unicode 11. No support for new scripts have been added, however, with the exception of Georgian Mtavruli. - freetype-config is now deprecated by upstream and not enabled by default. - Update to version 2.10.1 * The `ftmulti' demo program now supports multiple hidden axes with the same name tag. * `ftview', `ftstring', and `ftgrid' got a `-k' command line option to emulate a sequence of keystrokes at start-up. * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG file. * The bytecode debugger, `ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new `-d' command line option. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * The `ftdump' demo program has new options `-c' and `-C' to display charmaps in compact and detailed format, respectively. Option `-V' has been removed. * The `ftview', `ftstring', and `ftgrid' demo programs use a new command line option `-d' to specify the program window's width, height, and color depth. * The `ftview' demo program now displays red boxes for zero-width glyphs. * `ftglyph' has limited support to display fonts with color-layered glyphs.This will be improved later on. * `ftgrid' can now display bitmap fonts also. * The `ttdebug' demo program has a new option `-f' to select a member of a TrueType collection (TTC). * Other various improvements to the demo programs. - Remove 'Supplements: fonts-config' to avoid accidentally pulling in Qt dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is fundamental but ft2demos seldom installs by end users. only fonts-config maintainers/debuggers may use ft2demos along to debug some issues. - Update to version 2.9.1 * No changelog upstream. ----------------------------------------- Patch: SUSE-2020-1361 Released: Thu May 21 09:31:18 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1171872 Description: This update for libgcrypt fixes the following issues: - FIPS: RSA/DSA/ECC test_keys() print out debug messages only in debug mode (bsc#1171872) ----------------------------------------- Patch: SUSE-2020-1396 Released: Mon May 25 12:04:39 2020 Summary: Security update for zstd Severity: moderate References: 1082318,1133297 Description: This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------- Patch: SUSE-2020-1400 Released: Mon May 25 14:09:02 2020 Summary: Recommended update for glibc Severity: moderate References: 1162930 Description: This update for glibc fixes the following issues: - nptl: wait for pending setxid request also in detached thread. (bsc#1162930) ----------------------------------------- Patch: SUSE-2020-1404 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Severity: moderate References: 1138793,1166260 Description: This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------- Patch: SUSE-2020-1427 Released: Tue May 26 14:55:16 2020 Summary: Recommended update for docker-runc Severity: moderate References: 1168481 Description: This update for docker-runc contains the following fixes: - Backport upstream fix that enable access to /dev/null in containers. Resolves many issues with the implementation of the runc devices cgroup code. Removes some of the disruptive aspects of 'runc update'. (bsc#1168481) ----------------------------------------- Patch: SUSE-2020-1492 Released: Wed May 27 18:32:41 2020 Summary: Recommended update for python-rpm-macros Severity: moderate References: 1171561 Description: This update for python-rpm-macros fixes the following issue: - Update to version 20200207.5feb6c1 (bsc#1171561) * Do not write .pyc files for tests ----------------------------------------- Patch: SUSE-2020-1496 Released: Wed May 27 20:30:31 2020 Summary: Recommended update for python-requests Severity: low References: 1170175 Description: This update for python-requests fixes the following issues: - Fix for warnings 'test fails to build' for python http. (bsc#1170175) ----------------------------------------- Patch: SUSE-2020-1506 Released: Fri May 29 17:22:11 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1087982,1170527 Description: This update for aaa_base fixes the following issues: - Not all XTerm based emulators do have a terminfo entry. (bsc#1087982) - Better support of Midnight Commander. (bsc#1170527) ----------------------------------------- Patch: SUSE-2020-1532 Released: Thu Jun 4 10:16:12 2020 Summary: Security update for libxml2 Severity: moderate References: 1172021,CVE-2019-19956 Description: This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021). ----------------------------------------- Patch: SUSE-2020-1541 Released: Thu Jun 4 13:23:27 2020 Summary: Recommended update for pciutils Severity: moderate References: 1170554 Description: This update for pciutils fixes the following issues: - Fix lspci outputs when few of the VPD data fields are displayed as unknown. (bsc#1170554, ltc#185587) ----------------------------------------- Patch: SUSE-2020-1542 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Severity: moderate References: 1172055 Description: This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------- Patch: SUSE-2020-1551 Released: Mon Jun 8 09:31:41 2020 Summary: Security update for vim Severity: moderate References: 1172225,CVE-2019-20807 Description: This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225). ----------------------------------------- Patch: SUSE-2020-1558 Released: Mon Jun 8 10:36:32 2020 Summary: Recommended update for chrony Severity: moderate References: 1172113 Description: This update for chrony fixes the following issue: - Use iburst in the default pool statements to speed up initial synchronization. (bsc#1172113) ----------------------------------------- Patch: SUSE-2020-1657 Released: Thu Jun 18 10:49:53 2020 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Severity: moderate References: 1172377,CVE-2020-13401 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker was updated to 19.03.11-ce runc was updated to version 1.0.0-rc10 containerd was updated to version 1.2.13 - CVE-2020-13401: Fixed an issue where an attacker with CAP_NET_RAW capability, could have crafted IPv6 router advertisements, and spoof external IPv6 hosts, resulting in obtaining sensitive information or causing denial of service (bsc#1172377). ----------------------------------------- Patch: SUSE-2020-1677 Released: Thu Jun 18 18:16:39 2020 Summary: Security update for mozilla-nspr, mozilla-nss Severity: important References: 1159819,1169746,1171978,CVE-2019-17006,CVE-2020-12399 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53 - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 ----------------------------------------- Patch: SUSE-2020-1682 Released: Fri Jun 19 09:44:54 2020 Summary: Security update for perl Severity: important References: 1171863,1171864,1171866,1172348,CVE-2020-10543,CVE-2020-10878,CVE-2020-12723 Description: This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed a bad warning in features.ph (bsc#1172348). ----------------------------------------- Patch: SUSE-2020-1733 Released: Wed Jun 24 09:43:36 2020 Summary: Security update for curl Severity: important References: 1173026,1173027,CVE-2020-8169,CVE-2020-8177 Description: This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). - CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP redirect (bsc#1173026). ----------------------------------------- Version 1.0.0-OpenStack-Build1.3 2020-06-26T19:21:42 ----------------------------------------- Patch: SUSE-2020-1759 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Severity: moderate References: 1169357 Description: This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------- Patch: SUSE-2020-1760 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 Description: This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------- Version 1.0.0-OpenStack-Build2.4 2020-07-07T08:53:22 ----------------------------------------- Patch: SUSE-2018-1476 Released: Thu Aug 2 14:20:03 2018 Summary: Security update for cups Severity: moderate References: 1096405,1096406,1096407,1096408,CVE-2018-4180,CVE-2018-4181,CVE-2018-4182,CVE-2018-4183 Description: This update for cups fixes the following issues: The following security vulnerabilities were fixed: - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405) - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406) - CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407) - CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408) ----------------------------------------- Patch: SUSE-2018-2882 Released: Mon Dec 10 08:07:44 2018 Summary: Security update for cups Severity: important References: 1115750,CVE-2018-4700 Description: This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). ----------------------------------------- Patch: SUSE-2019-608 Released: Wed Mar 13 15:21:02 2019 Summary: Recommended update for cups Severity: moderate References: 1118118 Description: This update for cups fixes the following issues: - Fixed validation of UTF-8 filenames to avoid crashes (bsc#1118118) ----------------------------------------- Patch: SUSE-2019-2357 Released: Wed Sep 11 13:26:14 2019 Summary: Recommended update for lmdb Severity: moderate References: 1136132 Description: This update for lmdb fixes the following issues: - Fix occasional crash when freed pages landed on the dirty list twice (bsc#1136132). ----------------------------------------- Patch: SUSE-2019-3030 Released: Thu Nov 21 19:11:25 2019 Summary: Security update for cups Severity: important References: 1146358,1146359,CVE-2019-8675,CVE-2019-8696 Description: This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). ----------------------------------------- Patch: SUSE-2020-365 Released: Fri Feb 7 13:48:54 2020 Summary: Recommended update for lmdb Severity: moderate References: 1159086 Description: This update for lmdb fixes the following issues: - Fix assert in LMBD during 'mdb_page_search_root'. (bsc#1159086). ----------------------------------------- Patch: SUSE-2020-517 Released: Thu Feb 27 14:39:01 2020 Summary: Recommended update for cifs-utils Severity: moderate References: 1130528,1132087,1136031,1149164 Description: This update for cifs-utils fixes the following issues: Update cifs-utils 6.9; (bsc#1132087); (bsc#1136031). * follow SMB default version changes in the kernel. * adds fixes for Azure * new smbinfo utility - Fix double-free in mount.cifs; (bsc#1149164). ----------------------------------------- Patch: SUSE-2020-1083 Released: Thu Apr 23 11:31:23 2020 Summary: Security update for cups Severity: important References: 1168422,CVE-2020-3898 Description: This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). ----------------------------------------- Patch: SUSE-2020-1795 Released: Mon Jun 29 11:22:45 2020 Summary: Recommended update for lvm2 Severity: important References: 1172566 Description: This update for lvm2 fixes the following issues: - Fix potential data loss problem with LVM cache (bsc#1172566) ----------------------------------------- Patch: SUSE-2020-1821 Released: Thu Jul 2 08:39:34 2020 Summary: Recommended update for dracut Severity: moderate References: 1172807,1172816 Description: This update for dracut fixes the following issues: - 35network-legacy: Fix dual stack setups. (bsc#1172807) - 95iscsi: fix missing space when compiling cmdline args. (bsc#1172816) ----------------------------------------- Patch: SUSE-2020-1822 Released: Thu Jul 2 11:30:42 2020 Summary: Security update for python3 Severity: important References: 1173274,CVE-2020-14422 Description: This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). ----------------------------------------- Patch: SUSE-2020-1850 Released: Mon Jul 6 14:44:39 2020 Summary: Security update for mozilla-nss Severity: moderate References: 1168669,1173032,CVE-2020-12402 Description: This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032) - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). ----------------------------------------- Patch: SUSE-2020-1852 Released: Mon Jul 6 16:50:21 2020 Summary: Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts Severity: moderate References: 1169444 Description: This update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts fixes the following issues: Changes in fontforge: - Support transforming bitmap glyphs from python. (bsc#1169444) - Allow python-Sphinx >= 3 Changes in ttf-converter: - Update from version 1.0 to version 1.0.6: * ftdump is now shipped additionally as new dependency for ttf-converter * Standardize output when converting vector and bitmap fonts * Add more subfamilies fixes (bsc#1169444) * Add --family and --subfamily arguments to force values on those fields * Add parameters to fix glyph unicode values --fix-glyph-unicode : Try to fix unicode points and glyph names based on glyph names containing hexadecimal codes (like '$0C00', 'char12345' or 'uni004F') --replace-unicode-values: When passed 2 comma separated numbers a,b the glyph with an unicode value of a is replaced with the unicode value b. Can be used more than once. --shift-unicode-values: When passed 3 comma separated numbers a,b,c this shifts the unicode values of glyphs between a and b (both included) by adding c. Can be used more than once. * Add --bitmapTransform parameter to transform bitmap glyphs. (bsc#1169444) When used, all glyphs are modified with the transformation function and values passed as parameters. The parameter has three values separated by commas: fliph|flipv|rotate90cw|rotate90ccw|rotate180|skew|transmove,xoff,yoff * Add support to convert bitmap fonts (bsc#1169444) * Rename MediumItalic subfamily to Medium Italic * Show some more information when removing duplicated glyphs * Add a --force-monospaced argument instead of hardcoding font names * Convert `BoldCond` subfamily to `Bold Condensed` * Fixes for Monospaced fonts and force the Nimbus Mono L font to be Monospaced. (bsc#1169444 #c41) * Add a --version argument * Fix subfamily names so the converted font's subfamily match the original ones. (bsc#1169444 #c41) Changes in xorg-x11-fonts: - Use ttf-converter 1.0.6 to build an Italic version of cu12.pcf.gz in the converted subpackage - Include the subfamily in the filename of converted fonts - Use ttf-converter's new bitmap font support to convert Schumacher Clean and Schumacher Clean Wide (bsc#1169444 #c41) - Replace some unicode values in cu-pua12.pcf.gz to fix them - Shift some unicode values in arabic24.pcf.gz and cuarabic12.pcf.gz so glyphs don't pretend to be latin characters when they're not. - Don't distribute converted fonts with wrong unicode values in their glyphs. (bsc#1169444) Bitstream-Charter-*.otb, Cursor.ttf,Sun-OPEN-LOOK-*.otb, MUTT-ClearlyU-Devangari-Extra-Regular, MUTT-ClearlyU-Ligature-Wide-Regular, and MUTT-ClearlyU-Devanagari-Regular Changes in ghostscript-fonts: - Force the converted Nimbus Mono font to be monospaced. (bsc#1169444 #c41) Use the --force-monospaced argument of ttf-converter 1.0.3 ----------------------------------------- Patch: SUSE-2020-1856 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Severity: important References: 1172698,1172704,CVE-2020-8023 Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------- Version 1.0.4-OpenStack-Build1.4 2020-08-07T07:53:47 ----------------------------------------- Patch: SUSE-2020-1370 Released: Thu May 21 19:06:00 2020 Summary: Recommended update for systemd-presets-branding-SLE Severity: moderate References: 1171656 Description: This update for systemd-presets-branding-SLE fixes the following issues: Cleanup of outdated autostart services (bsc#1171656): - Remove acpid.service. acpid is only available on SLE via openSUSE backports. In openSUSE acpid.service is *not* autostarted. I see no reason why it should be on SLE. - Remove spamassassin.timer. This timer never seems to have existed. Instead spamassassin ships a 'sa-update.timer'. But it is not default-enabled and nobody ever complained about this. - Remove snapd.apparmor.service: This service was proactively added a year ago, but snapd didn't even make it into openSUSE yet. There's no reason to keep this entry unless snapd actually enters SLE which is not foreseeable. ----------------------------------------- Patch: SUSE-2020-1885 Released: Fri Jul 10 14:54:22 2020 Summary: Recommended update for cloud-init Severity: moderate References: 1170154,1171546,1171995 Description: This update for cloud-init contains the following fixes: - rsyslog warning, '~' is deprecated: (bsc#1170154) + replace deprecated syntax '& ~' by '& stop' for more information please see https://www.rsyslog.com/rsyslog-error-2307/. + Explicitly test for netconfig version 1 as well as 2. + Handle netconfig v2 device configurations (bsc#1171546, bsc#1171995) ----------------------------------------- Patch: SUSE-2020-1902 Released: Tue Jul 14 15:19:43 2020 Summary: Security update for xen Severity: important References: 1027519,1172205,1173376,1173377,1173378,1173380,CVE-2020-0543,CVE-2020-15563,CVE-2020-15565,CVE-2020-15566,CVE-2020-15567 Description: This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205). Additional upstream bug fixes (bsc#1027519) ----------------------------------------- Patch: SUSE-2020-1938 Released: Thu Jul 16 14:43:32 2020 Summary: Recommended update for libsolv, libzypp, zypper Severity: moderate References: 1169947,1170801,1172925,1173106 Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to: - Enable zstd compression support for sle15 zypper was updated to version 1.14.37: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) libzypp was updated to 17.24.0 - Fix core dump with corrupted history file (bsc#1170801) - Enable zchunk metadata download if libsolv supports it. - Better handling of the purge-kernels algorithm. (bsc#1173106) ----------------------------------------- Patch: SUSE-2020-1948 Released: Fri Jul 17 14:48:02 2020 Summary: Security update for ldb, samba Severity: important References: 1141320,1162680,1169095,1169521,1169850,1169851,1171437,1172307,1173159,1173160,1173161,1173359,1174120,CVE-2020-10700,CVE-2020-10704,CVE-2020-10730,CVE-2020-10745,CVE-2020-10760,CVE-2020-14303 Description: This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227). - Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307); - Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437); - Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521); Changes in ldb: - Update to version 2.0.12 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159). + ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + lib/ldb: add unit test for ldb_ldap internal code. - Update to version 2.0.11 + lib ldb: lmdb init var before calling mdb_reader_check. + lib ldb: lmdb clear stale readers on write txn start; (bso#14330). + ldb tests: Confirm lmdb free list handling ----------------------------------------- Patch: SUSE-2020-1950 Released: Fri Jul 17 17:16:21 2020 Summary: Recommended update for dracut Severity: moderate References: 1161573,1165828,1169997,1172807,1173560 Description: This update for dracut fixes the following issues: - Update to version 049.1+suse.152.g8506e86f: * 01fips: modprobe failures during manual module loading is not fatal. (bsc#bsc#1169997) * 91zipl: parse-zipl.sh: honor SYSTEMD_READY. (bsc#1165828) * 95iscsi: fix ipv6 target discovery. (bsc#1172807) * 35network-legacy: correct conditional for creating did-setup file. (bsc#1172807) - Update to version 049.1+suse.148.gc4a6c2dd: * 95fcoe: load 'libfcoe' module as a fallback. (bsc#1173560) * 99base: enable the initqueue in both 'dracut --add-device' and 'dracut --mount' cases. (bsc#1161573) ----------------------------------------- Patch: SUSE-2020-1952 Released: Fri Jul 17 17:35:24 2020 Summary: Recommended update for zypper-migration-plugin Severity: moderate References: 1171652 Description: This update for zypper-migration-plugin fixes the following issue: - Update from version 0.12.1580220831.7102be8 to version 0.12.1590748670.86b0749 * Make sure that all the release packages are installed. (bsc#1171652) ----------------------------------------- Patch: SUSE-2020-1953 Released: Sat Jul 18 03:06:11 2020 Summary: Recommended update for parted Severity: important References: 1164260 Description: This update for parted fixes the following issue: - fix support of NVDIMM (pmemXs) devices (bsc#1164260) ----------------------------------------- Patch: SUSE-2020-1954 Released: Sat Jul 18 03:07:15 2020 Summary: Recommended update for cracklib Severity: moderate References: 1172396 Description: This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. ----------------------------------------- Patch: SUSE-2020-1986 Released: Tue Jul 21 16:06:12 2020 Summary: Recommended update for openvswitch Severity: moderate References: 1172861,1172929 Description: This update for openvswitch fixes the following issues: - Preserve the old default OVS_USER_ID for users that removed the override at /etc/sysconfig/openvswitch. (bsc#1172861) - Fix possible changes of openvswitch configuration during upgrades. (bsc#1172929) ----------------------------------------- Patch: SUSE-2020-1987 Released: Tue Jul 21 17:02:15 2020 Summary: Recommended update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings Severity: important References: 1172477,1173336,1174011 Description: This update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings fixes the following issues: libsolv: - No source changes, just shipping it as an installer update (required by yast2-pkg-bindings). libzypp: - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) yast2-packager: - Handle variable expansion in repository name. (bsc#1172477) - Improve medium type detection, do not report Online medium when the /media.1/products file is missing in the repository, SMT does not mirror this file. (bsc#1173336) yast2-pkg-bindings: - Extensions to handle raw repository name. (bsc#1172477) ----------------------------------------- Patch: SUSE-2020-1989 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Severity: important References: 1173582 Description: This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------- Patch: SUSE-2020-2015 Released: Thu Jul 23 09:21:24 2020 Summary: Security update for qemu Severity: important References: 1172383,1172384,1172386,1172495,1172710,CVE-2020-10761,CVE-2020-13361,CVE-2020-13362,CVE-2020-13659,CVE-2020-13800 Description: This update for qemu to version 4.2.1 fixes the following issues: - CVE-2020-10761: Fixed a denial of service in Network Block Device (nbd) support infrastructure (bsc#1172710). - CVE-2020-13800: Fixed a denial of service possibility in ati-vga emulation (bsc#1172495). - CVE-2020-13659: Fixed a null pointer dereference possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172386). - CVE-2020-13362: Fixed an OOB access possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172383). - CVE-2020-13361: Fixed an OOB access possibility in ES1370 audio device emulation (bsc#1172384). ----------------------------------------- Patch: SUSE-2020-2018 Released: Thu Jul 23 09:35:42 2020 Summary: Recommended update for apparmor Severity: moderate References: 1172040 Description: This update for apparmor fixes the following issues: - Add 'UI_Showfile' so Yast shows the profile correctly. (bsc#1172040) ----------------------------------------- Patch: SUSE-2020-2074 Released: Wed Jul 29 18:59:46 2020 Summary: Security update for grub2 Severity: important References: 1168994,1173812,1174463,1174570,CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer - Use grub_calloc for overflow check and return NULL when it would occur ----------------------------------------- Patch: SUSE-2020-2083 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Severity: moderate References: 1156913 Description: This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------- Patch: SUSE-2020-2099 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Severity: moderate References: 1173227,1173229,1173422 Description: This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------- Patch: SUSE-2020-2105 Released: Mon Aug 3 16:42:25 2020 Summary: Security update for the Linux Kernel Severity: important References: 1058115,1065729,1071995,1085030,1148868,1152472,1152489,1153274,1154353,1154492,1155518,1155798,1156395,1157169,1158050,1158242,1158265,1158748,1158765,1158983,1159781,1159867,1160947,1161495,1162002,1162063,1162400,1162702,1164648,1164777,1164780,1165211,1165933,1165975,1166985,1167104,1167651,1167773,1168230,1168779,1168838,1168959,1169021,1169094,1169194,1169514,1169681,1169771,1170011,1170284,1170442,1170617,1170774,1170879,1170891,1170895,1171150,1171189,1171191,1171219,1171220,1171246,1171417,1171513,1171529,1171530,1171662,1171688,1171699,1171732,1171739,1171743,1171759,1171828,1171857,1171868,1171904,1171915,1171982,1171983,1171988,1172017,1172046,1172061,1172062,1172063,1172064,1172065,1172066,1172067,1172068,1172069,1172073,1172086,1172095,1172169,1172170,1172201,1172208,1172223,1172342,1172343,1172344,1172365,1172366,1172374,1172391,1172393,1172394,1172453,1172458,1172467,1172484,1172537,1172543,1172687,1172719,1172739,1172751,1172759,1172775,1172781,1172782,1172783,1172814,1172823,1172841,1172871,1172938,1172939,1172940,1172956,1172983,1172984,1172985,1172986,1172987,1172988,1172989,1172990,1172999,1173060,1173068,1173074,1173085,1173139,1173206,1173271,1173280,1173284,1173428,1173438,1173461,1173514,1173552,1173573,1173625,1173746,1173776,1173817,1173818,1173820,1173822,1173823,1173824,1173825,1173826,1173827,1173828,1173830,1173831,1173832,1173833,1173834,1173836,1173837,1173838,1173839,1173841,1173843,1173844,1173845,1173847,1173849,1173860,1173894,1173941,1174018,1174072,1174116,1174126,1174127,1174128,1174129,1174185,1174244,1174263,1174264,1174331,1174332,1174333,1174345,1174356,1174396,1174398,1174407,1174409,1174411,1174438,1174462,1174513,1174527,1174543,1174627,962849,CVE-2019-19462,CVE-2019-20810,CVE-2019-20812,CVE-2020-0305,CVE-2020-10135,CVE-2020-10711,CVE-2020-10732,CVE-2020-10751,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10773,CVE-2020-10781,CVE-2020-12656,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780 Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-19462: relay_open in kernel/relay.c in the Linux kernel allowed local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (bnc#1158265). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c could result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3 (bnc#1172453). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth® BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem in versions This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-10781: A zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219). - CVE-2020-12769: An issue was discovered in drivers/spi/spi-dw.c allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bnc#1171983). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-13143: gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c relies on kstrdup without considering the possibility of an internal '\0' value, which allowed attackers to trigger an out-of-bounds read (bnc#1171982). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). The following non-security bugs were fixed: - ACPICA: Dispatcher: add status checks (git-fixes). - ACPICA: Fixes for acpiExec namespace init file (git-fixes). - ACPI: configfs: Disallow loading ACPI tables when locked down (git-fixes). - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (git-fixes). - ACPI: GED: add support for _Exx / _Lxx handler methods (git-fixes). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (git-fixes). - ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes). - ACPI: PM: Avoid using power resources if there are none for D0 (git-fixes). - ACPI: sysfs: Fix pm_profile_attr type (git-fixes). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (git-fixes). - ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes). - af_unix: add compat_ioctl support (git-fixes). - agp/intel: Reinforce the barrier after GTT updates (git-fixes). - aio: fix async fsync creds (bsc#1173828). - ALSA: emu10k1: delete an unnecessary condition (git-fixes). - ALSA: es1688: Add the missed snd_card_free() (git-fixes). - ALSA: fireface: fix configuration error for nominal sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix invalid assignment to union data for directional parameter (git-fixes). - ALSA: hda: Add ElkhartLake HDMI codec vid (git-fixes). - ALSA: hda: add member to store ratio for stripe control (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later (git-fixes). - ALSA: hda/hdmi: improve debug traces for stream lookups (git-fixes). - ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL (jsc#SLE-13261). - ALSA: hda - let hs_mic be picked ahead of hp_mic (git-fixes). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (git-fixes). - ALSA: hda/realtek - Add LED class support for micmute LED (git-fixes). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (git-fixes). - ALSA: hda/realtek - Enable micmute LED on and HP system (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (git-fixes). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (git-fixes). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (git-fixes). - ALSA: hda/realtek - fixup for yet another Intel reference board (git-fixes). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (git-fixes). - ALSA: hda/tegra: correct number of SDO lines for Tegra194 (git-fixes). - ALSA: hda/tegra: workaround playback failure on Tegra194 (git-fixes). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: line6: Sync the pending work cancel at disconnection (git-fixes). - ALSA: opl3: fix infoleak in opl3 (git-fixes). - ALSA: pcm: disallow linking stream to itself (git-fixes). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: fix snd_pcm_link() lockdep splat (git-fixes). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RTX6001 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2+ (git-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (git-fixes). - ALSA: usb-audio: Clean up quirk entries with macros (git-fixes). - ALSA: usb-audio: Fix a limit check in proc_dump_substream_formats() (git-fixes). - ALSA: usb-audio: Fix inconsistent card PM state after resume (git-fixes). - ALSA: usb-audio: fixing upper volume limit for RME Babyface Pro routing crosspoints (git-fixes). - ALSA: usb-audio: Fixing usage of plain int instead of NULL (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix packet size calculation (bsc#1173847). - ALSA: usb-audio: Fix potential use-after-free of streams (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: Fix racy list management in output queue (git-fixes). - ALSA: usb-audio: Improve frames size computation (git-fixes). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (git-fixes). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Print more information in stream proc files (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usb-audio: Remove async workaround for Scarlett 2nd gen (git-fixes). - ALSA: usb-audio: Replace s/frame/packet/ where appropriate (git-fixes). - ALSA: usb-audio: RME Babyface Pro mixer patch (git-fixes). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (git-fixes). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - amd-xgbe: Use __napi_schedule() in BH context (networking-stable-20_04_17). - apparmor: ensure that dfa state tables have entries (git-fixes). - apparmor: fix introspection of of task mode for unconfined tasks (git-fixes). - apparmor: Fix memory leak of profile proxy (git-fixes). - apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes). - apparmor: remove useless aafs_create_symlink (git-fixes). - arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id (bsc#1174398). - arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode (bsc#1174398). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12424). - ARM: oxnas: make ox820_boot_secondary static (git-fixes). - asm-gemeric/tlb: remove stray function declarations (bsc#1156395). - ASoC: codecs: max98373: Removed superfluous volume control from chip default (git-fixes). - ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend (git-fixes). - ASoC: core: only convert non DPCM link to DPCM link (git-fixes). - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type (git-fixes). - ASoC: fix incomplete error-handling in img_i2s_in_probe (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: fsl_ssi: Fix bclk calculation for mono channel (git-fixes). - ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet (git-fixes). - ASoC: intel: cht_bsw_max98090_ti: Add all Chromebooks that need pmc_plt_clk_0 quirk (bsc#1171246). - ASoC: intel - fix the card names (git-fixes). - ASoC: max98373: reorder max98373_reset() in resume (git-fixes). - ASoC: max9867: fix volume controls (git-fixes). - ASoC: meson: add missing free_irq() in error path (git-fixes). - ASoc: q6afe: add support to get port direction (git-fixes). - ASoC: q6asm: handle EOS correctly (git-fixes). - ASoC: qcom: q6asm-dai: kCFI fix (git-fixes). - ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes). - ASoC: rockchip: Fix a reference count leak (git-fixes). - ASoC: rt286: fix unexpected interrupt happens (git-fixes). - ASoC: rt5645: Add platform-data for Asus T101HA (git-fixes). - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5682: Report the button event in the headset type only (git-fixes). - ASoC: SOF: core: fix error return code in sof_probe_continue() (git-fixes). - ASoC: SOF: Do nothing when DSP PM callbacks are not set (git-fixes). - ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags (git-fixes). - ASoC: tegra: tegra_wm8903: Support nvidia, headset property (git-fixes). - ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()' (git-fixes). - ASoC: topology: fix kernel oops on route addition error (git-fixes). - ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes). - ASoC: ux500: mop500: Fix some refcounted resources issues (git-fixes). - ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes). - ASoC: wm8974: remove unsupported clock mode (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: fix kernel null pointer dereference (git-fixes). - ath10k: Fix the race condition in firmware dump work queue (git-fixes). - ath10k: Remove ath10k_qmi_register_service_notifier() declaration (git-fixes). - ath10k: remove the max_sched_scan_reqs value (git-fixes). - ath10k: Skip handling del_server during driver exit (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (git-fixes). - ath9k: Fix use-after-free Read in htc_connect_service (git-fixes). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (git-fixes). - ax25: fix setsockopt(SO_BINDTODEVICE) (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Fix connection problem with WPA3 (git-fixes). - b43legacy: Fix case where channel status is corrupted (git-fixes). - b43_legacy: Fix connection problem with WPA3 (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - batman-adv: Revert 'disable ethtool link speed detection when auto negotiation off' (git-fixes). - bdev: fix bdev inode reference count disbalance regression (bsc#1174244) - bfq: Avoid false bfq queue merging (bsc#1171513). - bfq: Fix check detecting whether waker queue should be selected (bsc#1168838). - bfq: Use only idle IO periods for think time calculations (bsc#1171513). - bfq: Use 'ttime' local variable (bsc#1171513). - blacklist.conf: Add 9486727f5981 iommu/vt-d: Make Intel SVM code 64-bit only - blacklist.conf: Add superfluous stable commit IDs - blacklist.conf: cleanup removing unused exported symbols, unavoidable kABI breakage - blacklist.conf: for future infrastructure, and will need kABI workarounds in each user, only if we really need it - blk-iocost: Fix error on iocost_ioc_vrate_adj (bsc#1173206). - blk-iocost: fix incorrect vtime comparison in iocg_is_idle() (bsc#1173206). - blk-mq: consider non-idle request as 'inflight' in blk_mq_rq_inflight() (bsc#1165933). - block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (bsc#1173817). - block: Fix use-after-free in blkdev_get() (bsc#1173834). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - Bluetooth: Add SCO fallback for invalid LMP parameters error (git-fixes). - Bluetooth: btbcm: Add 2 missing models to subver tables (git-fixes). - Bluetooth: btmtkuart: Improve exception handling in btmtuart_probe() (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bnxt_en: Fix AER reset logic on 57500 chips (bsc#1171150). - bnxt_en: fix firmware message length endianness (bsc#1173894). - bnxt_en: Fix return code to 'flash_device' (bsc#1173894). - bnxt_en: Improve TQM ring context memory sizing formulas (jsc#SLE-8371 bsc#1153274). - bnxt_en: Re-enable SRIOV during resume (jsc#SLE-8371 bsc#1153274). - bnxt_en: Return from timer if interface is not in open state (jsc#SLE-8371 bsc#1153274). - bnxt_en: Simplify bnxt_resume() (jsc#SLE-8371 bsc#1153274). - bpf: Document optval > PAGE_SIZE behavior for sockopt hooks (bsc#1155518). - bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518). - bpf: Do not return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE (bsc#1155518). - bpf: Fix an error code in check_btf_func() (bsc#1154353). - bpf: Fix map permissions check (bsc#1155518). - bpf: Prevent mmap()'ing read-only maps as writable (bsc#1155518). - bpf: Restrict bpf_probe_read{, str}() only to archs where they work (bsc#1172344). - bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier (bsc#1172344). - bpf, sockhash: Synchronize_rcu before free'ing map (git-fixes). - bpf, sockmap: Check update requirements after locking (git-fixes). - bpf: Undo internal BPF_PROBE_MEM in BPF insns dump (bsc#1155518). - bpf, xdp, samples: Fix null pointer dereference in *_user code (bsc#1155518). - brcmfmac: expose RPi firmware config files through modinfo (bsc#1169094). - brcmfmac: fix wrong location to get firmware feature (git-fixes). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - bridge: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes). - bus: ti-sysc: Ignore clockactivity unless specified as a quirk (git-fixes). - carl9170: remove P2P_GO support (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: add comments for handle_cap_flush_ack logic (bsc#1172940). - ceph: allow rename operation under different quota realms (bsc#1172988). - ceph: ceph_kick_flushing_caps needs the s_mutex (bsc#1172986). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1172984 bsc#1167104). - ceph: document what protects i_dirty_item and i_flushing_item (bsc#1172940). - ceph: do not release i_ceph_lock in handle_cap_trunc (bsc#1172940). - ceph: do not return -ESTALE if there's still an open file (bsc#1171915). - ceph: do not take i_ceph_lock in handle_cap_import (bsc#1172940). - ceph: fix potential race in ceph_check_caps (bsc#1172940). - ceph: flush release queue when handling caps for unknown inode (bsc#1172939). - ceph: make sure mdsc->mutex is nested in s->s_mutex to fix dead lock (bsc#1172989). - ceph: normalize 'delta' parameter usage in check_quota_exceeded (bsc#1172987). - ceph: reorganize __send_cap for less spinlock abuse (bsc#1172940). - ceph: request expedited service on session's last cap flush (bsc#1172985 bsc#1167104). - ceph: reset i_requested_max_size if file write is not wanted (bsc#1172983). - ceph: skip checking caps when session reconnecting and releasing reqs (bsc#1172990). - ceph: split up __finish_cap_flush (bsc#1172940). - ceph: throw a warning if we destroy session with mutex still locked (bsc#1172940). - char/random: Add a newline at the end of the file (jsc#SLE-12424). - clk: bcm2835: Fix return type of bcm2835_register_gate (git-fixes). - clk: bcm2835: Remove casting to bcm2835_clk_register (git-fixes). - clk: clk-flexgen: fix clock-critical handling (git-fixes). - clk: mediatek: assign the initial value to clk_init_data of mtk_mux (git-fixes). - clk: meson: meson8b: Do not rely on u-boot to init all GP_PLL registers (git-fixes). - clk: meson: meson8b: Fix the polarity of the RESET_N lines (git-fixes). - clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits (git-fixes). - clk: qcom: Add missing msm8998 ufs_unipro_core_clk_src (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical (git-fixes). - clk: sifive: allocate sufficient memory for struct __prci_data (git-fixes). - clk: sprd: return correct type of value for _sprd_pll_recalc_rate (git-fixes). - clk: sunxi: Fix incorrect usage of round_down() (git-fixes). - clk: ti: am33xx: fix RTC clock parent (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: zynqmp: fix memory leak in zynqmp_register_clocks (git-fixes). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (git-fixes). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (git-fixes). - component: Silence bind error on -EPROBE_DEFER (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1172739 - coredump: fix crash when umh is disabled (git-fixes). - coredump: fix null pointer dereference on coredump (git-fixes). - cpufreq: Fix up cpufreq_boost_set_sw() (git-fixes). - cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once (git-fixes). - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn (git-fixes). - cpuidle: Fix three reference count leaks (git-fixes). - crypto: algapi - Avoid spurious modprobe on LOADED (git-fixes). - crypto: algboss - do not wait during notifier callback (git-fixes). - crypto: algif_skcipher - Cap recv SG list at ctx->used (git-fixes). - crypto - Avoid free() namespace collision (git-fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp -- do not 'select' CONFIG_DMADEVICES (git-fixes). - crypto/chcr: fix for ccm(aes) failed test (git-fixes). - crypto: chelsio/chtls: properly set tp->lsndtime (git-fixes). - crypto: drbg - fix error return code in drbg_alloc_state() (git-fixes). - crypto: omap-sham - add proper load balancing support for multicore (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: stm32/crc32 - fix multi-instance (git-fixes). - crypto: stm32/crc32 - fix run-time self test issue (git-fixes). - cxgb4: fix adapter crash due to wrong MC size (networking-stable-20_04_27). - cxgb4: fix large delays in PTP synchronization (networking-stable-20_04_27). - dccp: Fix possible memleak in dccp_init and dccp_fini (networking-stable-20_06_16). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - devlink: fix return value after hitting end in region read (networking-stable-20_05_12). - devmap: Use bpf_map_area_alloc() for allocating hash buckets (bsc#1154353). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dma-coherent: fix integer overflow in the reserved-memory dma allocation (git-fixes). - dma-debug: fix displaying of dma allocation type (git-fixes). - dma-direct: fix data truncation in dma_direct_get_required_mask() (git-fixes). - dmaengine: dmatest: Fix process hang when reading 'wait' parameter (git-fixes). - dmaengine: dmatest: Restore default for channel (git-fixes). - dmaengine: dmatest: stop completed threads when running without set channel (git-fixes). - dmaengine: dw: Initialize channel before each transfer (git-fixes). - dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes). - dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler (git-fixes). - dmaengine: mmp_tdma: Do not ignore slave config validation errors (git-fixes). - dmaengine: mmp_tdma: Reset channel error on release (git-fixes). - dmaengine: owl: Use correct lock in owl_dma_get_pchan() (git-fixes). - dmaengine: pch_dma.c: Avoid data race between probe and irq handler (git-fixes). - dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (git-fixes). - dm: do not use waitqueue for request-based DM (bsc#1165933). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: reject asynchronous pmem devices (bsc#1156395). - dpaa2-eth: prevent array underflow in update_cls_rule() (networking-stable-20_05_16). - dpaa2-eth: properly handle buffer size restrictions (networking-stable-20_05_16). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174396). - dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: phy: sr-usb: do not use internal fsm for USB2 phy init (git-fixes). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (git-fixes). - drm/amd/display: add basic atomic check for cursor plane (git-fixes). - drm/amd/display: drop cursor position check in atomic test (git-fixes). - drm: amd/display: fix Kconfig help text (bsc#1152489) * context changes - drm/amd/display: Only revalidate bandwidth on medium and fast updates (git-fixes). - drm/amd/display: Prevent dpcd reads with passive dongles (git-fixes). - drm/amd/display: Revalidate bandwidth before commiting DC updates (git-fixes). - drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() (git-fixes). - drm/amd: fix potential memleak in err branch (git-fixes). - drm/amdgpu: add fw release for sdma v5_0 (git-fixes). - drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes). - drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes). - drm/amdgpu: drop redundant cg/pg ungate on runpm enter (git-fixes). - drm/amdgpu: fix gfx hang during suspend with video playback (v2) (git-fixes). - drm/amdgpu: fix the hw hang during perform system reboot and reset (git-fixes). - drm/amdgpu: force fbdev into vram (bsc#1152472) * context changes - drm/amdgpu: Init data to avoid oops while reading pp_num_states (git-fixes). - drm/amdgpu: invalidate L2 before SDMA IBs (v2) (git-fixes). - drm/amdgpu: move kfd suspend after ip_suspend_phase1 (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1152472) - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes). - drm/amdgpu: simplify padding calculations (v2) (git-fixes). - drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes). - drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven (git-fixes). - drm/amd/powerplay: avoid using pm_en before it is initialized revised (git-fixes). - drm/amd/powerplay: perform PG ungate prior to CG ungate (git-fixes). - drm: bridge: adv7511: Extend list of audio sample rates (git-fixes). - drm/connector: notify userspace on hotplug after register complete (bsc#1152489) * context changes - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (git-fixes). - drm/edid: Add Oculus Rift S to non-desktop list (git-fixes). - drm: encoder_slave: fix refcouting error for modules (git-fixes). - drm/etnaviv: fix perfmon domain interation (git-fixes). - drm/etnaviv: rework perfmon query infrastructure (git-fixes). - drm/exynos: fix ref count leak in mic_pre_enable (git-fixes). - drm/exynos: Properly propagate return value in drm_iommu_attach_device() (git-fixes). - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is (bsc#1152489) - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is disabled (git-fixes). - drm/i915: extend audio CDCLK>=2*BCLK constraint to more platforms (git-fixes). - drm/i915: Extend WaDisableDARBFClkGating to icl,ehl,tgl (bsc#1152489) - drm/i915: fix port checks for MST support on gen >= 11 (git-fixes). - drm/i915/gem: Avoid iterating an empty list (git-fixes). - drm/i915/gt: Do not schedule normal requests immediately along (bsc#1152489) - drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes). - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (bsc#1152489) - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (git-fixes). - drm/i915/gvt: Fix two CFL MMIO handling caused by regression. (bsc#1152489) - drm/i915/gvt: Fix two CFL MMIO handling caused by regression (git-fixes). - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1152489) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance (git-fixes). - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1152489) * context changes - drm/i915: HDCP: fix Ri prime check done during link check (git-fixes). - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1152489) - drm/i915: Limit audio CDCLK>=2*BCLK constraint back to GLK only (git-fixes). - drm/i915: Propagate error from completed fences (git-fixes). - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (git-fixes). - drm/i915: work around false-positive maybe-uninitialized warning (git-fixes). - drm/mcde: dsi: Fix return value check in mcde_dsi_bind() (git-fixes). - drm: mcde: Fix display initialization problem (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm: Check for powered down HW in the devfreq callbacks (bsc#1152489) - drm/msm/dpu: allow initialization of encoder locks during encoder init (git-fixes). - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1152489) - drm/msm/dpu: fix error return code in dpu_encoder_init (git-fixes). - drm/msm: fix potential memleak in error branch (git-fixes). - drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation (git-fixes). - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection (git-fixes). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (git-fixes). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (git-fixes). - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() (git-fixes). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix double free (git-fixes). - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - drm: rcar-du: Fix build error (bsc#1152472) - drm/sun4i: hdmi ddc clk: Fix size of m divider (git-fixes). - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489) - drm: sun4i: hdmi: Remove extra HPD polling (git-fixes). - drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes). - drm/tegra: hub: Do not enable orphaned window group (git-fixes). - drm/vkms: Hold gem object while still in-use (git-fixes). - Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139) Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport. (cherry picked from commit 70ad1b2fa5955d91e1a09a8027daf210e28fee30) - Drop a couple of block layer git-fixes Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport. - dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg() (git-fixes). - e1000: Distribute switch variables for initialization (git-fixes). - e1000e: Disable TSO for buffer overrun workaround (git-fixes). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (git-fixes). - e1000e: Relax condition to trigger reset for ME workaround (git-fixes). - EDAC/amd64: Add PCI device IDs for family 17h, model 70h (bsc#1165975). - EDAC/ghes: Setup DIMM label from DMI and use it in error reports (bsc#1168779). - EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable (bsc#1152489). - EDAC/synopsys: Do not dump uninitialized pinf->col (bsc#1152489). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12424). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12424). - efi/tpm: Verify event log header before parsing (bsc#1173461). - eventpoll: fix missing wakeup for ovflist in ep_poll_callback (bsc#1159867). - evm: Check also if *tfm is an error pointer in init_desc() (git-fixes). - evm: Fix a small race in init_desc() (git-fixes). - evm: Fix possible memory leak in evm_calc_hmac_or_hash() (git-fixes). - evm: Fix RCU list related warnings (git-fixes). - exfat: add missing brelse() calls on error paths (git-fixes). - exfat: fix incorrect update of stream entry in __exfat_truncate() (git-fixes). - exfat: fix memory leak in exfat_parse_param() (git-fixes). - exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes). - ext4: avoid utf8_strncasecmp() with unstable name (bsc#1173843). - ext4: fix error pointer dereference (bsc#1173837). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1173836). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - ext4: stop overwrite the errcode in ext4_setup_super (bsc#1173841). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (git-fixes). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fat: do not allow to mount if the FAT length == 0 (bsc#1173831). - fdt: add support for rng-seed (jsc#SLE-12424). - fdt: Update CRC check for rng-seed (jsc#SLE-12424). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (git-fixes). - firmware: imx-scu: Support one TX and one RX (git-fixes). - firmware: imx: warn on unexpected RX (git-fixes). - firmware: qcom_scm: fix bogous abuse of dma-direct internals (git-fixes). - firmware: xilinx: Fix an error handling path in 'zynqmp_firmware_probe()' (git-fixes). - Fix a regression of AF_ALG crypto interface hang with aes_s390 (bsc#1167651) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fork: prevent accidental access to clone3 features (bsc#1174018). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - fs: Do not check if there is a fsnotify watcher on pseudo inodes (bsc#1158765). - fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config file - fsnotify: Rearrange fast path to minimise overhead when there is no watcher (bsc#1158765). - fuse: copy_file_range should truncate cache (git-fixes). - fuse: fix copy_file_range cache issues (git-fixes). - genetlink: clean up family attributes allocations (git-fixes). - genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() (bsc#1154353). - geneve: allow changing DF behavior after creation (git-fixes). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - gfs2: fix glock reference problem in gfs2_trans_remove_revoke (bsc#1173823). - gfs2: Multi-block allocations in gfs2_page_mkwrite (bsc#1173822). - gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() (git-fixes). - gpio: dwapb: Append MODULE_ALIAS for platform driver (git-fixes). - gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-registration (git-fixes). - gpio: exar: Fix bad handling for ida_simple_get error path (git-fixes). - gpiolib: Document that GPIO line names are not globally unique (git-fixes). - gpio: pca953x: disable regmap locking for automatic address incrementing (git-fixes). - gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes). - gpio: pca953x: fix handling of automatic address incrementing (git-fixes). - gpio: pca953x: Fix pca953x_gpio_set_config (git-fixes). - gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2 (git-fixes). - gpio: pxa: Fix return value of pxa_gpio_probe() (git-fixes). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (git-fixes). - gpu/drm: Ingenic: Fix opaque pointer casted to wrong type (git-fixes). - gpu: host1x: Detach driver on unregister (git-fixes). - habanalabs: Align protection bits configuration of all TPCs (git-fixes). - HID: Add quirks for Trust Panora Graphic Tablet (git-fixes). - HID: alps: Add AUI1657 device ID (git-fixes). - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead (git-fixes). - HID: i2c-hid: add Schneider SCL142ALM to descriptor override (git-fixes). - HID: i2c-hid: reset Synaptics SYNA2393 on resume (git-fixes). - HID: intel-ish-hid: avoid bogus uninitialized-variable warning (git-fixes). - HID: logitech-hidpp: avoid repeated 'multiplier = ' log messages (git-fixes). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (git-fixes). - HID: multitouch: enable multi-input as a quirk for some devices (git-fixes). - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock (git-fixes). - HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes). - HID: quirks: Ignore Simply Automated UPB PIM (git-fixes). - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (git-fixes). - hinic: fix a bug of ndo_stop (networking-stable-20_05_16). - hinic: fix wrong para of wait_for_completion_timeout (networking-stable-20_05_16). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (git-fixes). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (git-fixes). - hwmon: (k10temp) Add AMD family 17h model 60h PCI match (git-fixes). - hwmon: (max6697) Make sure the OVERT mask is set correctly (git-fixes). - hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option (git-fixes). - hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (git-fixes). - i2c: altera: Fix race between xfer_msg and isr thread (git-fixes). - i2c: core: check returned size of emulated smbus block read (git-fixes). - i2c: designware-pci: Add support for Elkhart Lake PSE I2C (jsc#SLE-12734). - i2c: designware-pci: Fix BUG_ON during device removal (jsc#SLE-12734). - i2c: designware-pci: Switch over to MSI interrupts (jsc#SLE-12734). - i2c: dev: Fix the race between the release of i2c_dev and cdev (git-fixes). - i2c: eg20t: Load module automatically if ID matches (git-fixes). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c: fsi: Fix the port number field in status register (git-fixes). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411). - IB/hfi1: Fix module use count flaw due to leftover module put calls (bsc#1174407). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - IB/rdmavt: Free kernel completion queue when done (bsc#1173625). - ice: Fix error return code in ice_add_prof() (jsc#SLE-7926). - ice: Fix inability to set channels when down (jsc#SLE-7926). - ieee80211: Fix incorrect mask for default PE duration (git-fixes). - iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' (git-fixes). - iio: adc: stm32-adc: fix device used to request dma (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: stm32-dfsdm: fix device used to request dma (git-fixes). - iio: adc: stm32-dfsdm: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: ti-ads8344: Fix channel selection (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Do not allow buffers without any channels enabled to be activated (git-fixes). - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak (git-fixes). - iio:chemical:sps30: Fix timestamp alignment (git-fixes). - iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (git-fixes). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (git-fixes). - iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes). - iio:humidity:hts221 Fix alignment and data leak issues (git-fixes). - iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes). - iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (git-fixes). - iio: pressure: bmp280: Tolerate IRQ before registering (git-fixes). - iio:pressure:ms5611 Fix buffer element alignment (git-fixes). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes). - iio: sca3000: Remove an erroneous 'get_device()' (git-fixes). - iio: vcnl4000: Fix i2c swapped word reading (git-fixes). - ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() (bsc#1172223). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1172223) - ima: Directly free *entry in ima_alloc_init_template() if digests is NULL (bsc#1172223). - ima: Remove __init annotation from ima_pcrread() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: dlink-dir685-touchkeys - fix a typo in driver name (git-fixes). - Input: edt-ft5x06 - fix get_default register write access (git-fixes). - Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (git-fixes). - Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes). - Input: i8042 - add ThinkPad S230u to i8042 reset list (git-fixes). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: mms114 - add extra compatible for mms345l (git-fixes). - Input: mms114 - fix handling of mms345l (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (git-fixes). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (git-fixes). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (git-fixes). - Input: xpad - add custom init packet for Xbox One S controllers (git-fixes). - intel_th: Fix a NULL dereference when hub driver is not loaded (git-fixes). - intel_th: pci: Add Emmitsburg PCH support (git-fixes). - intel_th: pci: Add Jasper Lake CPU support (git-fixes). - intel_th: pci: Add Tiger Lake PCH-H support (git-fixes). - iocost: check active_list of all the ancestors in iocg_activate() (bsc#1173206). - iocost: over-budget forced IOs should schedule async delay (bsc#1173206). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172061). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172062). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172063). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172393). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172064). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172065). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172066). - iommu/arm-smmu-v3: Do not reserve implementation defined register space (bsc#1174126). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172394). - iommu/qcom: Fix local_base status check (bsc#1172067). - iommu/virtio: Reverse arguments to list_add (bsc#1172068). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127). - iommu/vt-d: Update scalable mode paging structure coherency (bsc#1174128). - ionic: add pcie_print_link_status (bsc#1167773). - ionic: centralize queue reset code (bsc#1167773). - ionic: export features for vlans to use (bsc#1167773). - ionic: no link check while resetting queues (bsc#1167773). - ionic: remove support for mgmt device (bsc#1167773). - ionic: tame the watchdog timer on reconfig (bsc#1167773). - ionic: update the queue count on open (bsc#1167773). - ionic: wait on queue start until after IFF_UP (bsc#1167773). - io_uring: use kvfree() in io_sqe_buffer_register() (bsc#1173832). - ipmi: use vzalloc instead of kmalloc for user creation (git-fixes). - ipv4: Update fib_select_default to handle nexthop objects (networking-stable-20_04_27). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipvs: Improve robustness to the ipvs sysctl (git-fixes). - irqchip/al-fic: Add support for irq retrigger (jsc#SLE-10505). - irqchip/ti-sci-inta: Fix processing of masked irqs (git-fixes). - irqchip/versatile-fpga: Apply clear-mask earlier (git-fixes). - irqchip/versatile-fpga: Handle chained IRQs properly (git-fixes). - iwlwifi: avoid debug max amsdu config overwriting itself (git-fixes). - iwlwifi: mvm: fix aux station leak (git-fixes). - iwlwifi: mvm: limit maximum queue appropriately (git-fixes). - iwlwifi: pcie: handle QuZ configs with killer NICs as well (bsc#1172374). - ixgbe: do not check firmware errors (bsc#1170284). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: fix data races at struct journal_head (bsc#1173438). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi fix for SUNRPC-dont-update-timeout-value-on-connection-reset.patch (bsc1174263). - kABI fixup mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12424). - kABI: protect struct fib_dump_filter (kabi). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kABI workaround for struct hdac_bus changes (git-fixes). - keys: asymmetric: fix error return code in software_key_query() (git-fixes). - ktest: Add timeout for ssh sync testing (git-fixes). - KVM: Check validity of resolved slot when searching memslots (bsc#1172069). - KVM: nVMX: always update CR3 in VMCS (git-fixes). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libbpf: Fix perf_buffer__free() API for sparse allocs (bsc#1155518). - libceph: do not omit recovery_deletes in target_copy() (git-fixes). - libceph: ignore pool overlay and cache logic on redirects (bsc#1172938). - lib: devres: add a helper function for ioremap_uc (git-fixes). - libertas_tf: avoid a null dereference in pointer priv (git-fixes). - lib/lzo: fix ambiguous encoding bug in lzo-rle (git-fixes). - libnvdimm/btt: fix variable 'rc' set but not used (bsc#1162400). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm: cover up nd_region changes (bsc#1162400). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/namespace: Enforce memremap_compat_align() (bsc#1162400). - libnvdimm/namsepace: Do not set claim_class on error (bsc#1162400). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm: Out of bounds read in __nd_ioctl() (bsc#1065729). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Fix build error (bsc#1162400). - libnvdimm/region: Introduce an 'align' attribute (bsc#1162400). - libnvdimm/region: Introduce NDD_LABELING (bsc#1162400). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() (bsc#1174331). - lib: Uplevel the pmem 'region' ida to a global allocator (bc#1162400). - list: Add hlist_unhashed_lockless() (bsc#1173438). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locktorture: Allow CPU-hotplug to be disabled via --bootargs (bsc#1173068). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1171530). - lpfc: fix axchg pointer reference after free and double frees (bsc#1171530). - lpfc: Fix pointer checks and comments in LS receive refactoring (bsc#1171530). - lpfc: Fix return value in __lpfc_nvme_ls_abort (bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: mesh: fix discovery timer re-arming issue / crash (git-fixes). - mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe() (git-fixes). - Make the 'Reducing compressed framebufer size' message be DRM_INFO_ONCE() (git-fixes). - mdraid: fix read/write bytes accounting (bsc#1172537). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: cedrus: Program output format during each run (git-fixes). - media: dvbdev: Fix tuner->demod media controller link (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (git-fixes). - media: dvbsky: add support for eyeTV Geniatech T2 lite (bsc#1173776). - media: dvbsky: add support for Mygica T230C v2 (bsc#1173776). - media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling (git-fixes). - media: mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - media: ov5640: fix use of destroyed mutex (git-fixes). - media: platform: fcp: Set appropriate DMA parameters (git-fixes). - media: Revert 'staging: imgu: Address a compiler warning on alignment' (git-fixes). - media: si2157: Better check for running tuner in init (git-fixes). - media: si2168: add support for Mygica T230C v2 (bsc#1173776). - media: staging: imgu: do not hold spinlock during freeing mmu page table (git-fixes). - media: staging/intel-ipu3: Implement lock for stream on/off operations (git-fixes). - media: staging: ipu3: Fix stale list entries on parameter queue failure (git-fixes). - media: staging: ipu3-imgu: Move alignment attribute to field (git-fixes). - media: vicodec: Fix error codes in probe function (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: release me_cl object reference (git-fixes). - mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602). - mfd: intel-lpss: Add Intel Tiger Lake PCI IDs (jsc#SLE-12737). - mfd: intel-lpss: Use devm_ioremap_uc for MMIO (git-fixes). - mfd: stmfx: Fix stmfx_irq_init error path (git-fixes). - mfd: stmfx: Reset chip on resume as supply was disabled (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - misc: fastrpc: fix potential fastrpc_invoke_ctx leak (git-fixes). - misc: rtsx: Add short delay after exit from ASPM (git-fixes). - mlxsw: core: Use different get_trend() callbacks for different thermal zones (networking-stable-20_06_10). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mm: adjust vm_committed_as_batch according to vm overcommit policy (bnc#1173271). - mmc: block: Fix use-after-free issue for rpmb (git-fixes). - mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE (git-fixes). - mmc: fix compilation of user API (git-fixes). - mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed (git-fixes). - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error (git-fixes). - mmc: mmci_sdmmc: fix DMA API warning overlapping mappings (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (git-fixes). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (git-fixes). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (git-fixes). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (git-fixes). - mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() (git-fixes). - mmc: tmio: Further fixup runtime PM management at remove (git-fixes). - mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() (git-fixes). - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core (git-fixes). - mm: do not prepare anon_vma if vma has VM_WIPEONFORK (bsc#1169681). - mm: fix NUMA node file count error in replace_page_cache() (bsc#1173844). - mm: memcontrol: fix memory.low proportional distribution (bsc#1168230). - mm/memory_hotplug: refrain from adding memory into an impossible node (bsc#1173552). - mm/memremap: drop unused SECTION_SIZE and SECTION_MASK (bsc#1162400 bsc#1170895 ltc#184375 ltc#185686). - mm/memremap_pages: Introduce memremap_compat_align() (bsc#1162400). - mm/memremap_pages: Kill unused __devm_memremap_pages() (bsc#1162400). - mm/mmap.c: close race between munmap() and expand_upwards()/downwards() (bsc#1174527). - mm/util.c: make vm_memory_committed() more accurate (bnc#1173271). - move unsortable patch out of sorted section patches.suse/revert-zram-convert-remaining-class_attr-to-class_attr_ro - mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter (git-fixes). - mtd: Fix mtd not registered due to nvmem name collision (git-fixes). - mtd: rawnand: brcmnand: correctly verify erased pages (git-fixes). - mtd: rawnand: brcmnand: fix CS0 layout (git-fixes). - mtd: rawnand: brcmnand: fix hamming oob layout (git-fixes). - mtd: rawnand: diskonchip: Fix the probe error path (git-fixes). - mtd: rawnand: Fix nand_gpio_waitrdy() (git-fixes). - mtd: rawnand: ingenic: Fix the probe error path (git-fixes). - mtd: rawnand: marvell: Fix probe error path (git-fixes). - mtd: rawnand: marvell: Fix the condition on a return code (git-fixes). - mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered (git-fixes). - mtd: rawnand: mtk: Fix the probe error path (git-fixes). - mtd: rawnand: onfi: Fix redundancy detection check (git-fixes). - mtd: rawnand: orion: Fix the probe error path (git-fixes). - mtd: rawnand: oxnas: Keep track of registered devices (git-fixes). - mtd: rawnand: oxnas: Release all devices in the _remove() path (git-fixes). - mtd: rawnand: pasemi: Fix the probe error path (git-fixes). - mtd: rawnand: plat_nand: Fix the probe error path (git-fixes). - mtd: rawnand: sharpsl: Fix the probe error path (git-fixes). - mtd: rawnand: socrates: Fix the probe error path (git-fixes). - mtd: rawnand: sunxi: Fix the probe error path (git-fixes). - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings (git-fixes). - mtd: rawnand: tmio: Fix the probe error path (git-fixes). - mtd: rawnand: xway: Fix the probe error path (git-fixes). - mtd: spinand: Propagate ECC information to the MTD structure (git-fixes). - mtd: spi-nor: intel-spi: Add support for Intel Tiger Lake SPI serial flash (jsc#SLE-12737). - mvpp2: remove module bugfix (bsc#1154353). - mwifiex: avoid -Wstringop-overflow warning (git-fixes). - mwifiex: Fix memory corruption in dump_station (git-fixes). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1173824). - nbd: Fix memory leak in nbd_add_socket (git-fixes). - neigh: send protocol value in neighbor create notification (networking-stable-20_05_12). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net: core: device_rename: Use rwsem instead of a seqcount (bsc#1162702). - net: do not return invalid table id error when we fall back to PF_UNSPEC (networking-stable-20_05_27). - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: declare lockless TX feature for slave ports (bsc#1154353). - net: dsa: Do not leave DSA master with NULL netdev_ops (networking-stable-20_05_12). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: dsa: mt7530: fix tagged frames pass-through in VLAN-unaware mode (networking-stable-20_04_17). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1154492). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1154492). - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend (networking-stable-20_05_27). - net_failover: fixed rollback in net_failover_open() (networking-stable-20_06_10). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c (bsc#1171857). - netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c (bsc#1171857). - netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions (git-fixes). - netfilter: nft_tproxy: Fix port selector on Big Endian (git-fixes). - netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy (git-fixes). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: fsl/fman: treat all RGMII modes in memac_adjust_link() (bsc#1174398). - net: hns3: check reset pending after FLR prepare (bsc#1154353). - __netif_receive_skb_core: pass skb by reference (networking-stable-20_05_27). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() (bsc#1154353). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - net: macb: call pm_runtime_put_sync on failure path (git-fixes). - net: macb: fix an issue about leak related system resources (networking-stable-20_05_12). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Disable reload while removing the device (jsc#SLE-8464). - net/mlx5: drain health workqueue in case of driver load error (networking-stable-20_06_16). - net/mlx5: DR, Fix freeing in dr_create_rc_qp() (jsc#SLE-8464). - net/mlx5e: Add missing release firmware call (networking-stable-20_04_17). - net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash (jsc#SLE-8464). - net/mlx5e: Fix inner tirs handling (networking-stable-20_05_27). - net/mlx5e: Fix pfnum in devlink port attribute (networking-stable-20_04_17). - net/mlx5e: Fix repeated XSK usage on one channel (networking-stable-20_06_16). - net/mlx5e: Fix stats update for matchall classifier (jsc#SLE-8464). - net/mlx5e: Fix VXLAN configuration restore after function reload (jsc#SLE-8464). - net/mlx5e: kTLS, Destroy key object after destroying the TIS (networking-stable-20_05_27). - net/mlx5e: replace EINVAL in mlx5e_flower_parse_meta() (jsc#SLE-8464). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix cleaning unmanaged flow tables (jsc#SLE-8464). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (bsc#1172365). - net/mlx5: Fix error flow in case of function_setup failure (networking-stable-20_05_27). - net/mlx5: Fix fatal error handling during device load (networking-stable-20_06_16). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net/mlx5: Fix frequent ioread PCI access during recovery (networking-stable-20_04_17). - net/mlx5: Fix memory leak in mlx5_events_init (networking-stable-20_05_27). - net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del() (networking-stable-20_05_12). - net: mvpp2: fix RX hashing for non-10G ports (networking-stable-20_05_27). - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx() (networking-stable-20_05_12). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net: nlmsg_cancel() if put fails for nhmsg (networking-stable-20_05_27). - net: openvswitch: ovs_ct_exit to be done under ovs_lock (networking-stable-20_04_27). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - net: phy: propagate an error back to the callers of phy_sfp_probe (bsc#1154353). - net: phy: realtek: add support for configuring the RX delay on RTL8211F (bsc#1174398). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: qrtr: send msgs from local of same id as broadcast (networking-stable-20_04_17). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net: revert 'net: get rid of an signed integer overflow in ip_idents_reserve()' (bnc#1158748 (network regression)). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net_sched: sch_skbprio: add message validation to skbprio_change() (networking-stable-20_05_12). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: tolerate future SMCD versions (bsc#1172543 LTC#186069). - net: stmmac: do not attach interface until resume finishes (bsc#1174072). - net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072). - net: stmmac: dwc-qos: use generic device api (bsc#1174072). - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac v5.10a (networking-stable-20_06_07). - net: stmmac: fix num_por initialization (networking-stable-20_05_16). - net: stmmac: platform: fix probe for ACPI devices (bsc#1174072). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net: tc35815: Fix phydev supported/advertising mask (networking-stable-20_05_12). - net: tcp: fix rx timestamp behavior for tcp_recvmsg (networking-stable-20_05_16). - net/tls: fix encryption error checking (git-fixes). - net/tls: fix race condition causing kernel panic (networking-stable-20_05_27). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net/tls: free record only on encryption error (git-fixes). - net: tun: record RX queue in skb before do_xdp_generic() (networking-stable-20_04_17). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nexthop: Fix attribute checking for groups (networking-stable-20_05_27). - NFC: st21nfca: add missed kfree_skb() in an error path (git-fixes). - nfp: abm: fix a memory leak bug (networking-stable-20_05_12). - nfp: abm: fix error return code in nfp_abm_vnic_alloc() (networking-stable-20_05_16). - nfp: flower: fix used time of merge flow statistics (networking-stable-20_06_07). - nfs: add minor version to nfs_server_key for fscache (bsc#1172467). - nfsd4: fix nfsdfs reference count loop (git-fixes). - nfsd4: make drc_slab global, not per-net (git-fixes). - nfsd: always check return value of find_any_file (bsc#1172208). - nfsd: apply umask on fs without ACL support (git-fixes). - nfsd: fix nfsdfs inode reference count leak (git-fixes). - NFS: Fix fscache super_cookie index_key from changing after umount (git-fixes). - NFS: Fix interrupted slots by sending a solo SEQUENCE operation (bsc#1174264). - nfs: fix NULL deference in nfs4_get_valid_delegation. - nfs: fscache: use timespec64 in inode auxdata (git-fixes). - nfs: set invalid blocks after NFSv4 writes (git-fixes). - NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION (git-fixes). - NFSv4 fix CLOSE not waiting for direct IO compeletion (git-fixes). - NFSv4: Fix fscache cookie aux_data to ensure change_attr is included (git-fixes). - ntb: intel: add hw workaround for NTB BAR alignment (jsc#SLE-12710). - ntb: intel: Add Icelake (gen4) support for Intel NTB (jsc#SLE-12710). - ntb: intel: fix static declaration (jsc#SLE-12710). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme-fc: avoid gcc-10 zero-length-bounds warning (bsc#1173206). - nvme-fc: do not call nvme_cleanup_cmd() for AENs (bsc#1171688). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Allow no-op CFI ops in alternatives (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix !CFI insn_state propagation (bsc#1169514). - objtool: Fix ORC vs alternatives (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Remove check preventing branches within alternative (bsc#1169514). - objtool: Rename struct cfi_state (bsc#1169514). - objtool: Uniquely identify alternative instruction groups (bsc#1169514). - ovl: inode reference leak in ovl_is_inuse true case (git-fixes). - p54usb: add AirVasT USB stick device-id (git-fixes). - padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes). - padata: kABI fixup for struct padata_instance splitting nodes (git-fixes). - panic: do not print uninitialized taint_flags (bsc#1172814). - PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes). - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes). - PCI: Add Loongson vendor ID (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (git-fixes). - PCI: amlogic: meson: Do not use FAST_LINK_MODE to set up link (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes). - PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: dwc: Fix inner MSI IRQ domain registration (git-fixes). - PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513). - pcie: mobiveil: remove patchset v9 Prepare to backport upstream version. - PCI: Fix pci_register_host_bridge() device_register() error handling (git-fixes). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172871). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871). - PCI: hv: Introduce hv_msi_entry (bsc#1172871). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871). - PCI: mobiveil: Add 8-bit and 16-bit CSR register accessors (bsc#1161495). - PCI: mobiveil: Add callback function for interrupt initialization (bsc#1161495). - PCI: mobiveil: Add callback function for link up check (bsc#1161495). - PCI: mobiveil: Add Header Type field check (bsc#1161495). - PCI: mobiveil: Add PCIe Gen4 RC driver for Layerscape SoCs (bsc#1161495). - PCI: mobiveil: Allow mobiveil_host_init() to be used to re-init host (bsc#1161495). - PCI: mobiveil: Collect the interrupt related operations into a function (bsc#1161495). - PCI: mobiveil: Fix sparse different address space warnings (bsc#1161495). - PCI: mobiveil: Fix unmet dependency warning for PCIE_MOBIVEIL_PLAT (bsc#1161495). - PCI: mobiveil: Introduce a new structure mobiveil_root_port (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011451 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011577 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: fix SError when accessing config space (bsc#1161495). - PCI: mobiveil: Modularize the Mobiveil PCIe Host Bridge IP driver (bsc#1161495). - PCI: mobiveil: Move the host initialization into a function (bsc#1161495). - PCI: pci-bridge-emul: Fix PCIe bit conflicts (git-fixes). - PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (git-fixes). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths (git-fixes). - PCI: vmd: Add device id for VMD device 8086:9A0B (git-fixes). - PCI: vmd: Filter resource type bits from shadow register (git-fixes). - pcm_native: result of put_user() needs to be checked (git-fixes). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1174332). - perf/core: Fix endless multiplex timer (git-fixes). - perf/core: fix parent pid/tid in task exit events (git-fixes). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (git-fixes). - pinctrl: intel: Add Intel Tiger Lake pin controller support (jsc#SLE-12737). - pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2 (git-fixes). - pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map (git-fixes). - pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries (git-fixes). - pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 (git-fixes). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (git-fixes). - pinctrl: sprd: Fix the incorrect pull-up definition (git-fixes). - pinctrl: stmfx: stmfx_pinconf_set does not require to get direction anymore (git-fixes). - pinctrl: tegra: Use noirq suspend/resume callbacks (git-fixes). - pinctrl: tigerlake: Tiger Lake uses _HID enumeration (jsc#SLE-12737). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (git-fixes). - platform/x86: asus_wmi: Reserve more space for struct bias_args (git-fixes). - platform/x86: dell-laptop: do not register micmute LED if there is no token (git-fixes). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (git-fixes). - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) (git-fixes). - platform/x86: intel-vbtn: Also handle tablet-mode switch on 'Detachable' and 'Portable' chassis-types (git-fixes). - platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there (git-fixes). - platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / 'Laptop' chasis-type (git-fixes). - platform/x86: intel-vbtn: Split keymap into buttons and switches parts (git-fixes). - platform/x86: intel-vbtn: Use acpi_evaluate_integer() (git-fixes). - platform/x86: ISST: Increase timeout (bsc#1174185). - PM: runtime: clk: Fix clk_pm_runtime_get() error path (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git-fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s/exception: Fix machine check no-loss idle wakeup (bsc#1156395). - powerpc/64s/kuap: Restore AMR in system reset exception (bsc#1156395). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again (bsc#1172344). - powerpc/fadump: Account for memory_limit while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: consider reserved ranges while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/fadump: use static allocation for reserved memory ranges (jsc#SLE-9099 git-fixes). - powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes). - powerpc/kuap: PPC_KUAP_DEBUG should depend on PPC_KUAP (bsc#1156395). - powerpc/powernv: Fix a warning message (bsc#1156395). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: reset: qcom-pon: reg write mask depends on pon generation (git-fixes). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (git-fixes). - power: supply: core: fix HWMON temperature labels (git-fixes). - power: supply: core: fix memory leak in HWMON error path (git-fixes). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (git-fixes). - power: supply: smb347-charger: IRQSTAT_D is volatile (git-fixes). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready (bsc#1172095). - proc/meminfo: avoid open coded reading of vm_committed_as (bnc#1173271). - proc: Use new_inode not new_inode_pseudo (bsc#1173830). - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case (git-fixes). - pwm: sun4i: Move pwm_calculate() out of spin_lock() (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (git-fixes). - r8169: Revive default chip version for r8168 (bsc#1173085). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - random: fix data races at timer_rand_state (bsc#1173438). - rcu: Avoid data-race in rcu_gp_fqs_check_wake() (bsc#1171828). - rcu: Fix data-race due to atomic_t copy-by-value (bsc#1171828). - rcu: Make rcu_read_unlock_special() checks match raise_softirq_irqoff() (bsc#1172046). - rcu: Simplify rcu_read_unlock_special() deferred wakeups (bsc#1172046). - rcutorture: Add 100-CPU configuration (bsc#1173068). - rcutorture: Add worst-case call_rcu() forward-progress results (bsc#1173068). - rcutorture: Dispense with Dracut for initrd creation (bsc#1173068). - rcutorture: Make kvm-find-errors.sh abort on bad directory (bsc#1173068). - rcutorture: Remove CONFIG_HOTPLUG_CPU=n from scenarios (bsc#1173068). - rcutorture: Summarize summary of build and run results (bsc#1173068). - rcutorture: Test TREE03 with the threadirqs kernel boot parameter (bsc#1173068). - rcu: Use *_ONCE() to protect lockless ->expmask accesses (bsc#1171828). - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls (bsc#1173438). - RDMA/bnxt_re: Remove dead code from rcfw (bsc#1170774). - RDMA/core: Check that type_attrs is not NULL prior access (jsc#SLE-8449). - RDMA/core: Move and rename trace_cm_id_create() (jsc#SLE-8449). - RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (jsc#SLE-8446). - RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET (bsc#1172841). - RDMA/srpt: Fix disabling device management (jsc#SLE-8449). - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (jsc#SLE-8449). - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (git-fixes). - regmap: fix alignment issue (git-fixes). - regmap: Fix memory leak from regmap_register_patch (git-fixes). - regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 (git-fixes). - remoteproc: Add missing '\n' in log messages (git-fixes). - remoteproc: Fall back to using parent memory pool if no dedicated available (git-fixes). - remoteproc: Fix and restore the parenting hierarchy for vdev (git-fixes). - remoteproc: Fix IDR initialisation in rproc_alloc() (git-fixes). - remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use (git-fixes). - Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (git-fixes). - Revert 'drm/amd/display: disable dcn20 abm feature for bring up' (git-fixes). - Revert 'i2c: tegra: Fix suspending in active runtime PM state' (git-fixes). - Revert 'pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()'' (git-fixes). - Revert 'thermal: mediatek: fix register index error' (git-fixes). - ring-buffer: Zero out time extend if it is nested and not absolute (git-fixes). - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/modules.fips: add aes-ce-ccm, des3_ede-x86_64, aes_ti and aes_neon_bs - rtc: mc13xxx: fix a double-unlock issue (git-fixes). - rtc: rv3028: Add missed check for devm_regmap_init_i2c() (git-fixes). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (git-fixes). - rtw88: fix an issue about leak system resources (git-fixes). - rxrpc: Fix call RCU cleanup using non-bh-safe locks (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194, LTC#185911). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes). - s390/pci: Fix s390_mmio_read/write with MIO (git-fixes). - s390/pci: Log new handle in clp_disable_fh() (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sata_rcar: handle pm_runtime_get_sync failure cases (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sched/cfs: change initial value of runnable_avg (bsc#1158765). - sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1172823). - sched/core: Fix PI boosting between RT and DEADLINE tasks (git fixes (sched)). - sched/core: Fix ttwu() race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: s/WF_ON_RQ/WQ_ON_CPU/ (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cpuacct: Fix charge cpuacct.usage_sys (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/deadline: Initialize ->dl_boosted (bsc#1172823). - sched/deadline: Initialize ->dl_boosted (git fixes (sched)). - sched: etf: do not assume all sockets are full blown (networking-stable-20_04_27). - sched/fair: find_idlest_group(): Remove unused sd_flag parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Fix enqueue_task_fair() warning some more (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix nohz next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize dequeue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize enqueue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Simplify the code of should_we_balance() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix loadavg accounting race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix race against ptrace_freeze_trace() (bsc#1174345). - sched: Make newidle_balance() static again (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Offload wakee task activation if it the wakee is descheduling (bnc#1158748, bnc#1159781). - sched: Optimize ttwu() spinning on p->on_cpu (bnc#1158748, bnc#1159781). - sched/pelt: Sync util/runnable_sum with PELT window when propagating (bnc#1155798 (CPU scheduler functional and performance backports)). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: libfc: free response frame from GPN_ID (bsc#1173849). - scsi: libfc: Handling of extra kref (bsc#1173849). - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849). - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1173849). - scsi: libfc: Skip additional kref updating work event (bsc#1173849). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1171530). - scsi: lpfc: Fix incomplete NVME discovery when target (bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bsc#1171530). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: fix spelling mistakes of asynchronous (bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Make lpfc_defer_acc_rsp static (bsc#1171530). - scsi: lpfc: remove duplicate unloading checks (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1172687 bsc#1171530). - scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (bsc#1173206). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: sd_zbc: Fix sd_zbc_complete() (bsc#1173206). - scsi: smartpqi: Update attribute name to `driver_version` (bsc#1173206). - scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes). - scsi: zfcp: add diagnostics buffer for exchange config data (bsc#1158050). - scsi: zfcp: auto variables for dereferenced structs in open port handler (bsc#1158050). - scsi: zfcp: diagnostics buffer caching and use for exchange port data (bsc#1158050). - scsi: zfcp: enhance handling of FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: expose fabric name as common fc_host sysfs attribute (bsc#1158050). - scsi: zfcp: Fence adapter status propagation for common statuses (bsc#1158050). - scsi: zfcp: Fence early sysfs interfaces for accesses of shost objects (bsc#1158050). - scsi: zfcp: Fence fc_host updates during link-down handling (bsc#1158050). - scsi: zfcp: fix fc_host attributes that should be unknown on local link down (bsc#1158050). - scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (git-fixes). - scsi: zfcp: fix wrong data and display format of SFP+ temperature (bsc#1158050). - scsi: zfcp: implicitly refresh config-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: implicitly refresh port-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: introduce sysfs interface for diagnostics of local SFP transceiver (bsc#1158050). - scsi: zfcp: introduce sysfs interface to read the local B2B-Credit (bsc#1158050). - scsi: zfcp: log FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: log FC Endpoint Security of connections (bsc#1158050). - scsi: zfcp: Move allocation of the shost object to after xconf- and xport-data (bsc#1158050). - scsi: zfcp: Move fc_host updates during xport data handling into fenced function (bsc#1158050). - scsi: zfcp: move maximum age of diagnostic buffers into a per-adapter variable (bsc#1158050). - scsi: zfcp: Move p-t-p port allocation to after xport data (bsc#1158050). - scsi: zfcp: Move shost modification after QDIO (re-)open into fenced function (bsc#1158050). - scsi: zfcp: Move shost updates during xconfig data handling into fenced function (bsc#1158050). - scsi: zfcp: proper indentation to reduce confusion in zfcp_erp_required_act (bsc#1158050). - scsi: zfcp: report FC Endpoint Security in sysfs (bsc#1158050). - scsi: zfcp: signal incomplete or error for sync exchange config/port data (bsc#1158050). - scsi: zfcp: support retrieval of SFP Data via Exchange Port Data (bsc#1158050). - scsi: zfcp: trace FC Endpoint Security of FCP devices and connections (bsc#1158050). - scsi: zfcp: wire previously driver-specific sysfs attributes also to fc_host (bsc#1158050). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o (bsc#1155518). - selftests/bpf: CONFIG_LIRC required for test_lirc_mode2.sh (bsc#1155518). - selftests/bpf: Fix invalid memory reads in core_relo selftest (bsc#1155518). - selftests/bpf: Fix memory leak in extract_build_id() (bsc#1155518). - selftests/bpf, flow_dissector: Close TAP device FD after the test (bsc#1155518). - selftests/bpf: Make sure optvals > PAGE_SIZE are bypassed (bsc#1155518). - selftests/net: in rxtimestamp getopt_long needs terminating null entry (networking-stable-20_06_16). - selftests/timens: handle a case when alarm clocks are not supported (bsc#1164648,jsc#SLE-11493). - selinux: fall back to ref-walk if audit is required (bsc#1174333). - selinux: revert 'stop passing MAY_NOT_BLOCK to the AVC upon follow_link' (bsc#1174333). - serial: 8250: Fix max baud limit in generic 8250 port (git-fixes). - serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941). - signal: Avoid corrupting si_pid and si_uid in do_notify_parent (bsc#1171529). - slimbus: core: Fix mismatch in of_node_get/put (git-fixes). - slimbus: ngd: get drvdata from correct device (git-fixes). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - socionext: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - soc: mediatek: cmdq: return send msg error code (git-fixes). - soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner (git-fixes). - soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data (git-fixes). - soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request (git-fixes). - soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS (git-fixes). - soc: qcom: rpmh: Update dirty flag only when data changes (git-fixes). - soc/tegra: pmc: Select GENERIC_PINCONF (git-fixes). - soundwire: intel: fix memory leak with devm_kasprintf (git-fixes). - spi: bcm2835aux: Fix controller unregister order (git-fixes). - spi: bcm2835: Fix controller unregister order (git-fixes). - spi: bcm-qspi: Handle clock probe deferral (git-fixes). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (git-fixes). - SPI: designware: pci: Switch over to MSI interrupts (jsc#SLE-12735). - spi: dt-bindings: spi-controller: Fix #address-cells for slave mode (git-fixes). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix controller unregister order (git-fixes). - spi: dw: Fix native CS being unset (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw-pci: Add MODULE_DEVICE_TABLE (jsc#SLE-12735). - spi: dw-pci: Add runtime power management support (jsc#SLE-12735). - spi: dw-pci: Add support for Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw-pci: Fix Chip Select amount on Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: dw: use 'smp_mb()' to avoid sending spi data error (git-fixes). - spi: dw: Zero DMA Tx and Rx configurations on stack (git-fixes). - spi: Fix controller unregister order (git-fixes). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Apply CS clk quirk to BXT (git-fixes). - spi: pxa2xx: Fix controller unregister order (git-fixes). - spi: pxa2xx: Fix runtime PM ref imbalance on probe error (git-fixes). - spi: Respect DataBitLength field of SpiSerialBusV2() ACPI resource (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: spidev: fix a race between spidev_release and spidev_remove (git-fixes). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (git-fixes). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (git-fixes). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (git-fixes). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (git-fixes). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (git-fixes). - spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH (git-fixes). - staging: comedi: verify array index is correct before using it (git-fixes). - staging: iio: ad2s1210: Fix SPI reading (git-fixes). - staging: kpc2000: fix error return code in kp2000_pcie_probe() (git-fixes). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (git-fixes). - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes). - staging: sm750fb: add missing case while setting FB_VISUAL (git-fixes). - sun6i: dsi: fix gcc-4.8 (bsc#1152489) - SUNRPC dont update timeout value on connection reset (bsc#1174263). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116). - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - SUNRPC: Signalled ASYNC tasks need to exit (git-fixes). - supported.conf: Add pinctrl-tigerlake as supported - supported.conf: Mark two hwtracing helper modules as externally supported (bsc#1170879) - svcrdma: Fix leak of svc_rdma_recv_ctxt objects (git-fixes). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: fix error recovery in tcp_zerocopy_receive() (networking-stable-20_05_16). - tcp: fix SO_RCVLOWAT hangs with fat skbs (networking-stable-20_05_16). - tcp: md5: allow changing MD5 keys in all socket states (git-fixes). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - thermal/drivers: imx: Fix missing of_node_put() at probe time (git-fixes). - thermal/drivers/mediatek: Fix bank number settings on mt8183 (git-fixes). - thermal/drivers/rcar_gen3: Fix undefined temperature if negative (git-fixes). - thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR (git-fixes). - thermal: int3403_thermal: Downgrade error message (git-fixes). - thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (jsc#SLE-12668). - tick/sched: Annotate lockless access to last_jiffies_update (bsc#1173438). - timer: Use hlist_unhashed_lockless() in timer_pending() (bsc#1173438). - tipc: block BH before using dst_cache (networking-stable-20_05_27). - tipc: fix partial topology connection closure (networking-stable-20_05_12). - torture: Allow 'CFLIST' to specify default list of scenarios (bsc#1173068). - torture: Expand last_ts variable in kvm-test-1-run.sh (bsc#1173068). - torture: Handle jitter for CPUs that cannot be offlined (bsc#1173068). - torture: Handle systems lacking the mpstat command (bsc#1173068). - torture: Hoist calls to lscpu to higher-level kvm.sh script (bsc#1173068). - torture: Make results-directory date format completion-friendly (bsc#1173068). - torture: Use gawk instead of awk for systime() function (bsc#1173068). - tpm: Fix TIS locality timeout problems (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (git-fixes). - tpm_tis: Remove the HID IFX0102 (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (git-fixes). - tty: n_gsm: Fix SOF skipping (git-fixes). - tty: n_gsm: Fix waking up upper tty layer when room available (git-fixes). - tty: serial: add missing spin_lock_init for SiFive serial console (git-fixes). - tun: correct header offsets in napi frags mode (git-fixes). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: fix wrong use of crypto_shash_descsize() (bsc#1173827). - ubifs: remove broken lazytime support (bsc#1173826). - udp: Copy has_conns in reuseport_grow() (git-fixes). - udp: Improve load balancing for SO_REUSEPORT (git-fixes). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes). - usb: chipidea: core: add wakeup support for extcon (git-fixes). - USB: core: Fix misleading driver bug report (git-fixes). - usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B (git-fixes). - usb: dwc2: Fix shutdown callback in platform (git-fixes). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - usb: dwc3: pci: Enable extcon driver for Intel Merrifield (git-fixes). - usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work (git-fixes). - usb/ehci-platform: Set PM runtime as active on resume (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: fix illegal array access in binding with UDC (git-fixes). - usb: gadget: Fix issue with config_ep_by_speed function (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (git-fixes). - usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes). - usb: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - usb: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - usb: gadget: legacy: fix redundant initialization warnings (git-fixes). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (git-fixes). - usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (git-fixes). - usb: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (git-fixes). - usb: gadget: udc: Potential Oops in error handling code (git-fixes). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (git-fixes). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (git-fixes). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (git-fixes). - usb: host: ehci-platform: add a quirk to avoid stuck (git-fixes). - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - usb: host: xhci-plat: keep runtime active when removing host (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usb: musb: Fix runtime PM imbalance on error (git-fixes). - usb: musb: start session in resume for host port (git-fixes). - usbnet: smsc95xx: Fix use-after-free after removal (git-fixes). - usb/ohci-platform: Fix a warning when hibernating (git-fixes). - USB: ohci-sm501: Add missed iounmap() in remove (git-fixes). - USB: ohci-sm501: fix error return code in ohci_hcd_sm501_drv_probe() (git-fixes). - usb: renesas_usbhs: getting residue from callback_result (git-fixes). - USB: serial: ch341: add basis for quirk detection (git-fixes). - USB: serial: ch341: add new Product ID for CH340 (git-fixes). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes). - USB: serial: iuu_phoenix: fix memory corruption (git-fixes). - USB: serial: option: add GosunCn GM500 series (git-fixes). - USB: serial: option: add Quectel EG95 LTE modem (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs (git-fixes). - usb: usbfs: correct kernel->user page attribute mismatch (git-fixes). - USB: usbfs: fix mmap dma mismatch (git-fixes). - usb/xhci-plat: Set PM runtime as active on resume (git-fixes). - vfio: avoid possible overflow in vfio_iommu_type1_pin_pages (git-fixes). - vfio: Ignore -ENODEV when getting MSI cookie (git-fixes). - vfio/mdev: Fix reference count leak in add_mdev_supported_type (git-fixes). - vfio/pci: fix memory leaks in alloc_perm_bits() (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129). - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (git-fixes). - video: fbdev: w100fb: Fix a potential double free (git-fixes). - video: vt8500lcdfb: fix fallthrough warning (bsc#1152489) - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - virtio_net: fix lockdep warning on 32 bit (networking-stable-20_05_16). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - virt: vbox: Fix guest capabilities mask check (git-fixes). - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vrf: Fix IPv6 with qdisc and xfrm (networking-stable-20_04_27). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vsprintf: do not obfuscate NULL and error pointers (bsc#1172086). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - vxlan: use the correct nlattr array in NL_SET_ERR_MSG_ATTR (networking-stable-20_04_27). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: imx_sc_wdt: Fix reboot on crash (git-fixes). - watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (git-fixes). - wil6210: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - wil6210: add wil_netif_rx() helper function (bsc#1154353). - wil6210: use after free in wil_netif_rx_any() (bsc#1154353). - wireguard: device: avoid circular netns references (git-fixes). - wireguard: noise: do not assign initiation time in if condition (git-fixes). - wireguard: noise: read preshared key while taking lock (bsc#1169021 jsc#SLE-12250). - wireguard: noise: separate receive counter from send counter (bsc#1169021 jsc#SLE-12250). - wireguard: queueing: preserve flow hash across packet scrubbing (bsc#1169021 jsc#SLE-12250). - wireguard: receive: account for napi_gro_receive never returning GRO_DROP (git-fixes). - wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning (git-fixes). - wireguard: selftests: use newer iproute2 for gcc-10 (bsc#1169021 jsc#SLE-12250). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (git-fixes). - workqueue: Remove the warning in wq_worker_sleeping() (git-fixes). - x86/amd_nb: Add AMD family 17h model 60h PCI IDs (git-fixes). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1152489). - x86: Fix early boot crash on gcc-10, third try (bsc#1152489). - x86/mm/cpa: Flush direct map alias during cpa (bsc#1152489). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (git-fixes). - x86/resctrl: Fix invalid attempt at removing the default resource group (bsc#1152489). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1152489). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes (block drivers)). - xfs: clean up the error handling in xfs_swap_extents (git-fixes). - xfs: do not commit sunit/swidth updates to disk if that would cause repair failures (bsc#1172169). - xfs: do not fail unwritten extent conversion on writeback due to edquot (bsc#1158242). - xfs: fix duplicate verification from xfs_qm_dqflush() (git-fixes). - xfs: force writes to delalloc regions to unwritten (bsc#1158242). - xfs: measure all contiguous previous extents for prealloc size (bsc#1158242). - xfs: preserve default grace interval during quotacheck (bsc#1172170). - xfs: refactor agfl length computation function (bsc#1172169). - xfs: split the sunit parameter update into two parts (bsc#1172169). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - xhci: Poll for U0 after disabling USB2 LPM (git-fixes). - xhci: Return if xHCI does not support LPM (git-fixes). - xprtrdma: Fix handling of RDMA_ERROR replies (git-fixes). - workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes). ----------------------------------------- Patch: SUSE-2020-2148 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Severity: important References: 1174673 Description: This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------- Patch: SUSE-2020-2160 Released: Thu Aug 6 20:05:42 2020 Summary: Security update for xen Severity: important References: 1172356,1174543 Description: This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached ----------------------------------------- Version 1.0.4-OpenStack-Build1.5 2020-08-11T07:51:45 ----------------------------------------- Patch: SUSE-2020-2182 Released: Mon Aug 10 11:39:48 2020 Summary: Recommended update for open-lldp Severity: moderate References: 1153520,1170745,1171284 Description: This update for open-lldp fixes the following issues: - Fix for a segementation fault, when agents change their MAC address (bsc#1171284) - lldapd will now transmit the permanent MAC address (the MAC address of the underlying physical device) as port id, thus allowing the switch or any management application to differentiate between those ports. (bsc#1153520) - Fix for a segmentation fault, when lldapd registers an interface and it gets shortly removed afterwards. (bsc#1170745) ----------------------------------------- Version 1.0.5-OpenStack-Build1.2 2020-08-13T07:51:48 ----------------------------------------- Patch: SUSE-2020-2219 Released: Wed Aug 12 15:47:42 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata Severity: moderate References: 1170475,1170476,1173238,1173240,1173357,1174618,1174847 Description: This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues: supportutils-plugin-suse-public-cloud: - Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618) - Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476) python3-azuremetadata: - Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240) - Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847) ----------------------------------------- Version 1.0.5-OpenStack-Build1.3 2020-08-14T07:51:46 ----------------------------------------- Patch: SUSE-2020-2224 Released: Thu Aug 13 09:15:47 2020 Summary: Recommended update for glibc Severity: moderate References: 1171878,1172085 Description: This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) ----------------------------------------- Version 1.0.5-OpenStack-Build1.4 2020-08-15T07:53:14 ----------------------------------------- Patch: SUSE-2020-2244 Released: Fri Aug 14 15:27:35 2020 Summary: Recommended update for grub2 Severity: important References: 1174782,1175036,1175060 Description: This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) ----------------------------------------- Version 1.0.5-OpenStack-Build1.5 2020-08-18T07:52:08 ----------------------------------------- Patch: SUSE-2020-2256 Released: Mon Aug 17 15:08:46 2020 Summary: Recommended update for sysfsutils Severity: moderate References: 1155305 Description: This update for sysfsutils fixes the following issue: - Fix cdev name comparison. (bsc#1155305) ----------------------------------------- Version 1.0.5-OpenStack-Build1.8 2020-08-20T07:52:54 ----------------------------------------- Patch: SUSE-2020-2277 Released: Wed Aug 19 13:24:03 2020 Summary: Security update for python3 Severity: moderate References: 1174091,CVE-2019-20907 Description: This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. ----------------------------------------- Patch: SUSE-2020-2278 Released: Wed Aug 19 21:26:08 2020 Summary: Recommended update for util-linux Severity: moderate References: 1149911,1151708,1168235,1168389 Description: This update for util-linux fixes the following issues: - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911) ----------------------------------------- Version 1.0.5-OpenStack-Build1.9 2020-08-25T07:55:09 ----------------------------------------- Patch: SUSE-2020-2296 Released: Mon Aug 24 10:34:37 2020 Summary: Security update for gettext-runtime Severity: moderate References: 1106843,1113719,941629,CVE-2018-18751 Description: This update for gettext-runtime fixes the following issues: - Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629) - Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719) - Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843) ----------------------------------------- Version 1.0.5-OpenStack-Build1.10 2020-08-26T07:55:04 ----------------------------------------- Patch: SUSE-2020-2306 Released: Tue Aug 25 14:48:17 2020 Summary: Security update for grub2 Severity: important References: 1172745,1174421,CVE-2020-15705 Description: This update for grub2 fixes the following issue: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). ----------------------------------------- Version 1.0.5-OpenStack-Build1.11 2020-08-27T07:55:01 ----------------------------------------- Patch: SUSE-2020-2335 Released: Wed Aug 26 11:47:28 2020 Summary: Recommended update for perl-Bootloader Severity: moderate References: 1174320 Description: This update for perl-Bootloader fixes the following issues: Update from version 0.928 to version 0.931 - The *grub2* module directory has been moved to */usr/share/grub2*, the *tpm.mod* is now checked there. (bsc#1174320) - Reduce the number of warning about fstab. - Do not warn about missing *SECURE_BOOT* sysconfig on systems with a minimalistic */etc/sysconfig/bootloader*. ----------------------------------------- Version 1.0.6-OpenStack-Build1.3 2020-08-29T07:53:20 ----------------------------------------- Patch: SUSE-2020-2380 Released: Fri Aug 28 14:54:08 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud Severity: moderate References: 1175250,1175251 Description: This update for supportutils-plugin-suse-public-cloud contains the following fix: - Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages ----------------------------------------- Patch: SUSE-2020-2384 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Severity: low References: 1170964 Description: This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------- Patch: SUSE-2020-2386 Released: Sat Aug 29 01:21:01 2020 Summary: Recommended update for samba Severity: moderate References: 1172810 Description: This update for samba fixes the following issues: - Add 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810) ----------------------------------------- Version 1.0.6-OpenStack-Build1.6 2020-09-01T07:55:45 ----------------------------------------- Patch: SUSE-2020-2396 Released: Mon Aug 31 17:27:13 2020 Summary: Recommended update for open-iscsi Severity: moderate References: Description: This update for open-iscsi fixes the following issues: Upgrade to upstream version 2.1.2 as 2.1.2-suse (jsc#SES-1081) - Use openssl for random data generation - Misspelled socket name might cause confusion to inexperienced user. - Let initiator name be created by iscsi-init.service. - iscsi: fix fd leak - Fix a compiler issue about string copy in iscsiuio - Fix a compiler issue about writing one byte - Fix issue with zero-length arrays at end of struct - Add *iscsi-init.service* Note that the '*iscsi-init.service*' adds a new systemd service called '*iscsi-init*', that creates the iSCSI initiator name file */etc/iscsi/initiatorname.iscsi*, if and only if it does not exist. - Proper disconnect of TCP connection - Fix SIGPIPE loop in signal handler - Update iscsi-iname.c - log:modify iSCSI shared memory permissions for logs - Sequence systemd services correctly when upgrading - Ignore iface.example in iface match checks - Fix type mismatch under musl. - Add Wants=remote-fs-pre.target for sequencing. - Fix issue where 'iscsi-iname -p' core dumps. - iscsi-iname: fix iscsi-iname -p access NULL pointer without given IQN prefix - Fix iscsi.service so it handles restarts better ----------------------------------------- Version 1.0.6-OpenStack-Build1.9 2020-09-02T07:54:24 ----------------------------------------- Patch: SUSE-2020-2411 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 Description: This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR → WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------- Patch: SUSE-2020-2420 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Severity: moderate References: 1174551,1174736 Description: This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------- Patch: SUSE-2020-2425 Released: Tue Sep 1 13:54:05 2020 Summary: Recommended update for nfs-utils Severity: moderate References: 1174260 Description: This update for nfs-utils fixes the following issues: - Fix a bug when concurrent 'gssd' requests arrive from kernel, causing hanging NFS mounts. (bsc#1174260) ----------------------------------------- Patch: SUSE-2020-2441 Released: Tue Sep 1 22:16:10 2020 Summary: Recommended update for avahi Severity: moderate References: 1154063 Description: This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). ----------------------------------------- Version 1.0.6-OpenStack-Build1.12 2020-09-03T07:54:19 ----------------------------------------- Patch: SUSE-2020-2445 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Severity: moderate References: 1175109,CVE-2020-8231 Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------- Patch: SUSE-2020-2451 Released: Wed Sep 2 12:30:38 2020 Summary: Recommended update for dracut Severity: important References: 1167494,996146 Description: This update for dracut fixes the following issues: Update from version 049.1+suse.152.g8506e86f to version 049.1+suse.156.g7d852636: - net-lib.sh: support infiniband network mac addresses (bsc#996146) - 95nfs: use ip_params_for_remote_addr() (bsc#1167494) - 95iscsi: use ip_params_for_remote_addr() (bsc#1167494) - dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494) ----------------------------------------- Patch: SUSE-2020-2457 Released: Wed Sep 2 15:29:51 2020 Summary: Recommended update for grub2 Severity: important References: 1174567,1175766 Description: This update for grub2 fixes the following issues: - The GRUB_VERIFY_FLAGS_DEFER_AUTH is enabled regardless secure boot status (bsc#1175766) A secure boot status check has been added before requesting other verifiers to verify external module, therefore external module loading can work after shim_lock module is loaded and secure boot turned off. - Make consistent check to enable relative path on btrfs (bsc#1174567) This fix unified the test in grub-install and grub-mkconfig. The path to default or selected btrfs subvolume/snapshot is used if the root file system is btrfs and the config has enabled btrfs snapshot booting. ----------------------------------------- Patch: SUSE-2020-2458 Released: Wed Sep 2 15:44:30 2020 Summary: Recommended update for iputils Severity: moderate References: 927831 Description: This update for iputils fixes the following issue: - ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831) ----------------------------------------- Version 1.0.6-OpenStack-Build1.14 2020-09-04T07:54:17 ----------------------------------------- Patch: SUSE-2020-2486 Released: Thu Sep 3 20:15:36 2020 Summary: Security update for the Linux Kernel Severity: important References: 1065600,1065729,1071995,1085030,1120163,1133021,1149032,1152472,1152489,1153274,1154353,1154488,1154492,1155518,1156395,1159058,1160634,1167773,1169790,1171634,1171688,1172108,1172197,1172247,1172418,1172871,1172963,1173468,1173485,1173798,1173813,1173954,1174002,1174003,1174026,1174205,1174247,1174362,1174387,1174484,1174625,1174645,1174689,1174699,1174737,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175493,1175546,1175550,1175654,1175691,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175834,1175873,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-16166 Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in ext4 (bsc#1173798). - CVE-2020-14331: Fixed a missing check in scrollback handling (bsc#1174205 bsc#1174247). - CVE-2020-14356: Fixed a NULL pointer dereference in the cgroupv2 subsystem (bsc#1175213). - CVE-2020-16166: Fixed an information leak in the network RNG (bsc#1174757). The following non-security bugs were fixed: - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: atmel: Remove invalid 'fall through' comments (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (git-fixes). - ALSA: echoaduio: Drop superfluous volatile modifier (git-fixes). - ALSA: echoaudio: Address bugs in the interrupt handling (git-fixes). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (git-fixes). - ALSA: echoaudio: Prevent races in calls to set_audio_format() (git-fixes). - ALSA: echoaudio: Prevent some noise on unloading the module (git-fixes). - ALSA: echoaudio: Race conditions around 'opencount' (git-fixes). - ALSA: echoaudio: re-enable IRQs on failure path (git-fixes). - ALSA: echoaudio: Remove redundant check (git-fixes). - ALSA: firewire: fix kernel-doc (git-fixes). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (git-fixes). - ALSA: hda - reverse the setting value in the micmute_led_set (git-fixes). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (git-fixes). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (git-fixes). - ALSA: hda/hdmi: Add quirk to force connectivity (git-fixes). - ALSA: hda/hdmi: Fix keep_power assignment for non-component devices (git-fixes). - ALSA: hda/hdmi: Use force connectivity quirk on another HP desktop (git-fixes). - ALSA: hda/realtek - Fix unused variable warning (git-fixes). - ALSA: hda/realtek - Fixed HP right speaker no sound (git-fixes). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (git-fixes). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (git-fixes). - ALSA: hda/realtek: Fix add a 'ultra_low_power' function for intel reference board (alc256) (git-fixes). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (git-fixes). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (git-fixes). - ALSA: hda/tegra: Disable sync-write operation (git-fixes). - ALSA: hda: Add support for Loongson 7A1000 controller (git-fixes). - ALSA: hda: avoid reset of sdo_limit (git-fixes). - ALSA: hda: Enable sync-write operation as default for all controllers (git-fixes). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (git-fixes). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: isa/gus: remove 'set but not used' warning (git-fixes). - ALSA: isa/gus: remove -Wmissing-prototypes warnings (git-fixes). - ALSA: isa: fix spelling mistakes in the comments (git-fixes). - ALSA: line6: add hw monitor volume control for POD HD500 (git-fixes). - ALSA: line6: Use kmemdup in podhd_set_monitor_level() (git-fixes). - ALSA: pci/asihpi: fix kernel-doc (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warning (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warnings (git-fixes). - ALSA: pci/au88x0: remove 'defined but not used' warnings (git-fixes). - ALSA: pci/aw2-saa7146: remove 'set but not used' warning (git-fixes). - ALSA: pci/ctxfi/ctatc: fix kernel-doc (git-fixes). - ALSA: pci/ctxfi: fix kernel-doc warnings (git-fixes). - ALSA: pci/echoaudio: remove 'set but not used' warning (git-fixes). - ALSA: pci/emu10k1: remove 'set but not used' warning (git-fixes). - ALSA: pci/es1938: remove 'set but not used' warning (git-fixes). - ALSA: pci/fm801: fix kernel-doc (git-fixes). - ALSA: pci/korg1212: remove 'set but not used' warnings (git-fixes). - ALSA: pci/oxygen/xonar_wm87x6: remove always true condition (git-fixes). - ALSA: pci/rme9652/hdspm: remove always true condition (git-fixes). - ALSA: pci/via82xx: remove 'set but not used' warnings (git-fixes). - ALSA: pcmcia/pdaudiocf: fix kernel-doc (git-fixes). - ALSA: seq: oss: Serialize ioctls (git-fixes). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2 (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (git-fixes). - ALSA: usb-audio: add startech usb audio dock name (git-fixes). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (git-fixes). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (git-fixes). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (git-fixes). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (git-fixes). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: Fix some typos (git-fixes). - ALSA: usb-audio: fix spelling mistake 'buss' -> 'bus' (git-fixes). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb/line6: remove 'defined but not used' warning (git-fixes). - ALSA: vx_core: remove warning for empty loop body (git-fixes). - ALSA: xen: remove 'set but not used' warning (git-fixes). - ALSA: xen: Remove superfluous fall through comments (git-fixes). - appletalk: Fix atalk_proc_init() return path (git-fixes). - arm/arm64: Make use of the SMCCC 1.1 wrapper (bsc#1174906). - arm/arm64: Provide a wrapper for SMCCC 1.1 calls (bsc#1174906). - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (bsc#1175180). - arm64: cacheflush: Fix KGDB trap detection (bsc#1175188). - arm64: csum: Fix handling of bad packets (bsc#1175192). - arm64: dts: allwinner: a64: Remove unused SPDIF sound card (none bsc#1175016). - arm64: dts: clearfog-gt-8k: set gigabit PHY reset deassert delay (bsc#1175347). - arm64: dts: exynos: Fix silent hang after boot on Espresso (bsc#1175346). - arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range (none bsc#1175019). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bsc#1175345). - arm64: dts: librem5-devkit: add a vbus supply to usb0 (none bsc#1175013). - arm64: dts: ls1028a: delete extraneous #interrupt-cells for ENETC RCIE (none bsc#1175012). - arm64: dts: qcom: msm8998-clamshell: Fix label on l15 regulator (git-fixes). - arm64: dts: rockchip: fix rk3399-puma gmac reset gpio (none bsc#1175021). - arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio (none bsc#1175020). - arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy (none bsc#1175015). - arm64: dts: rockchip: Replace RK805 PMIC node name with 'pmic' on rk3328 boards (none bsc#1175014). - arm64: dts: uDPU: fix broken ethernet (bsc#1175344). - arm64: dts: uniphier: Set SCSSI clock and reset IDs for each channel (none bsc#1175011). - arm64: errata: use arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: Fix PTRACE_SYSEMU semantics (bsc#1175185). - arm64: fix the flush_icache_range arguments in machine_kexec (bsc#1175184). - arm64: hugetlb: avoid potential NULL dereference (bsc#1175183). - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (bsc#1175189). - arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1175186). - arm64: kexec_file: print appropriate variable (bsc#1175187). - arm64: kgdb: Fix single-step exception handling oops (bsc#1175191). - arm64: Retrieve stolen time as paravirtualized guest (bsc#1172197 jsc#SLE-13593). - arm64: tegra: Enable I2C controller for EEPROM (none bsc#1175010). - arm64: tegra: Fix ethernet phy-mode for Jetson Xavier (none bsc#1175017). - arm64: tegra: Fix flag for 64-bit resources in 'ranges' property (none bsc#1175018). - arm64: tegra: Fix Tegra194 PCIe compatible string (none bsc#1175009). - arm64: vdso: Add -fasynchronous-unwind-tables to cflags (bsc#1175182). - arm64: vdso: do not free unallocated pages (bsc#1175181). - arm: percpu.h: fix build error (git-fixes). - arm: spectre-v2: use arm_smccc_1_1_get_conduit() (bsc#1174906). - ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK (git-fixes). - ASoC: hdac_hda: fix deadlock after PCM open error (git-fixes). - ASoC: Intel: bxt_rt298: add missing .owner field (git-fixes). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: meson: axg-tdm-interface: fix link fmt setup (git-fixes). - ASoC: meson: axg-tdmin: fix g12a skew (git-fixes). - ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback (git-fixes). - ASoC: msm8916-wcd-analog: fix register Interrupt offset (git-fixes). - ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM (git-fixes). - ASoC: q6routing: add dummy register read/write function (git-fixes). - ASoC: SOF: nocodec: add missing .owner field (git-fixes). - ASoC: wm8994: Avoid attempts to read unreadable registers (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - ath10k: enable transmit data ack RSSI for QCA9884 (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix regression with Atheros 9271 (git-fixes). - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bdc: Fix bug causing crash after multiple disconnects (git-fixes). - bfq: fix blkio cgroup leakage v4 (bsc#1175775). - block: Fix the type of 'sts' in bsg_queue_rq() (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btmtksdio: fix up firmware download sequence (git-fixes). - Bluetooth: btusb: fix up firmware download sequence (git-fixes). - Bluetooth: fix kernel oops in store_pending_adv_report (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (git-fixes). - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes). - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags (git-fixes). - Bluetooth: hci_serdev: Only unregister device if it was registered (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (networking-stable-20_07_17). - bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bpf: Fix map leak in HASH_OF_MAPS map (bsc#1155518). - bpf: net: Avoid copying sk_user_data of reuseport_array during sk_clone (bsc#1155518). - bpf: net: Avoid incorrect bpf_sk_reuseport_detach call (bsc#1155518). - bpfilter: fix up a sparse annotation (bsc#1155518). - bpfilter: Initialize pos variable (bsc#1155518). - bpfilter: reject kernel addresses (bsc#1155518). - bpfilter: switch to kernel_write (bsc#1155518). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (git-fixes). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (git-fixes). - brcmfmac: Set timeout value when configuring power save (bsc#1173468). - brcmfmac: To fix Bss Info flag definition Bug (git-fixes). - btmrvl: Fix firmware filename for sd8977 chipset (git-fixes). - btmrvl: Fix firmware filename for sd8997 chipset (git-fixes). - btrfs: add helper to get the end offset of a file extent item (bsc#1175546). - btrfs: avoid unnecessary splits when setting bits on an extent io tree (bsc#1175377). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: delete the ordered isize update code (bsc#1175377). - btrfs: do not set path->leave_spinning for truncate (bsc#1175377). - btrfs: factor out inode items copy loop from btrfs_log_inode() (bsc#1175546). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof (bsc#1175377). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix lost i_size update after cloning inline extent (bsc#1175377). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1175546). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix race between shrinking truncate and fiemap (bsc#1175377). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: introduce per-inode file extent tree (bsc#1175377). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: make full fsyncs always operate on the entire file again (bsc#1175546). - btrfs: make ranged full fsyncs more efficient (bsc#1175546). - btrfs: move extent_io_tree defs to their own header (bsc#1175377). - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range (bsc#1175263). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Remove delalloc_end argument from extent_clear_unlock_delalloc (bsc#1175149). - btrfs: Remove leftover of in-band dedupe (bsc#1175149). - btrfs: remove unnecessary delalloc mutex for inodes (bsc#1175377). - btrfs: remove useless check for copy_items() return value (bsc#1175546). - btrfs: Rename btrfs_join_transaction_nolock (bsc#1175377). - btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1175377). - btrfs: separate out the extent io init function (bsc#1175377). - btrfs: separate out the extent leak code (bsc#1175377). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - btrfs: trim: fix underflow in trim length to prevent access beyond device boundary (bsc#1175263). - btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1175377). - btrfs: use the file extent tree infrastructure (bsc#1175377). - cfg80211: check vendor command doit pointer before use (git-fixes). - clk: actions: Fix h_clk for Actions S500 SoC (git-fixes). - clk: at91: clk-generated: check best_rate against ranges (git-fixes). - clk: at91: clk-generated: continue if __clk_determine_rate() returns error (git-fixes). - clk: at91: sam9x60-pll: check fcore against ranges (git-fixes). - clk: at91: sam9x60-pll: use logical or for range check (git-fixes). - clk: at91: sam9x60: fix main rc oscillator frequency (git-fixes). - clk: at91: sckc: register slow_rc with accuracy option (git-fixes). - clk: bcm2835: Do not use prediv with bcm2711's PLLs (bsc#1174865). - clk: bcm63xx-gate: fix last clock availability (git-fixes). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (git-fixes). - clk: iproc: round clock rate to the closest (git-fixes). - clk: qcom: gcc-sdm660: Add missing modem reset (git-fixes). - clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk (git-fixes). - clk: rockchip: Revert 'fix wrong mmc sample phase shift for rk3328' (git-fixes). - clk: scmi: Fix min and max rate when registering clocks with discrete rates (git-fixes). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - cpumap: Use non-locked version __ptr_ring_consume_batched (git-fixes). - crc-t10dif: Fix potential crypto notify dead-lock (git-fixes). - crypto: aesni - add compatibility with IAS (git-fixes). - crypto: aesni - Fix build with LLVM_IAS=1 (git-fixes). - crypto: caam - Fix argument type in handle_imx6_err005766 (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: ccree - fix resource leak on error path (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: hisilicon - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - devlink: ignore -EOPNOTSUPP errors on dumpit (bsc#1154353). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (git-fixes). - dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu (git-fixes). - dmaengine: ioat setting ioat timeout as module parameter (git-fixes). - dmaengine: tegra210-adma: Fix runtime PM imbalance on error (git-fixes). - docs: fix memory.low description in cgroup-v2.rst (git-fixes). (SLE documentation might refer to cgroup-v2.rst.) - drbd: Remove uninitialized_var() usage (git-fixes). - driver core: Avoid binding drivers to dead devices (git-fixes). - drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() (git-fixes). - drivers/net/wan: lapb: Corrected the usage of skb_cow (git-fixes). - drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - drm/amd/display: Fix EDID parsing after resume from suspend (git-fixes). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472) - drm/amd/powerplay: fix a crash when overclocking Vega M (git-fixes). - drm/amd/powerplay: fix compile error with ARCH=arc (git-fixes). - drm/amdgpu/display bail early in dm_pp_get_static_clocks (git-fixes). - drm/amdgpu/display: use blanked rather than plane state for sync (bsc#1152489) * refreshed for context changes * protect code with CONFIG_DRM_AMD_DC_DCN2_0 - drm/amdgpu/gfx10: fix race condition for kiq (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (git-fixes). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (git-fixes). - drm/amdgpu: fix preemption unit test (git-fixes). - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1152472) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers (git-fixes). - drm/bridge: ti-sn65dsi86: Do not use kernel-doc comment for local array (git-fixes). - drm/bridge: ti-sn65dsi86: Fix off-by-one error in clock choice (bsc#1152489) * refreshed for context changes - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1152472) * move drm_mipi_dbi.c -> tinydrm/mipi-dbi.c - drm/debugfs: fix plain echo to connector 'force' attribute (git-fixes). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (git-fixes). - drm/gem: Fix a leak in drm_gem_objects_lookup() (git-fixes). - drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489) * context changes - drm/i915/gt: Close race between engine_park and intel_gt_retire_requests (git-fixes). - drm/i915/gt: Flush submission tasklet before waiting/retiring (bsc#1174737). - drm/i915/gt: Move new timelines to the end of active_list (git-fixes). - drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489) * context changes - drm/i915/gt: Unlock engine-pm after queuing the kernel context switch (git-fixes). - drm/i915: Actually emit the await_start (bsc#1174737). - drm/i915: Copy across scheduler behaviour flags across submit fences (bsc#1174737). - drm/i915: Do not poison i915_request.link on removal (bsc#1174737). - drm/i915: Drop no-semaphore boosting (bsc#1174737). - drm/i915: Eliminate the trylock for awaiting an earlier request (bsc#1174737). - drm/i915: Flush execution tasklets before checking request status (bsc#1174737). - drm/i915: Flush tasklet submission before sleeping on i915_request_wait (bsc#1174737). - drm/i915: Ignore submit-fences on the same timeline (bsc#1174737). - drm/i915: Improve the start alignment of bonded pairs (bsc#1174737). - drm/i915: Keep track of request among the scheduling lists (bsc#1174737). - drm/i915: Lock signaler timeline while navigating (bsc#1174737). - drm/i915: Mark i915_request.timeline as a volatile, rcu pointer (bsc#1174737). - drm/i915: Mark racy read of intel_engine_cs.saturated (bsc#1174737). - drm/i915: Mark up unlocked update of i915_request.hwsp_seqno (bsc#1174737). - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#1152489) * context changes - drm/i915: Peel dma-fence-chains for await (bsc#1174737). - drm/i915: Prevent using semaphores to chain up to external fences (bsc#1174737). - drm/i915: Protect i915_request_await_start from early waits (bsc#1174737). - drm/i915: Pull waiting on an external dma-fence into its routine (bsc#1174737). - drm/i915: Rely on direct submission to the queue (bsc#1174737). - drm/i915: Remove wait priority boosting (bsc#1174737). - drm/i915: Reorder await_execution before await_request (bsc#1174737). - drm/i915: Return early for await_start on same timeline (bsc#1174737). - drm/i915: Use EAGAIN for trylock failures (bsc#1174737). - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/ingenic: Fix incorrect assumption about plane->index (bsc#1152489) * refreshed for context changes - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm: ratelimit crtc event overflow error (git-fixes). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (git-fixes). - drm/nouveau/kms/nv50-: Fix disabling dithering (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (git-fixes). - drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (git-fixes). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm/radeon: disable AGP by default (git-fixes). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (git-fixes). - drm/stm: repair runtime power management (git-fixes). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (git-fixes). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (git-fixes bsc#1175232). - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1152489) * refreshed for context changes - drm/vmwgfx: Fix two list_for_each loop exit tests (git-fixes). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (git-fixes). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (git-fixes). - drm: hold gem reference until object is no longer accessed (git-fixes). - drm: msm: a6xx: fix gpu failure after system resume (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm: sun4i: hdmi: Fix inverted HPD result (git-fixes). - dyndbg: fix a BUG_ON in ddebug_describe_flags (git-fixes). - enetc: Fix tx rings bitmap iteration range, irq handling (networking-stable-20_06_28). - ext2: fix missing percpu_counter_inc (bsc#1175774). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: do not BUG on inconsistent journal feature (bsc#1171634). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fbdev: Detect integer underflow at 'struct fbcon_ops'->clear_margins (git-fixes). - firmware/psci: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: arm_scmi: Fix SCMI genpd domain probing (git-fixes). - firmware: arm_scmi: Keep the discrete clock rates sorted (git-fixes). - firmware: arm_sdei: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: Fix a reference count leak (git-fixes). - firmware: smccc: Add ARCH_SOC_ID support (bsc#1174906). - firmware: smccc: Add function to fetch SMCCC version (bsc#1174906). - firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (bsc#1174906). - firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (bsc#1174906). - firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (bsc#1174906). - firmware: smccc: Refactor SMCCC specific bits into separate file (bsc#1174906). - firmware: smccc: Update link to latest SMCCC specification (bsc#1174906). - firmware_loader: fix memory leak for paged buffer (bsc#1175367). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175176). - fuse: fix weird page warning (bsc#1175175). - genetlink: remove genl_bind (networking-stable-20_07_17). - geneve: fix an uninitialized value in geneve_changelink() (git-fixes). - genirq/affinity: Improve __irq_build_affinity_masks() (bsc#1174897 ltc#187090). - genirq/affinity: Remove const qualifier from node_to_cpumask argument (bsc#1174897 ltc#187090). - genirq/affinity: Spread vectors on node according to nr_cpu ratio (bsc#1174897 ltc#187090). - gfs2: Another gfs2_find_jhead fix (bsc#1174824). - gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0 (bsc#1174825). - go7007: add sanity checking for endpoints (git-fixes). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: arizona: put pm_runtime in case of failure (git-fixes). - gpio: max77620: Fix missing release of interrupt (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (git-fixes). - habanalabs: increase timeout during reset (git-fixes). - HID: alps: support devices with report id 2 (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override (git-fixes). - HID: input: Fix devices that return multiple bytes in battery report (git-fixes). - HID: steam: fixes race in handling device list (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - hwmon: (adm1275) Make sure we are reading enough data for different chips (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D (git-fixes). - hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() (git-fixes). - i2c: also convert placeholder function to return errno (git-fixes). - i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes). - i2c: i801: Add support for Intel Comet Lake PCH-V (jsc#SLE-13411). - i2c: i801: Add support for Intel Emmitsburg PCH (jsc#SLE-13411). - i2c: i801: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - i2c: iproc: fix race between client unreg and isr (git-fixes). - i2c: rcar: always clear ICSAR to avoid side effects (git-fixes). - i2c: rcar: avoid race when unregistering slave (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (git-fixes). - i2c: slave: add sanity check when unregistering (git-fixes). - i2c: slave: improve sanity check when registering (git-fixes). - i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes). - i40iw: fix null pointer dereference on a null wqe pointer (git-fixes). - i40iw: Report correct firmware version (git-fixes). - IB/cma: Fix ports memory leak in cma_configfs (git-fixes). - IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes). - IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes). - IB/hfi1: Ensure pq is not left on waitlist (git-fixes). - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (git-fixes). - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (git-fixes). - IB/mad: Fix use after free when destroying MAD agent (git-fixes). - IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes). - IB/mlx5: Fix 50G per lane indication (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (git-fixes). - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads (git-fixes). - IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes). - IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes). - IB/rdmavt: Delete unused routine (git-fixes). - IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (bsc#1174770). - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ice: Clear and free XLT entries on reset (jsc#SLE-7926). - ice: Graceful error handling in HW table calloc failure (jsc#SLE-7926). - ide: Remove uninitialized_var() usage (git-fixes). - ieee802154: fix one possible memleak in adf7242_probe (git-fixes). - igc: Fix PTP initialization (bsc#1160634). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - Input: elan_i2c - only increment wakeup count on touch (git-fixes). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ionic: fix up filter locks and debug msgs (bsc#1167773). - ionic: keep rss hash after fw update (bsc#1167773). - ionic: unlock queue mutex in error path (bsc#1167773). - ionic: update filter id after replay (bsc#1167773). - ionic: use mutex to protect queue operations (bsc#1167773). - ionic: use offset for ethtool regs data (bsc#1167773). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv6: fib6_select_path can not use out path for nexthop objects (networking-stable-20_07_17). - ipv6: Fix use of anycast address with loopback (networking-stable-20_07_17). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1175195). - iwlegacy: Check the return value of pcie_capability_read_*() (git-fixes). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI workaround for enum cpuhp_state (git-fixes). - kABI workaround for struct kvm_device (git-fixes). Just change an variable to 'const' type in kvm_device. - kABI workaround for struct kvm_vcpu_arch (git-fixes). Add a struct variable to the end of kvm_vcpu_arch and kvm_vcpu_arch is embedded into kvm_vcpu at the end. It is usually used by pointer and allocated dynamically, so this change should be fine even for external kvm module. - kABI/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols. - kABI/severities: ignore qla2xxx as all symbols are internal - kABI: genetlink: remove genl_bind (kabi). - kABI: restore signature of xfrm_policy_bysel_ctx() and xfrm_policy_byid() (bsc#1174645). - kernel.h: remove duplicate include of asm/div64.h (git-fixes). - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - kobject: Avoid premature parent object freeing in kobject_cleanup() (git-fixes). - KVM: Allow kvm_device_ops to be const (bsc#1172197 jsc#SLE-13593). - KVM: arm/arm64: Correct AArch32 SPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Correct CPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Factor out hypercall handling from PSCI code (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Annotate hyp NMI-related functions as __always_inline (bsc#1175190). - KVM: arm64: Correct PSTATE on exception entry (bsc#1133021). - KVM: arm64: Document PV-time interface (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Fix 32bit PC wrap-around (bsc#1133021). - KVM: arm64: Implement PV_TIME_FEATURES call (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts (bsc#1133021). - KVM: arm64: Provide VCPU attributes for stolen time (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Select TASK_DELAY_ACCT+TASKSTATS rather than SCHEDSTATS (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR (bsc#1133021). - KVM: arm64: Support stolen time reporting via shared structure (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Use the correct timer structure to access the physical counter (bsc#1133021). - KVM: arm: vgic: Fix limit condition when writing to GICD_IACTIVER (bsc#1133021). - KVM: Implement kvm_put_guest() (bsc#1172197 jsc#SLE-13593). - KVM: Play nice with read-only memslots when querying host page size (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - KVM: Reinstall old memslots if arch preparation fails (bsc#1133021). - KVM: s390: Remove false WARN_ON_ONCE for the PQAP instruction (bsc#1133021). - KVM: x86: Fix APIC page invalidation race (bsc#1133021). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: gpio: Fix semantic error (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: lm36274: fix use-after-free on unbind (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - libbpf: Wrap source argument of BPF_CORE_READ macro in parentheses (bsc#1155518). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - locktorture: Print ratio of acquisitions, not failures (bsc#1149032). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: fix misplaced while instead of if (git-fixes). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - Mark the SLE15-SP2 kernel properly released. There perhaps was a typo, when SUSE_KERNEL_RELEASED missed the trailing 'D' - this leads to our kernels being marked as 'Unreleased kernel'. SUSE_KERNEL_RELEASED is defined in rpm/kernel-binary.spec.in. To fix that, it should be enough to switch from SUSE_KERNEL_RELEASE to SUSE_KERNEL_RELEASED. - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: camss: fix memory leaks on error handling paths in probe (git-fixes). - media: cxusb-analog: fix V4L2 dependency (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: marvell-ccic: Add missed v4l2_async_notifier_cleanup() (git-fixes). - media: media-request: Fix crash if memory allocation fails (git-fixes). - media: nuvoton-cir: remove setting tx carrier functions (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic (git-fixes). - media: rockchip: rga: Only set output CSC mode for RGB input (git-fixes). - media: sur40: Remove uninitialized_var() usage (git-fixes). - media: vpss: clean up resources in init (git-fixes). - media: vsp1: dl: Fix NULL pointer dereference on unbind (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs (jsc#SLE-13411). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#1154488). - mlxsw: pci: Fix use-after-free in case of failed devlink reload (networking-stable-20_07_17). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (networking-stable-20_07_17). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm: Fix protection usage propagation (bsc#1174002). - mmc: sdhci-cadence: do not use hardware tuning for SD mode (git-fixes). - mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1 (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - mtd: rawnand: fsl_upm: Remove unused mtd var (git-fixes). - mtd: rawnand: qcom: avoid write to unavailable register (git-fixes). - mvpp2: ethtool rxtx stats fix (networking-stable-20_06_28). - mwifiex: Fix firmware filename for sd8977 chipset (git-fixes). - mwifiex: Fix firmware filename for sd8997 chipset (git-fixes). - mwifiex: Prevent memory corruption handling keys (git-fixes). - ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - net, sk_msg: Clear sk_user_data pointer on clone if tagged (bsc#1155518). - net, sk_msg: Do not use RCU_INIT_POINTER on sk_user_data (bsc#1155518). - net/bpfilter: Initialize pos in __bpfilter_process_sockopt (bsc#1155518). - net/bpfilter: split __bpfilter_process_sockopt (bsc#1155518). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net/mlx5: DR, Change push vlan action sequence (jsc#SLE-8464). - net/mlx5: E-switch, Destroy TSAR when fail to enable the mode (jsc#SLE-8464). - net/mlx5: Fix eeprom support for SFP module (networking-stable-20_07_17). - net/mlx5e: Fix 50G per lane indication (networking-stable-20_07_17). - net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (jsc#SLE-8464). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (networking-stable-20_07_17). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: microchip: set the correct number of ports (networking-stable-20_07_17). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid memory access violation by validating req_id properly (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1154492). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: fix continuous keep-alive resets (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: Make missed_tx stat incremental (git-fixes). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: Prevent reset after device destruction (git-fixes). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: hns3: fix error handling for desc filling (git-fixes). - net: hns3: fix for not calculating TX BD send size correctly (git-fixes). - net: hns3: fix return value error when query MAC link status fail (git-fixes). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: lan78xx: replace bogus endpoint lookup (git-fixes). - net: mvneta: fix use of state->speed (networking-stable-20_07_17). - net: phy: Check harder for errors in get_phy_id() (git-fixes). - net: phy: fix memory leak in device-create error path (git-fixes). - net: qrtr: Fix an out of bounds read qrtr_endpoint_post() (networking-stable-20_07_17). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - net_sched: fix a memory leak in atm_tc_init() (networking-stable-20_07_17). - netdevsim: fix unbalaced locking in nsim_create() (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - ntb: Fix static check warning in perf_clear_test (git-fixes). - ntb: Fix the default port and peer numbers for legacy drivers (git-fixes). - ntb: hw: remove the code that sets the DMA mask (git-fixes). - ntb: ntb_pingpong: Choose doorbells based on port number (git-fixes). - ntb: ntb_test: Fix bug when counting remote files (git-fixes). - ntb: ntb_tool: reading the link file should not end in a NULL byte (git-fixes). - ntb: perf: Do not require one more memory window than number of peers (git-fixes). - ntb: perf: Fix race condition when run with ntb_test (git-fixes). - ntb: perf: Fix support for hardware that does not have port numbers (git-fixes). - ntb: Revert the change to use the NTB device dev for DMA allocations (git-fixes). - ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes). - ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108). - nvme-multipath: set bdi capabilities once (bsc#1159058). - nvme-pci: Re-order nvme_pci_free_ctrl (bsc#1159058). - nvme-rdma: Add warning on state change failure at (bsc#1159058). - nvme-tcp: Add warning on state change failure at (bsc#1159058). - nvme-tcp: fix possible crash in write_zeroes processing (bsc#1159058). - nvme: add a Identify Namespace Identification Descriptor list quirk (git-fixes). - nvme: always search for namespace head (bsc#1159058). - nvme: avoid an Identify Controller command for each namespace (bsc#1159058). - nvme: check namespace head shared property (bsc#1159058). - nvme: clean up nvme_scan_work (bsc#1159058). - nvme: cleanup namespace identifier reporting in (bsc#1159058). - nvme: consolidate chunk_sectors settings (bsc#1159058). - nvme: consolodate io settings (bsc#1159058). - nvme: expose hostid via sysfs for fabrics controllers (bsc#1159058). - nvme: expose hostnqn via sysfs for fabrics controllers (bsc#1159058). - nvme: factor out a nvme_ns_remove_by_nsid helper (bsc#1159058). - nvme: fix a crash in nvme_mpath_add_disk (git-fixes, bsc#1159058). - nvme: Fix controller creation races with teardown flow (bsc#1159058). - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1159058). - nvme: fix identify error status silent ignore (git-fixes, bsc#1159058). - nvme: fix possible hang when ns scanning fails during error (bsc#1159058). - nvme: kABI fixes for nvme_ctrl (bsc#1159058). - nvme: Make nvme_uninit_ctrl symmetric to nvme_init_ctrl (bsc#1159058). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - nvme: prevent double free in nvme_alloc_ns() error handling (bsc#1159058). - nvme: provide num dword helper (bsc#1159058). - nvme: refactor nvme_identify_ns_descs error handling (bsc#1159058). - nvme: refine the Qemu Identify CNS quirk (bsc#1159058). - nvme: release ida resources (bsc#1159058). - nvme: release namespace head reference on error (bsc#1159058). - nvme: remove the magic 1024 constant in nvme_scan_ns_list (bsc#1159058). - nvme: remove unused parameter (bsc#1159058). - nvme: Remove unused return code from nvme_delete_ctrl_sync (bsc#1159058). - nvme: rename __nvme_find_ns_head to nvme_find_ns_head (bsc#1159058). - nvme: revalidate after verifying identifiers (bsc#1159058). - nvme: revalidate namespace stream parameters (bsc#1159058). - nvme: unlink head after removing last namespace (bsc#1159058). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (git-fixes). - openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (networking-stable-20_06_28). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register (git-fixes). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix runtime PM imbalance on error (git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - PCI: tegra: Revert tegra124 raw_violation_fixup (git-fixes). - phy: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes). - phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY (git-fixes). - phy: renesas: rcar-gen3-usb2: move irq registration to init (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - platform/chrome: cros_ec_ishtp: Fix a double-unlock issue (git-fixes). - platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15 (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: ISST: Add new PCI device ids (git-fixes). - PM: wakeup: Show statistics for deleted wakeup sources again (git-fixes). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/fadump: Fix build error with CONFIG_PRESERVE_FA_DUMP=y (bsc#1156395). - powerpc/iommu: Allow bypass-only for DMA (bsc#1156395). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/papr_scm: Add support for fetching nvdimm 'fuel-gauge' metric (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm health information from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm performance stats from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Mark papr_scm_ndctl() as static (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc: Document details on H_SCM_HEALTH hcall (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (git-fixes). - qed: suppress false-positives interrupt error messages on HW init (git-fixes). - r8169: fix jumbo configuration for RTL8168evl (bsc#1175296). - r8169: fix jumbo packet handling on resume from suspend (bsc#1175296). - r8169: fix resume on cable plug-in (bsc#1175296). - r8169: fix rtl_hw_jumbo_disable for RTL8168evl (bsc#1175296). - r8169: move disabling interrupt coalescing to RTL8169/RTL8168 init (bsc#1175296). - r8169: read common register for PCI commit (bsc#1175296). - random32: move the pseudo-random 32-bit definitions to prandom.h (git-fixes). - random32: remove net_rand_state from the latent entropy gcc plugin (git-fixes). - random: fix circular include dependency on arm64 after addition of percpu.h (git-fixes). - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (git-fixes). - RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes). - RDMA/cm: Fix checking for allowed duplicate listens (git-fixes). - RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id() (git-fixes). - RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes). - RDMA/cm: Remove a race freeing timewait_info (git-fixes). - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes). - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (git-fixes). - RDMA/core: Fix double destruction of uobject (git-fixes). - RDMA/core: Fix double put of resource (git-fixes). - RDMA/core: Fix missing error check on dev_set_name() (git-fixes). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes). - RDMA/core: Fix race between destroy and release FD object (git-fixes). - RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes). - RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes). - RDMA/counter: Query a counter before release (git-fixes). - RDMA/efa: Set maximum pkeys device attribute (git-fixes). - RDMA/hns: Bugfix for querying qkey (git-fixes). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes). - RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes). - RDMA/iwcm: Fix iwcm work deallocation (git-fixes). - RDMA/mad: Do not crash if the rdma device does not have a umad interface (git-fixes). - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (git-fixes). - RDMA/mlx4: Initialize ib_spec on the stack (git-fixes). - RDMA/mlx5: Add init2init as a modify command (git-fixes). - RDMA/mlx5: Add missing srcu_read_lock in ODP implicit flow (jsc#SLE-8446). - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (git-fixes). - RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails (jsc#SLE-8446). - RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes). - RDMA/mlx5: Fix typo in enum name (git-fixes). - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes). - RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446). - RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes). - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes). - RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (git-fixes). - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (git-fixes). - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes). - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes). - RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes). - RDMA/rxe: Set default vendor ID (git-fixes). - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes). - RDMA/siw: Fix failure handling during device creation (git-fixes). - RDMA/siw: Fix passive connection establishment (git-fixes). - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes). - RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr() (git-fixes). - RDMA/siw: Fix reporting vendor_part_id (git-fixes). - RDMA/siw: Fix setting active_mtu attribute (git-fixes). - RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes). - RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes). - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - remoteproc: qcom: q6v5: Update running state before requesting stop (git-fixes). - remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load (git-fixes). - remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load (git-fixes). - Revert 'ALSA: hda: call runtime_allow() for all hda controllers' (git-fixes). - Revert 'drm/amd/display: Expose connector VRR range via debugfs' (bsc#1152489) * refreshed for context changes - Revert 'drm/amdgpu: Fix NULL dereference in dpm sysfs handlers' (git-fixes). - Revert 'i2c: cadence: Fix the hold bit setting' (git-fixes). - Revert 'RDMA/cma: Simplify rdma_resolve_addr() error flow' (git-fixes). - Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (bsc#1171688 bsc#1174003). - Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (bsc#1171688 bsc#1174003). - rhashtable: Document the right function parameters (bsc#1174880). - rhashtable: drop duplicated word in (bsc#1174880). - rhashtable: Drop raw RCU deref in nested_table_free (bsc#1174880). - rhashtable: Fix unprotected RCU dereference in __rht_ptr (bsc#1174880). - rhashtable: Restore RCU marking on rhash_lock_head (bsc#1174880). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (git-fixes). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/modules.fips: * add ecdh_generic (boo#1173813) - rtc: goldfish: Enable interrupt in set_alarm() when necessary (git-fixes). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - rtw88: fix LDPC field for RA info (git-fixes). - rtw88: fix short GI capability based on current bandwidth (git-fixes). - sch_cake: do not call diffserv parsing code when it is not needed (networking-stable-20_06_28). - sch_cake: do not try to reallocate or unshare skb unconditionally (networking-stable-20_06_28). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi/fc: kABI fixes for new ELS_RPD definition (bsc#1171688 bsc#1174003). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (jsc#SLE-13654). - scsi: ipr: remove unneeded semicolon (jsc#SLE-13654). - scsi: ipr: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-13654). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: Identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - seq_buf: Export seq_buf_printf (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: 8250: fix null-ptr-deref in serial8250_start_tx() (git-fixes). - serial: 8250_mtk: Fix high-speed baud rates clamping (git-fixes). - serial: 8250_pci: Move Pericom IDs to pci_ids.h (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X (git-fixes). - serial: mxs-auart: add missed iounmap() in probe failure and remove (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - serial: tegra: fix CREAD handling for PIO (git-fixes). - soc/tegra: pmc: Enable PMIC wake event on Tegra194 (bsc#1175834). - soc/tegra: pmc: Enable PMIC wake event on Tegra210 (bsc#1175116). - soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag (git-fixes). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: mediatek: use correct SPI_CFG2_REG MACRO (git-fixes). - spi: pxa2xx: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - spi: rockchip: Fix error in SPI slave pio read (git-fixes). - spi: spi-geni-qcom: Actually use our FIFO (git-fixes). - spi: spidev: Align buffers for DMA (git-fixes). - spi: stm32: fixes suspend/resume management (git-fixes). - spi: sun4i: update max transfer size reported (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging: rtl8712: handle firmware load failure (git-fixes). - staging: vchiq_arm: Add a matching unregister call (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - tcp: do not ignore ECN CWR on pure ACK (networking-stable-20_06_28). - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (networking-stable-20_07_17). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() (git-fixes). - tpm: Require that all digests are present in TCG_PCR_EVENT2 structures (git-fixes). - tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - ubsan: check panic_on_warn (bsc#1174805). - uio_pdrv_genirq: Remove warning when irq is not specified (bsc#1174762). - update upstream reference - usb: bdc: Halt controller on suspend (git-fixes). - usb: core: fix quirks_param_set() writing to a const pointer (git-fixes). - usb: dwc2: gadget: Make use of GINTMSK2 (git-fixes). - usb: dwc3: pci: add support for the Intel Jasper Lake (git-fixes). - usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant (git-fixes). - usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: check for return value in hso_serial_common_create() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: iowarrior: fix up report size handling for some devices (git-fixes). - usb: mtu3: clear dual mode of u3port when disable device (git-fixes). - usb: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - usb: serial: cp210x: re-enable auto-RTS on open (git-fixes). - usb: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - usb: serial: qcserial: add EM7305 QDL product ID (git-fixes). - usb: tegra: Fix allocation for the FPCI context (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - usb: xhci: define IDs for various ASMedia host controllers (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - video: fbdev: savage: fix memory leak on error handling path in probe (git-fixes). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (git-fixes). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (git-fixes). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (git-fixes). - watchdog: initialize device before misc_register (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - wl1251: fix always return 0 error (git-fixes). - x86/bugs/multihit: Fix mitigation reporting when VMX is not in use (git-fixes). - xen/pvcalls-back: test for errors when calling backend_connect() (bsc#1065600). - xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645). - xfrm: policy: match with both mark and mask on user interfaces (bsc#1174645). - xfs: do not eat an EIO/ENOSPC writeback error when scrubbing data fork (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xfs: preserve rmapbt swapext block reservation from freed blocks (git-fixes). ----------------------------------------- Version 1.0.6-OpenStack-Build1.17 2020-09-09T07:54:28 ----------------------------------------- Patch: SUSE-2020-2577 Released: Wed Sep 9 07:18:53 2020 Summary: Security update for the Linux Kernel Severity: important References: 1176069,CVE-2020-14386 Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). ----------------------------------------- Version 1.0.6-OpenStack-Build1.19 2020-09-10T07:54:05 ----------------------------------------- Patch: SUSE-2020-2581 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Severity: moderate References: 1174154,CVE-2020-15719 Description: This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------- Version 1.0.7-OpenStack-Build1.1 2020-09-12T07:57:13 ----------------------------------------- Patch: SUSE-2020-2612 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Severity: moderate References: 1176179,CVE-2020-24977 Description: This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------- Version 1.0.8-OpenStack-Build1.11 2020-09-19T07:57:53 ----------------------------------------- Patch: SUSE-2020-2638 Released: Tue Sep 15 15:41:32 2020 Summary: Recommended update for cryptsetup Severity: moderate References: 1165580 Description: This update for cryptsetup fixes the following issues: Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580) - Fix support of larger metadata areas in *LUKS2* header. This release properly supports all specified metadata areas, as documented in *LUKS2* format description. Currently, only default metadata area size is used (in format or convert). Later cryptsetup versions will allow increasing this metadata area size. - If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check if the requested *AEAD* algorithm with specified key size is available in kernel crypto API. This change avoids formatting a device that cannot be later activated. For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) are already mandatory for LUKS2. - Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option. - Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt. - Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested sector size. Previously it was possible, and the device was rejected to activate by kernel later. - Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash algorithm with invalid keyslot preventing the device from activation. - Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used both for data encryption and keyslot encryption in *LUKS1/2* devices. For benchmark, use: # cryptsetup benchmark -c xchacha12,aes-adiantum # cryptsetup benchmark -c xchacha20,aes-adiantum For LUKS format: # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 ----------------------------------------- Patch: SUSE-2020-2651 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Severity: moderate References: 1175811,1175830,1175831 Description: This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------- Patch: SUSE-2020-2684 Released: Fri Sep 18 15:01:24 2020 Summary: Recommended update for grub2 Severity: important References: 1176134,1176591 Description: This update for grub2 fixes the following issues: - Make efi hand off the default entry point of the linux command (bsc#1176134) ----------------------------------------- Version 1.0.8-OpenStack-Build1.14 2020-09-23T08:17:55 ----------------------------------------- Patch: SUSE-2020-2704 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Severity: moderate References: 1174079 Description: This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------- Patch: SUSE-2020-2712 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Severity: moderate References: 1175568,CVE-2020-8027 Description: This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------- Version 1.0.8-OpenStack-Build1.16 2020-09-24T07:55:19 ----------------------------------------- Patch: SUSE-2020-2729 Released: Wed Sep 23 16:00:48 2020 Summary: Security update for cifs-utils Severity: moderate References: 1152930,1174477,CVE-2020-14342 Description: This update for cifs-utils fixes the following issues: - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477). - Fixed an invalid free in mount.cifs; (bsc#1152930). ----------------------------------------- Patch: SUSE-2020-2730 Released: Wed Sep 23 16:35:31 2020 Summary: Security update for samba Severity: important References: 1176579,CVE-2020-1472 Description: This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Update to samba 4.11.13 + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403); + dsdb: Allow 'password hash userPassword schemes = CryptSHA256' to work on RHEL7; (bso#14424); + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450); + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + lib/util: do not install 'test_util_paths'; (bso#14370); + lib:util: Fix smbclient -l basename dir; (bso#14345); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + util: Allow symlinks in directory_create_or_exist; (bso#14166); + docs: Fix documentation for require_membership_of of pam_winbind; (bso#14358); + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425); ----------------------------------------- Version 1.0.8-OpenStack-Build1.22 2020-09-29T07:55:30 ----------------------------------------- Patch: SUSE-2020-2757 Released: Fri Sep 25 19:45:40 2020 Summary: Recommended update for nfs-utils Severity: moderate References: 1173104 Description: This update for nfs-utils fixes the following issue: - Some scripts are requiring Python2 while it is not installed by default and they can work with Python3. (bsc#1173104) ----------------------------------------- Version 1.0.8-OpenStack-Build1.23 2020-09-30T07:55:58 ----------------------------------------- Patch: SUSE-2020-2779 Released: Tue Sep 29 11:27:35 2020 Summary: Recommended update for rsyslog Severity: moderate References: 1173433 Description: This update for rsyslog fixes the following issues: - Fix the URL for bug reporting. (bsc#1173433) ----------------------------------------- Patch: SUSE-2020-2781 Released: Tue Sep 29 11:29:34 2020 Summary: Recommended update for openssh Severity: moderate References: 1173799 Description: This update for openssh fixes the following issues: - This uses OpenSSL's RAND_bytes() directly instead of the internal ChaCha20-based implementation to obtain random bytes for Ed25519 curve computations. This is required for FIPS compliance. (bsc#1173799). ----------------------------------------- Patch: SUSE-2020-2791 Released: Tue Sep 29 14:13:44 2020 Summary: Security update for xen Severity: important References: 1027519,1176339,1176341,1176343,1176344,1176345,1176346,1176347,1176348,1176349,1176350,CVE-2020-25595,CVE-2020-25596,CVE-2020-25597,CVE-2020-25598,CVE-2020-25599,CVE-2020-25600,CVE-2020-25601,CVE-2020-25602,CVE-2020-25603,CVE-2020-25604 Description: This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333) - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - Various other fixes (bsc#1027519) ----------------------------------------- Version 1.0.8-OpenStack-Build1.25 2020-10-02T07:58:23 ----------------------------------------- Patch: SUSE-2020-2819 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 Description: This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------- Version 1.0.8-OpenStack-Build1.27 2020-10-04T07:58:11 ----------------------------------------- Patch: SUSE-2020-2825 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Severity: moderate References: 1170347,1176759 Description: This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------- Patch: SUSE-2020-2850 Released: Fri Oct 2 12:26:03 2020 Summary: Recommended update for lvm2 Severity: moderate References: 1175110 Description: This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) ----------------------------------------- Patch: SUSE-2020-2852 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1173470,1175844 Description: This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------- Version 1.0.8-OpenStack-Build1.31 2020-10-07T08:04:50 ----------------------------------------- Patch: SUSE-2020-2864 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 Description: This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------- Patch: SUSE-2020-2869 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 Description: This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------- Version 1.0.8-OpenStack-Build1.33 2020-10-09T11:13:14 ----------------------------------------- Patch: SUSE-2020-2877 Released: Wed Oct 7 14:43:20 2020 Summary: Security update for qemu Severity: important References: 1174386,1174641,1174863,1175370,1175441,1176494,CVE-2020-14364,CVE-2020-15863,CVE-2020-16092,CVE-2020-24352 Description: This update for qemu fixes the following issues: - CVE-2020-14364: Fixed an OOB access while processing USB packets (bsc#1175441,bsc#1176494). - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs (bsc#1174641). - CVE-2020-15863: Fixed a buffer overflow in the XGMAC device (bsc#1174386). - CVE-2020-24352: Fixed an out-of-bounds read/write in ati-vga device emulation in ati_2d_blt (bsc#1175370). - Allow to IPL secure guests with -no-reboot (bsc#1174863) ----------------------------------------- Patch: SUSE-2020-2879 Released: Thu Oct 8 15:05:03 2020 Summary: Security update for the Linux Kernel Severity: important References: 1055186,1058115,1065600,1065729,1094244,1136666,1152148,1152472,1152489,1153274,1154353,1155518,1155798,1156395,1167527,1170232,1170774,1171000,1171068,1171073,1171558,1171688,1171742,1172419,1172757,1172873,1173017,1173060,1173115,1173267,1173746,1174029,1174110,1174111,1174358,1174484,1174486,1174899,1175263,1175667,1175718,1175749,1175787,1175882,1175952,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176137,1176235,1176236,1176237,1176242,1176278,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176423,1176449,1176482,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176544,1176545,1176546,1176548,1176558,1176559,1176587,1176588,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176869,1176877,1176925,1176962,1176980,1176990,1177021,1177030,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14385,CVE-2020-14390,CVE-2020-2521,CVE-2020-25284,CVE-2020-26088 Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14385: Fixed a failure of the file system metadata validator in XFS which could have caused an inode with a valid, user-creatable extended attribute to be flagged as corrupt (bsc#1176137). The following non-security bugs were fixed: - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA: firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda: fixup headset for ASUS GX502 laptop (git-fixes). - ALSA: hda: hdmi - add Rocketlake support (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - ALSA: hda/realtek - The Mic on a RedmiBook does not work (git-fixes). - ALSA: hda/tegra: Program WAKEEN register for Tegra (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for UR22C (git-fixes). - ALSA: usb-audio: Disable autosuspend for Lenovo ThinkStation P620 (git-fixes). - arm64: paravirt: Initialize steal time when cpu is online (bsc#1176833). - ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt (git-fixes). - ASoC: img-parallel-out: Fix a reference count leak (git-fixes). - ASoC: meson: axg-toddr: fix channel order on g12 platforms (git-fixes). - ASoC: qcom: common: Fix refcount imbalance on error (git-fixes). - ASoC: qcom: Set card->owner to avoid warnings (git-fixes). - ASoC: SOF: Intel: add PCI ID for CometLake-S (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ata: ahci: use ata_link_info() instead of ata_link_printk() (jsc#SLE-14459). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: Fix own OGM check in aggregated OGMs (git-fixes). - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: btrtl: Add support for RTL8761B (bsc#1177021). - bnxt: do not enable NAPI until rings are ready (git-fixes). - bnxt_en: Check for zero dir entries in NVRAM (git-fixes). - bnxt_en: Do not query FW when netif_running() is false (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bnxt_en: fix HWRM error when querying VF temperature (git-fixes). - bnxt_en: Fix PCI AER error recovery flow (git-fixes). - bnxt_en: Fix possible crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix race when modifying pause settings (networking-stable-20_07_29). - bonding: check error value of register_netdevice() immediately (networking-stable-20_07_29). - bonding: check return value of register_netdevice() in bond_newlink() (networking-stable-20_07_29). - bonding: fix a potential double-unregister (git-fixes). - bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1155518). - bpf: map_seq_next should always increase position index (bsc#1155518). - btrfs: add a leak check for roots (bsc#1176019). - btrfs: add __cold attribute to more functions (bsc#1176019). - btrfs: add dedicated members for start and length of a block group (bsc#1176019). - btrfs: Add read_backup_root (bsc#1176019). - btrfs: block-group: Refactor btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: Reuse the item key from caller of read_one_block_group() (bsc#1176019). - btrfs: Cleanup and simplify find_newest_super_backup (bsc#1176019). - btrfs: clear DEAD_RELOC_TREE before dropping the reloc root (bsc#1176019). - btrfs: do not init a reloc root if we are not relocating (bsc#1176019). - btrfs: Do not use objectid_mutex during mount (bsc#1176019). - btrfs: drop block from cache on error in relocation (bsc#1176019). - btrfs: drop create parameter to btrfs_get_extent() (bsc#1176019). - btrfs: drop unused parameter is_new from btrfs_iget (bsc#1176019). - btrfs: export and rename free_fs_info (bsc#1176019). - btrfs: export and use btrfs_read_tree_root for tree-log (bsc#1176019). - btrfs: Factor out tree roots initialization during mount (bsc#1176019). - btrfs: fix setting last_trans for reloc roots (bsc#1176019). - btrfs: free more things in btrfs_free_fs_info (bsc#1176019). - btrfs: free the reloc_control in a consistent way (bsc#1176019). - btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root (bsc#1176019). - btrfs: hold a ref for the root in btrfs_find_orphan_roots (bsc#1176019). - btrfs: hold a ref on fs roots while they're in the radix tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_check_uuid_tree_entry (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_send (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_log_trees (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_relocation (bsc#1176019). - btrfs: hold a ref on the root in __btrfs_run_defrag_inode (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree_user (bsc#1176019). - btrfs: hold a ref on the root in build_backref_tree (bsc#1176019). - btrfs: hold a ref on the root in create_pending_snapshot (bsc#1176019). - btrfs: hold a ref on the root in create_reloc_inode (bsc#1176019). - btrfs: hold a ref on the root in create_subvol (bsc#1176019). - btrfs: hold a ref on the root in find_data_references (bsc#1176019). - btrfs: hold a ref on the root in fixup_tree_root_location (bsc#1176019). - btrfs: hold a ref on the root in get_subvol_name_from_objectid (bsc#1176019). - btrfs: hold a ref on the root in merge_reloc_roots (bsc#1176019). - btrfs: hold a ref on the root in open_ctree (bsc#1176019). - btrfs: hold a ref on the root in prepare_to_merge (bsc#1176019). - btrfs: hold a ref on the root in record_reloc_root_in_trans (bsc#1176019). - btrfs: hold a ref on the root in resolve_indirect_ref (bsc#1176019). - btrfs: hold a ref on the root in scrub_print_warning_inode (bsc#1176019). - btrfs: hold a ref on the root in search_ioctl (bsc#1176019). - btrfs: hold a ref on the root->reloc_root (bsc#1176019). - btrfs: hold a root ref in btrfs_get_dentry (bsc#1176019). - btrfs: hold ref on root in btrfs_ioctl_default_subvol (bsc#1176019). - btrfs: implement full reflink support for inline extents (bsc#1176019). - btrfs: make btrfs_find_orphan_roots use btrfs_get_fs_root (bsc#1176019). - btrfs: make relocation use btrfs_read_tree_root() (bsc#1176019). - btrfs: make the fs root init functions static (bsc#1176019). - btrfs: make the init of static elements in fs_info separate (bsc#1176019). - btrfs: move all reflink implementation code into its own file (bsc#1176019). - btrfs: move block_group_item::flags to block group (bsc#1176019). - btrfs: move block_group_item::used to block group (bsc#1176019). - btrfs: move fs_info init work into it's own helper function (bsc#1176019). - btrfs: move fs root init stuff into btrfs_init_fs_root (bsc#1176019). - btrfs: open code btrfs_read_fs_root_no_name (bsc#1176019). - btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root (bsc#1176019). - btrfs: push grab_fs_root into read_fs_root (bsc#1176019). - btrfs: push __setup_root into btrfs_alloc_root (bsc#1176019). - btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1176019). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1176019). - btrfs: Remove block_rsv parameter from btrfs_drop_snapshot (bsc#1176019). - btrfs: remove btrfs_read_fs_root, not used anymore (bsc#1176019). - btrfs: remove embedded block_group_cache::item (bsc#1176019). - btrfs: Remove newest_gen argument from find_oldest_super_backup (bsc#1176019). - btrfs: Remove unused next_root_backup function (bsc#1176019). - btrfs: rename block_group_item on-stack accessors to follow naming (bsc#1176019). - btrfs: rename btrfs_block_group_cache (bsc#1176019). - btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root (bsc#1176019). - btrfs: rename extent buffer block group item accessors (bsc#1176019). - btrfs: Rename find_oldest_super_backup to init_backup_root_slot (bsc#1176019). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: reset tree root pointer after error in init_tree_roots (bsc#1176019). - btrfs: simplify inline extent handling when doing reflinks (bsc#1176019). - btrfs: stop clearing EXTENT_DIRTY in inode I/O tree (bsc#1176019). - btrfs: Streamline btrfs_fs_info::backup_root_index semantics (bsc#1176019). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - btrfs: unset reloc control if we fail to recover (bsc#1176019). - btrfs: use bool argument in free_root_pointers() (bsc#1176019). - btrfs: use btrfs_block_group_cache_done in update_block_group (bsc#1176019). - btrfs: use btrfs_put_fs_root to free roots always (bsc#1176019). - ceph: do not allow setlease on cephfs (bsc#1176537). - ceph: fix potential mdsc use-after-free crash (bsc#1176538). - ceph: fix use-after-free for fsc->mdsc (bsc#1176539). - ceph: handle zero-length feature mask in session messages (bsc#1176540). - ceph: set sec_context xattr on symlink creation (bsc#1176541). - ceph: use frag's MDS in either mode (bsc#1176542). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: davinci: Use the correct size when allocating memory (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - crypto: ecdh - check validity of Z before export (bsc#1175718). - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718). - crypto: dh - check validity of Z before export (bsc#1175718). - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718). - cxgb4: fix thermal zone device registration (git-fixes). - dax: do not print error message for non-persistent memory block device (bsc#1171073). - dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#1171073). - debugfs: Fix module state check condition (bsc#1173746). - debugfs: Fix module state check condition (git-fixes). - dev: Defer free of skbs in flush_backlog (networking-stable-20_07_29). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - dmaengine: acpi: Put the CSRT table after using it (git-fixes). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: dw-edma: Fix scatter-gather address calculation (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dm: do not call report zones for more than the user requested (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (networking-stable-20_08_08). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996). - driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (bsc#1176486 ltc#188130). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - Drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amd/display: Switch to immediate mode for updating infopackets (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu/gfx10: refine mgcg setting (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct the thermal alert temperature limit settings (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega20 swctf limit setting (git-fixes). - drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading (git-fixes). - drm/amd/powerplay: correct Vega20 cached smu feature state (git-fixes). - drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1152472) * context changes - drm/mgag200: Remove declaration of mgag200_mmap() from header file (bsc#1152472) * context changes - drm/msm/a6xx: fix crashdec section name typo (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm/gpu: make ringbuffer readonly (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/sched: Fix passing zero to 'PTR_ERR' warning v2 (git-fixes). - drm/sun4i: add missing put_device() call in (bsc#1152472) - drm/sun4i: backend: Disable alpha on the lowest plane on the A20 (bsc#1152472) - drm/sun4i: backend: Support alpha property on lowest plane (bsc#1152472) - drm/sun4i: Fix dsi dcs long write function (bsc#1152472) - drm/virtio: fix missing dma_fence_put() in (bsc#1152489) * context changes - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - EDAC/amd64: Add AMD family 17h model 60h PCI IDs (bsc#1152489). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1152489). - EDAC: Fix reference count leaks (bsc#1152489). - efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc#1174111). - efi: avoid error message when booting under Xen (bsc#1172419). - efi/efivars: Expose RT service availability via efivars abstraction (bsc#1174029, bsc#1174110, bsc#1174111). - efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#1173267). - efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Register EFI rtc platform device only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Store mask of supported runtime services in struct efi (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use more granular check for availability for variable services (bsc#1174029, bsc#1174110, bsc#1174111). - enetc: Remove the mdio bus on PF probe bailout (networking-stable-20_07_29). - epoll: atomically remove wait entry on wake up (bsc#1176236). - epoll: call final ep_events_available() check under the lock (bsc#1176237). - ext4: handle read only external journal device (bsc#1176063). - fbcon: prevent user font height or width change from causing potential out-of-bounds access (git-fixes). - felix: Fix initialization of ioremap resources (bsc#1175997). - Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600). - HID: core: Add printk_once variants to hid_warn() etc (bsc#1176775). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: core: fix dmesg flooding if report field larger than 32bit (bsc#1176775). - HID: core: reformat and reduce hid_printk macros (bsc#1176775). - HID: core: Sanitize event code and type when mapping input (git-fixes). - HID: elan: Fix memleak in elan_input_configured (git-fixes). - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands (git-fixes). - HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller (git-fixes). - HID: quirks: add NOGET quirk for Logitech GROUP (git-fixes). - HID: quirks: Always poll three more Lenovo PixArt mice (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:accel:mma8452: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio:adc:ti-adc084s021 Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio:chemical:ccs811: Fix timestamp alignment and prevent data leak (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - iio:proximity:mb1232: Fix timestamp alignment and prevent data leak (git-fixes). - include/asm-generic/vmlinux.lds.h: align ro_after_init (git-fixes). - include/linux/bitops.h: avoid clang shift-count-overflow warnings (git-fixes). - include/linux/poison.h: remove obsolete comment (git-fixes). - infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - initramfs: remove clean_rootfs (git-fixes). - initramfs: remove the populate_initrd_image and clean_rootfs stubs (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - integrity: Check properly whether EFI GetVariable() is available (bsc#1174029, bsc#1174110, bsc#1174111). - iommu/amd: Do not force direct mapping when SME is active (bsc#1174358). - iommu/amd: Do not use IOMMUv2 functionality when SME is active (bsc#1174358). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176357). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176358). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176359). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176360). - iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361). - iommu/vt-d: Handle 36bit addressing for x86-32 (bsc#1176362). - iommu/vt-d: Handle non-page aligned address (bsc#1176367). - iommu/vt-d: Remove global page support in devTLB flush (bsc#1176363). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176364). - iommu/vt-d: Support flushing more translation cache types (bsc#1176365). - ipv4: Silence suspicious RCU usage warning (networking-stable-20_08_08). - ipv6: fix memory leaks on IPV6_ADDRFORM path (networking-stable-20_08_08). - ipv6: Fix nexthop refcnt leak when creating ipv6 route info (networking-stable-20_08_08). - irqdomain/treewide: Free firmware node after domain removal (git-fixes). - irqdomain/treewide: Keep firmware node unconditionally allocated (git-fixes). - kABI: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111). - kABI: net: dsa: microchip: call phy_remove_link_mode during probe (kabi). - kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/ - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - libbpf: Fix readelf output parsing on powerpc with recent binutils (bsc#1155518). - libbpf: Fix readelf output parsing for Fedora (bsc#1155518). - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks (jsc#SLE-14459). - lib/mpi: Add mpi_sub_ui() (bsc#1175718). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: cedrus: Add missing v4l2_ctrl_request_hdl_put() (git-fixes). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: gpio-ir-tx: improve precision of transmitted signal due to scheduling (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - mei: fix CNL itouch device number to match the spec (bsc#1175952). - mei: me: disable mei interface on LBG servers (bsc#1175952). - mei: me: disable mei interface on Mehlow server platforms (bsc#1175952). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mlx4: disable device on shutdown (git-fixes). - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (networking-stable-20_07_29). - mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings (git-fixes). - mmc: mediatek: add optional module reset property (git-fixes). - mmc: sdhci-acpi: Clear amd_sdhci_host on reset (git-fixes). - mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-of-esdhc: Do not walk device-tree on every interrupt (git-fixes). - mmc: sdio: Use mmc_pre_req() / mmc_post_req() (git-fixes). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/pgalloc)). - mm/page_alloc: silence a KASAN false positive (git fixes (mm/pgalloc)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/shuffle: do not move pages between zones and do not read garbage memmaps (git fixes (mm/pgalloc)). - mm/sparse: rename pfn_present() to pfn_in_present_section() (git fixes (mm/pgalloc)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998). - net: dsa: microchip: call phy_remove_link_mode during probe (networking-stable-20_07_29). - net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999). - net: enetc: fix an issue about leak system resources (bsc#1176000). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix MTU warnings (networking-stable-20_08_08). - netfilter: ipset: Fix forceadd evaluation path (bsc#1176587). - net: Fix potential memory leak in proto_register() (networking-stable-20_08_15). - net: gre: recompute gre csum for sctp over gre tunnels (networking-stable-20_08_08). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge (bsc#1176001). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net: sched: initialize with 0 before setting erspan md->u (bsc#1154353). - net: Set fput_needed iff FDPUT_FPUT is set (networking-stable-20_08_15). - net/smc: put slot when connection is killed (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (networking-stable-20_08_08). - net/tls: Fix kmap usage (networking-stable-20_08_15). - net: udp: Fix wrong clean up for IS_UDPLITE macro (networking-stable-20_07_29). - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (networking-stable-20_08_08). - PCI: Add device even if driver attach failed (git-fixes). - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes). - platform/x86: dcdbas: Check SMBIOS for protected buffer address (jsc#SLE-14407). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64: mark emergency stacks valid to unwind (bsc#1156395). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: machine check interrupt update NMI accounting (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Do not flush caches when adding memory (bsc#1176980 ltc#187962). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm/radix: Create separate mappings for hot-plugged memory (bsc#1055186 ltc#153436). - powerpc/mm/radix: Fix PTE/PMD fragment count for early page table mappings (bsc#1055186 ltc#153436). - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1055186 ltc#153436). - powerpc/mm/radix: Remove split_kernel_mapping() (bsc#1055186 ltc#153436). - powerpc/numa: Early request for home node associativity (bsc#1171068 ltc#183935). - powerpc/numa: Offline memoryless cpuless node 0 (bsc#1171068 ltc#183935). - powerpc/numa: Prefer node id queried from vphn (bsc#1171068 ltc#183935). - powerpc/numa: Set numa_node for all possible cpus (bsc#1171068 ltc#183935). - powerpc/numa: Use cpu node map of first sibling thread (bsc#1171068 ltc#183935). - powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute (bsc#1176486 ltc#188130). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - qrtr: orphan socket in qrtr_release() (networking-stable-20_07_29). - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1173017). - RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017). - RDMA/bnxt_re: Remove set but not used variable 'qplib_ctx' (bsc#1170774). - RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds (bsc#1170774). - RDMA/bnxt_re: Restrict the max_gids to 256 (bsc#1173017). - RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774). - RDMA/mlx4: Read pkey table length instead of hardcoded value (git-fixes). - RDMA/siw: Suppress uninitialized var warning (jsc#SLE-8381). - regulator: core: Fix slab-out-of-bounds in regulator_unlock_recursive() (git-fixes). - regulator: fix memory leak on error path of regulator_register() (git-fixes). - regulator: plug of_node leak in regulator_register()'s error path (git-fixes). - regulator: push allocation in regulator_ena_gpio_request() out of lock (git-fixes). - regulator: push allocation in regulator_init_coupling() outside of lock (git-fixes). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - regulator: push allocations in create_regulator() outside of lock (git-fixes). - regulator: pwm: Fix machine constraints application (git-fixes). - regulator: remove superfluous lock in regulator_resolve_coupling() (git-fixes). - Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-binary.spec.in: pack .ipa-clones files for live patching When -fdump-ipa-clones option is enabled, GCC reports about its cloning operation during IPA optimizations. We use the information for live patches preparation, because it is crucial to know if and how functions are optimized. Currently, we create the needed .ipa-clones dump files manually. It is unnecessary, because the files may be created automatically during our kernel build. Prepare for the step and provide the resulting files in -livepatch-devel package. - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, '--ca-check' is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390: Change s390_kernel_write() return type to match memcpy() (bsc#1176449). Prerequisite for bsc#1176449. - s390/dasd: fix inability to use DASD with DIAG driver (git-fixes). - s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig (git-fixes). - s390/maccess: add no DAT mode to kernel_write (bsc#1176449). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - s390/setup: init jump labels before command line parsing (git-fixes). - sbitmap: Consider cleared bits in sbitmap_bitmap_show() (git fixes (block drivers)). - sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: nohz: stop passing around unused 'ticks' parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/numa: Check numa balancing information only when enabled (bsc#1176588). - sched/numa: Avoid creating large imbalances at task creation time (bsc#1176588). - sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - scsi: zfcp: Fix use-after-free in request timeout handlers (git-fixes). - sctp: shrink stream outq only when new outcnt < old outcnt (networking-stable-20_07_29). - sctp: shrink stream outq when fails to do addstream reconf (networking-stable-20_07_29). - sdhci: tegra: Add missing TMCLK for data timeout (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - selftests/net: relax cpu affinity requirement in msg_zerocopy test (networking-stable-20_08_08). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - soundwire: fix double free of dangling pointer (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: stm32: always perform registers configuration prior to transfer (git-fixes). - spi: stm32: clear only asserted irq flags on interrupt (git-fixes). - spi: stm32: fix fifo threshold level in case of short transfer (git-fixes). - spi: stm32: fix pm_runtime_get_sync() error checking (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate (git-fixes). - spi: stm32h7: fix race condition at end of transfer (git-fixes). - taprio: Fix using wrong queues in gate mask (bsc#1154353). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - tcp: correct read of TFO keys on big endian systems (networking-stable-20_08_15). - test_kmod: avoid potential double free in trigger_config_run_type() (git-fixes). - tg3: Fix soft lockup when tg3_reset_task() fails (git-fixes). - thermal: qcom-spmi-temp-alarm: Do not suppress negative temp (git-fixes). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tracing: fix double free (git-fixes). - Update patches.suse/btrfs-add-dedicated-members-for-start-and-length-of-.patch (bsc#1176019). - Update patches.suse/btrfs-Move-free_pages_out-label-in-inline-extent-han.patch (bsc#1174484). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisUSBvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: typec: ucsi: Prevent mode overrun (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vfio-pci: Avoid recursive read-lock usage (bsc#1176366). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes). - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer (networking-stable-20_07_29). - vt: defer kfree() of vc_screenbuf in vc_do_resize() (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (networking-stable-20_08_08). - wireguard: noise: take lock when removing handshake entry from table (git-fixes). - wireguard: peerlookup: take lock before checking hash in replace operation (git-fixes). - workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs (bsc#1176763). - x86/hotplug: Silence APIC only after all interrupts are migrated (git-fixes). - x86/ima: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1152489). - x86, sched: Bail out of frequency invariance if turbo_freq/base_freq gives 0 (bsc#1176925). - x86, sched: Bail out of frequency invariance if turbo frequency is unknown (bsc#1176925). - x86, sched: check for counters overflow in frequency invariant accounting (bsc#1176925). - x86/stacktrace: Fix reliable check for empty user task stacks (bsc#1058115). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed (git-fixes). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). ----------------------------------------- Version 1.0.8-OpenStack-Build2.3 2020-10-13T07:58:25 ----------------------------------------- Patch: SUSE-2020-2890 Released: Mon Oct 12 11:07:00 2020 Summary: Recommended update for multipath-tools Severity: important References: 1125043,1139837,1161923,1165786,1172157,1172429,1173060,1173064,1176644,1176670 Description: This update for multipath-tools fixes the following issues: - Fixed an issue where mapping two WWID's to the same multipath led to a data corruption (bsc#1172429) - Improved logging of some failure cases (bsc#1173060, bsc#1173064) - Limited the PRIN allocation length to 8192 bytes (bsc#1165786) - Added '-e' option to enable foreign libraries (bsc#1139837) - Fixed an issue when handling synthetic uevents (bsc#1161923) - Fix handling of hardware properties for maps without paths (bsc#1176644) - Fixed an issue where all paths were dropped from a storage array (bsc#1125043) - Fixed handling of incompletely initialized udev devices (bsc#1172157) ----------------------------------------- Patch: SUSE-2020-2893 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1177479 Description: This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------- Version 1.0.8-OpenStack-Build2.4 2020-10-14T08:18:56 ----------------------------------------- Patch: SUSE-2020-2901 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 Description: This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------- Patch: SUSE-2020-2914 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 Description: This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------- Version 1.0.8-OpenStack-Build2.5 2020-10-16T07:59:15 ----------------------------------------- Patch: SUSE-2020-2936 Released: Thu Oct 15 13:41:33 2020 Summary: Recommended update for iproute2 Severity: moderate References: 1175281 Description: This update for iproute2 provides the following fix: - Add the iproute2-arpd sub-package to the SLE Basesystem module. (bsc#1175281) ----------------------------------------- Version 1.0.9-OpenStack-Build1.1 2020-10-17T07:59:33 ----------------------------------------- Patch: SUSE-2020-2947 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 Description: This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------- Version 1.0.9-OpenStack-Build1.2 2020-10-19T11:38:00 ----------------------------------------- Patch: SUSE-2020-2953 Released: Mon Oct 19 06:25:15 2020 Summary: Recommended update for gettext-runtime Severity: moderate References: 1176142 Description: This update for gettext-runtime fixes the following issues: - Fix for an issue when 'xgettext' crashes during creating a 'POT' file. (bsc#1176142) ----------------------------------------- Version 1.0.9-OpenStack-Build1.4 2020-10-21T07:59:21 ----------------------------------------- Patch: SUSE-2020-2958 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------- Version 1.0.9-OpenStack-Build1.7 2020-10-26T09:41:08 ----------------------------------------- Patch: SUSE-2020-2979 Released: Wed Oct 21 11:37:14 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1176173 Description: This update for mozilla-nss fixes the following issue: - FIPS: Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1176173). ----------------------------------------- Patch: SUSE-2020-2980 Released: Wed Oct 21 13:28:37 2020 Summary: Security update for the Linux Kernel Severity: critical References: 1065600,1065729,1155798,1165692,1168468,1171675,1171688,1174003,1174098,1175599,1175621,1175807,1176019,1176400,1176907,1176979,1177090,1177109,1177121,1177193,1177194,1177206,1177258,1177271,1177283,1177284,1177285,1177286,1177297,1177384,1177511,1177617,1177681,1177683,1177687,1177694,1177697,1177719,1177724,1177725,1177726,954532,CVE-2020-12351,CVE-2020-12352,CVE-2020-24490,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645 Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). - CVE-2020-24490: Fixed a heap buffer overflow when processing extended advertising report events aka 'BleedingTooth' aka 'BadVibes' (bsc#1177726). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725). - CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121). - CVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: Enable PCI write-combine resources under sysfs (bsc#1175807). - ASoC: img-i2s-out: Fix runtime PM imbalance on error (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 (git-fixes). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions (git-fixes). - ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811 (git-fixes). - ata: ahci: mvebu: Make SATA PHY optional for Armada 3720 (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - brcmfmac: Fix double freeing in the fmac usb data path (git-fixes). - btrfs: block-group: do not set the wrong READA flag for btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: fix free-space bitmap threshold (bsc#1176019). - btrfs: block-group: refactor how we delete one block group item (bsc#1176019). - btrfs: block-group: refactor how we insert a block group item (bsc#1176019). - btrfs: block-group: refactor how we read one block group item (bsc#1176019). - btrfs: block-group: rename write_one_cache_group() (bsc#1176019). - btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687). - btrfs: do not set the full sync flag on the inode during page release (bsc#1177687). - btrfs: do not take an extra root ref at allocation time (bsc#1176019). - btrfs: drop logs when we've aborted a transaction (bsc#1176019). - btrfs: fix a race between scrub and block group removal/allocation (bsc#1176019). - Btrfs: fix crash during unmount due to race with delayed inode workers (bsc#1176019). - btrfs: fix race between page release and a fast fsync (bsc#1177687). - btrfs: free block groups after free'ing fs trees (bsc#1176019). - btrfs: hold a ref on the root on the dead roots list (bsc#1176019). - btrfs: kill the subvol_srcu (bsc#1176019). - btrfs: make btrfs_cleanup_fs_roots use the radix tree lock (bsc#1176019). - btrfs: make inodes hold a ref on their roots (bsc#1176019). - btrfs: make the extent buffer leak check per fs info (bsc#1176019). - btrfs: move ino_cache_inode dropping out of btrfs_free_fs_root (bsc#1176019). - btrfs: move the block group freeze/unfreeze helpers into block-group.c (bsc#1176019). - btrfs: move the root freeing stuff into btrfs_put_root (bsc#1176019). - btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687). - btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687). - btrfs: reduce contention on log trees when logging checksums (bsc#1177687). - btrfs: release old extent maps during page release (bsc#1177687). - btrfs: remove no longer necessary chunk mutex locking cases (bsc#1176019). - btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687). - btrfs: rename member 'trimming' of block group to a more generic name (bsc#1176019). - btrfs: scrub, only lookup for csums if we are dealing with a data extent (bsc#1176019). - btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687). - bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk (git-fixes). - clk: tegra: Always program PLL_E when enabled (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - clocksource/drivers/timer-gx6605s: Fixup counter reload (git-fixes). - create Storage / NVMe subsection - crypto: algif_aead - Do not set MAY_BACKLOG on the async path (git-fixes). - crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes). - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes). - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes). - crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes). - crypto: omap-sham - fix digcnt register handling with export/import (git-fixes). - crypto: picoxcell - Fix potential race condition bug (git-fixes). - crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA (git-fixes). - cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes). - Disable CONFIG_LIVEPATCH_IPA_CLONES where not needed Explicitly disable CONFIG_LIVEPATCH_IPA_CLONES in configs where it is not needed to avoid confusion and unwanted values due to fragment config files. - dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails (git-fixes). - dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all (git-fixes). - dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) (git-fixes). - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config (git-fixes). - drm/radeon: revert 'Prefer lower feedback dividers' (bsc#1177384). - drop Storage / bsc#1171688 subsection No effect on expanded tree. - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - ftrace: Move RCU is watching check after recursion check (git-fixes). - fuse: do not ignore errors from fuse_writepages_fill() (bsc#1177193). - gpio: mockup: fix resource leak in error path (git-fixes). - gpio: rcar: Fix runtime PM imbalance on error (git-fixes). - gpio: siox: explicitly support only threaded irqs (git-fixes). - gpio: sprd: Clear interrupt when setting the type as edge (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - hwmon: (applesmc) check status earlier (git-fixes). - hwmon: (mlxreg-fan) Fix double 'Mellanox' (git-fixes). - hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61} (git-fixes). - i2c: aspeed: Mask IRQ status to relevant bits (git-fixes). - i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - i2c: i801: Exclude device from suspend direct complete optimization (git-fixes). - i2c: meson: fix clock setting overwrite (git-fixes). - i2c: meson: fixup rate calculation with filter delay (git-fixes). - i2c: owl: Clear NACK and BUS error bits (git-fixes). - i2c: tegra: Prevent interrupt triggering after transfer timeout (git-fixes). - i2c: tegra: Restore pinmux on system resume (git-fixes). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio: adc: qcom-spmi-adc5: fix driver name (git-fixes). - ima: extend boot_aggregate with kernel measurements (bsc#1177617). - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (bsc#954532). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177297). - iommu/amd: Fix potential @entry null deref (bsc#1177283). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177284). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177285). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177286). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - kabi fix for NFS: Fix flexfiles read failover (git-fixes). - kabi: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - kabi/severities: ignore kABI for target_core_rbd Match behaviour for all other Ceph specific modules. - kernel-binary.spec.in: Exclude .config.old from kernel-devel - use tar excludes for .kernel-binary.spec.buildenv - kernel-binary.spec.in: Package the obj_install_dir as explicit filelist. - leds: mlxreg: Fix possible buffer overflow (git-fixes). - libceph-add-support-for-CMPEXT-compare-extent-reques.patch: (bsc#1177090). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - mac80211: skip mpath lookup also for control port tx (git-fixes). - mac802154: tx: fix use-after-free (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - media: camss: Fix a reference count leak (git-fixes). - media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes). - media: mc-device.c: fix memleak in media_device_register_entity (git-fixes). - media: mx2_emmaprp: Fix memleak in emmaprp_probe (git-fixes). - media: omap3isp: Fix memleak in isp_probe (git-fixes). - media: ov5640: Correct Bit Div register in clock tree diagram (git-fixes). - media: platform: fcp: Fix a reference count leak (git-fixes). - media: rcar-csi2: Allocate v4l2_async_subdev dynamically (git-fixes). - media: rcar-vin: Fix a reference count leak (git-fixes). - media: rc: do not access device via sysfs after rc_unregister_device() (git-fixes). - media: rc: uevent sysfs file races with rc_unregister_device() (git-fixes). - media: Revert 'media: exynos4-is: Add missed check for pinctrl_lookup_state()' (git-fixes). - media: rockchip/rga: Fix a reference count leak (git-fixes). - media: s5p-mfc: Fix a reference count leak (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: staging/intel-ipu3: css: Correctly reset some memory (git-fixes). - media: stm32-dcmi: Fix a reference count leak (git-fixes). - media: tc358743: cleanup tc358743_cec_isr (git-fixes). - media: tc358743: initialize variable (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - media: ti-vpe: Fix a missing check and reference count leak (git-fixes). - media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes). - media: usbtv: Fix refcounting mixup (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Document asd allocation requirements (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: call cond_resched() from deferred_init_memmap() (git fixes (mm/init), bsc#1177697). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mmc: core: Rework wp-gpio handling (git-fixes). - mm, compaction: fully assume capture is not NULL in compact_zone_order() (git fixes (mm/compaction), bsc#1177681). - mm, compaction: make capture control handling safe wrt interrupts (git fixes (mm/compaction), bsc#1177681). - mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mmc: sdhci: Add LTR support for some Intel BYT based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/debug.c: always print flags in dump_page() (git fixes (mm/debug)). - mm: initialize deferred pages with interrupts enabled (git fixes (mm/init), bsc#1177697). - mm/memcontrol.c: lost css_put in memcg_expand_shrinker_maps() (bsc#1177694). - mm/migrate.c: also overwrite error when it is bigger than zero (git fixes (mm/move_pages), bsc#1177683). - mm: move_pages: report the number of non-attempted pages (git fixes (mm/move_pages), bsc#1177683). - mm: move_pages: return valid node id in status if the page is already on the target node (git fixes (mm/move_pages), bsc#1177683). - mm/pagealloc.c: call touch_nmi_watchdog() on max order boundaries in deferred init (git fixes (mm/init), bsc#1177697). - mm, slab/slub: move and improve cache_from_obj() (mm/slub bsc#1165692). mm, slab/slub: improve error reporting and overhead of cache_from_obj() (mm/slub bsc#1165692). - mm, slub: extend checks guarded by slub_debug static key (mm/slub bsc#1165692). - mm, slub: extend slub_debug syntax for multiple blocks (mm/slub bsc#1165692). - mm, slub: introduce kmem_cache_debug_flags() (mm/slub bsc#1165692). - mm, slub: introduce static key for slub_debug() (mm/slub bsc#1165692). - mm, slub: make reclaim_account attribute read-only (mm/slub bsc#1165692). - mm, slub: make remaining slub_debug related attributes read-only (mm/slub bsc#1165692). - mm, slub: make some slub_debug related attributes read-only (mm/slub bsc#1165692). - mm, slub: remove runtime allocation order changes (mm/slub bsc#1165692). - mm, slub: restore initial kmem_cache flags (mm/slub bsc#1165692). - Move upstreamed intel-vbtn patch into sorted section - mt76: add missing locking around ampdu action (git-fixes). - mt76: clear skb pointers from rx aggregation reorder buffer during cleanup (git-fixes). - mt76: do not use devm API for led classdev (git-fixes). - mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw (git-fixes). - mt76: fix LED link time failure (git-fixes). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: rawnand: gpmi: Fix runtime PM imbalance on error (git-fixes). - mtd: rawnand: omap_elm: Fix runtime PM imbalance on error (git-fixes). - net: phy: realtek: fix rtl8211e rx/tx delay config (git-fixes). - nfsd4: fix NULL dereference in nfsd/clients display code (git-fixes). - NFS: Do not move layouts to plh_return_segs list while in use (git-fixes). - NFS: Do not return layout segments that are in use (git-fixes). - NFS: ensure correct writeback errors are returned on close() (git-fixes). - NFS: Fix flexfiles read failover (git-fixes). - NFS: Fix security label length not being reset (bsc#1176381). - NFS: nfs_file_write() should check for writeback errors (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - nvme-multipath: retry commands for dying queues (bsc#1171688). - patches.suse/target-compare-and-write-backend-driver-sense-handli.patch: (bsc#1177719). - patches.suse/target-rbd-detect-stripe_unit-SCSI-block-size-misali.patch (bsc#1177090). - patches.suse/target-rbd-support-COMPARE_AND_WRITE.patch: (fate#318836, bsc#1177090). - PCI: Avoid double hpmemsize MMIO window assignment (git-fixes). - PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - PCI: tegra194: Fix runtime PM imbalance on error (git-fixes). - PCI: tegra: Fix runtime PM imbalance on error (git-fixes). - phy: ti: am654: Fix a leak in serdes_am654_probe() (git-fixes). - pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - Platform: OLPC: Fix memleak in olpc_ec_probe (git-fixes). - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes). - platform/x86: fix kconfig dependency warning for LG_LAPTOP (git-fixes). - platform/x86: intel_pmc_core: do not create a static struct device (git-fixes). - platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting (bsc#1175599). - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes). - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes). - pNFS/flexfiles: Ensure we initialise the mirror bsizes correctly on read (git-fixes). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - qla2xxx: Return EBUSY on fcport deletion (bsc#1171688). - r8169: fix data corruption issue on RTL8402 (bsc#1174098). - rbd-add-rbd_img_fill_cmp_and_write_from_bvecs.patch: (bsc#1177090). - rbd-add-support-for-COMPARE_AND_WRITE-CMPEXT.patch: (bsc#1177090). - RDMA/hfi1: Correct an interlock issue for TID RDMA WRITE request (bsc#1175621). - Refresh patches.suse/fnic-to-not-call-scsi_done-for-unhandled-commands.patch (bsc#1168468, bsc#1171675). - regulator: axp20x: fix LDO2/4 description (git-fixes). - regulator: resolve supply after creating regulator (git-fixes). - rename Other drivers / Intel IOMMU subsection to IOMMU - Rename patches to the same name as in SLE15-SP3. - Rename scsi-fnic-do-not-call-scsi_done-for-unhandled-commands.patch Fix typo in patch file name. - rtc: ds1374: fix possible race condition (git-fixes). - rtc: sa1100: fix possible race condition (git-fixes). - s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - sched/fair: Ignore cache hotness for SMT migration (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Use dst group while checking imbalance for NUMA balancer (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/numa: Use runnable_avg to classify node (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add SLER and PI control support (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix memory size truncation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Performance tweak (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1171688 bsc#1174003). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - serial: uartps: Wait for tx_empty in console setup (git-fixes). - spi: dw-pci: free previously allocated IRQs if desc->setup() fails (git-fixes). - spi: fsl-espi: Only process interrupts for expected events (git-fixes). - spi: omap2-mcspi: Improve performance waiting for CHSTAT (git-fixes). - spi: sprd: Release DMA channel also on probe deferral (git-fixes). - spi: stm32: Rate-limit the 'Communication suspended' message (git-fixes). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (git-fixes). - target-rbd-add-emulate_legacy_capacity-dev-attribute.patch: (bsc#1177109). - target-rbd-add-WRITE-SAME-support.patch: (bsc#1177090). - target-rbd-conditionally-fix-off-by-one-bug-in-get_b.patch: (bsc#1177109). - target-rbd-fix-unmap-discard-block-size-conversion.patch: (bsc#1177271). - target-rbd-fix-unmap-handling-with-unmap_zeroes_data.patch: (bsc#1177271). - thermal: rcar_thermal: Handle probe error gracefully (git-fixes). - Update config files. Enable ACPI_PCI_SLOT and HOTPLUG_PCI_ACPI (bsc#1177194). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#1176979). - virtio-net: do not disable guest csum when disable LRO (git-fixes). - vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes). - wlcore: fix runtime pm imbalance in wl1271_tx_work (git-fixes). - wlcore: fix runtime pm imbalance in wlcore_regdomain_config (git-fixes). - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1176907). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xprtrdma: fix incorrect header size calculations (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). ----------------------------------------- Patch: SUSE-2020-2983 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Severity: moderate References: 1176123 Description: This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------- Patch: SUSE-2020-2989 Released: Thu Oct 22 08:53:10 2020 Summary: Recommended update for chrony Severity: moderate References: 1171806 Description: This update for chrony fixes the following issues: - Integrate three upstream patches to fix an infinite loop in chronyc. (bsc#1171806) ----------------------------------------- Patch: SUSE-2020-2995 Released: Thu Oct 22 10:03:09 2020 Summary: Security update for freetype2 Severity: important References: 1177914,CVE-2020-15999 Description: This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). ----------------------------------------- Version 1.0.9-OpenStack-Build1.9 2020-10-28T07:57:43 ----------------------------------------- Patch: SUSE-2020-3048 Released: Tue Oct 27 16:04:52 2020 Summary: Recommended update for libsolv, libzypp, yaml-cpp, zypper Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 Description: This update for libsolv, libzypp, yaml-cpp, zypper fixes the following issues: libzypp was updated to 17.25.1: - When kernel-rt has been installed, the purge-kernels service fails during boot. (bsc#1176902) - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - Link against libzstd to close libsolvs open references (as we link statically) yaml-cpp: - The libyaml-cpp0_6 library package is added the to the Basesystem module, LTSS and ESPOS channels, and the INSTALLER channels, as a new libzypp dependency. No source changes were done to yaml-cpp. zypper was updated to 1.14.40: - info: Assume descriptions starting with '

' are richtext (bsc#935885) - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to 0.7.15 to fix: - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------- Patch: SUSE-2020-3049 Released: Tue Oct 27 16:08:27 2020 Summary: Security update for xen Severity: important References: 1177409,1177412,1177413,1177414,CVE-2020-27670,CVE-2020-27671,CVE-2020-27672,CVE-2020-27673 Description: This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) ----------------------------------------- Version 1.0.9-OpenStack-Build1.10 2020-10-29T07:59:05 ----------------------------------------- Patch: SUSE-2020-3058 Released: Wed Oct 28 06:11:14 2020 Summary: Recommended update for catatonit Severity: moderate References: 1176155 Description: This update for catatonit fixes the following issues: - Fixes an issue when catatonit hangs when process dies in very specific way. (bsc#1176155) ----------------------------------------- Patch: SUSE-2020-3059 Released: Wed Oct 28 06:11:23 2020 Summary: Recommended update for sysconfig Severity: moderate References: 1173391,1176285,1176325 Description: This update for sysconfig fixes the following issues: - Fix for 'netconfig' to run with a new library including fallback to the previous location. (bsc#1176285) - Fix for changing content of such files like '/etc/resolv.conf' to avoid linked applications re-read them and unnecessarily re-initializes themselves accordingly. (bsc#1176325) - Fix for 'chrony helper' calling in background. (bsc#1173391) - Fix for configuration file by creating a symlink for it to prevent false ownership on the file. (bsc#1159566) ----------------------------------------- Version 1.0.9-OpenStack-Build1.12 2020-10-30T07:59:43 ----------------------------------------- Patch: SUSE-2020-3081 Released: Thu Oct 29 11:00:34 2020 Summary: Security update for samba Severity: important References: 1173902,1173994,1177613,CVE-2020-14318,CVE-2020-14323,CVE-2020-14383 Description: This update for samba fixes the following issues: Update to samba 4.11.14 - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). - lib/util: Do not install /usr/bin/test_util - smbd: don't log success as error - idmap_ad does not deal properly with a RFC4511 section 4.4.1 response; - winbind: Fix a memleak - idmap_ad: Pass tldap debug messages on to DEBUG() - lib/replace: Move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE - ctdb disable/enable can fail due to race condition ----------------------------------------- Patch: SUSE-2020-3099 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------- Version 1.0.9-OpenStack-Build1.15 2020-11-04T08:01:36 ----------------------------------------- Patch: SUSE-2020-3122 Released: Tue Nov 3 09:46:29 2020 Summary: Security update for the Linux Kernel Severity: important References: 1055014,1055186,1061843,1065729,1077428,1129923,1134760,1152489,1174748,1174969,1175052,1175898,1176485,1176713,1177086,1177353,1177410,1177411,1177470,1177739,1177749,1177750,1177754,1177755,1177765,1177814,1177817,1177854,1177855,1177856,1177861,1178002,1178079,1178246,CVE-2020-14351,CVE-2020-16120,CVE-2020-25285 Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485). - CVE-2020-16120: Fixed permission check to open real file when using overlayfs. It was possible to have a file not readable by an unprivileged user be copied to a mountpoint controlled by that user and then be able to access the file. (bsc#1177470) - CVE-2020-14351: Fixed a race condition in the perf_mmap_close() function (bsc#1177086). The following non-security bugs were fixed: - ACPI: Always build evged in (git-fixes). - ACPI: button: fix handling lid state changes when input device closed (git-fixes). - ACPI: configfs: Add missing config_item_put() to fix refcount leak (git-fixes). - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes). - ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes). - Add CONFIG_CHECK_CODESIGN_EKU - ALSA: ac97: (cosmetic) align argument names (git-fixes). - ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes). - ALSA: asihpi: fix spellint typo in comments (git-fixes). - ALSA: atmel: ac97: clarify operator precedence (git-fixes). - ALSA: bebob: potential info leak in hwdep_read() (git-fixes). - ALSA: compress_offload: remove redundant initialization (git-fixes). - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes). - ALSA: core: pcm: simplify locking for timers (git-fixes). - ALSA: core: timer: clarify operator precedence (git-fixes). - ALSA: core: timer: remove redundant assignment (git-fixes). - ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes). - ALSA: fireworks: use semicolons rather than commas to separate statements (git-fixes). - ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes). - ALSA: hda: (cosmetic) align function parameters (git-fixes). - ALSA: hda - Do not register a cb func if it is registered already (git-fixes). - ALSA: hda - Fix the return value if cb func is already registered (git-fixes). - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close (git-fixes). - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes). - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes). - ALSA: hda/realtek - set mic to auto detect on a HP AIO machine (git-fixes). - ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes). - ALSA: hda: use semicolons rather than commas to separate statements (git-fixes). - ALSA: hdspm: Fix typo arbitary (git-fixes). - ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes). - ALSA: portman2x4: fix repeated word 'if' (git-fixes). - ALSA: rawmidi: (cosmetic) align function parameters (git-fixes). - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes). - ALSA: sparc: dbri: fix repeated word 'the' (git-fixes). - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes). - ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes). - ALSA: usb-audio: Line6 Pod Go interface requires static clock rate quirk (git-fixes). - ALSA: usb: scarless_gen2: fix endianness issue(git-fixes). - ALSA: vx: vx_core: clarify operator precedence (git-fixes). - ALSA: vx: vx_pcm: remove redundant assignment (git-fixes). - ASoC: fsl: imx-es8328: add missing put_device() call in imx_es8328_probe() (git-fixes). - ASoC: fsl_sai: Instantiate snd_soc_dai_driver (git-fixes). - ASoC: qcom: lpass-cpu: fix concurrency issue(git-fixes). - ASoC: qcom: lpass-platform: fix memory leak (git-fixes). - ASoC: sun50i-codec-analog: Fix duplicate use of ADC enable bits (git-fixes). - ASoC: tlv320aic32x4: Fix bdiv clock rate derivation (git-fixes). - ata: sata_rcar: Fix DMA boundary mask (git-fixes). - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes). - ath10k: provide survey info as accumulated data (git-fixes). - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes). - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() (git-fixes). - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes). - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750). - block: ensure bdi->io_pages is always initialized (bsc#1177749). - block: Fix page_is_mergeable() for compound pages (bsc#1177814). - Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes). - Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes). - brcmfmac: check ndev pointer (git-fixes). - btrfs: add owner and fs_info to alloc_state io_tree (bsc#1177854). - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856). - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855). - btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861). - can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes). - can: flexcan: remove ack_grp and ack_bit handling from driver (git-fixes). - can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes). - clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes). - clk: at91: remove the checking of parent_name (git-fixes). - clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes). - clk: imx8mq: Fix usdhc parents order (git-fixes). - clk: keystone: sci-clk: fix parsing assigned-clock data during probe (git-fixes). - clk: meson: g12a: mark fclk_div2 as critical (git-fixes). - clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes). - cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes). - dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX (bsc#1177817). - dma-direct: add missing set_memory_decrypted() for coherent mapping (bsc#1175898, ECO-2743). - dma-direct: always align allocation size in dma_direct_alloc_pages() (bsc#1175898, ECO-2743). - dma-direct: atomic allocations must come from atomic coherent pools (bsc#1175898, ECO-2743). - dma-direct: check return value when encrypting or decrypting memory (bsc#1175898, ECO-2743). - dma-direct: consolidate the error handling in dma_direct_alloc_pages (bsc#1175898, ECO-2743). - dma-direct: make uncached_kernel_address more general (bsc#1175898, ECO-2743). - dma-direct: provide function to check physical memory area validity (bsc#1175898, ECO-2743). - dma-direct: provide mmap and get_sgtable method overrides (bsc#1175898, ECO-2743). - dma-direct: re-encrypt memory if dma_direct_alloc_pages() fails (bsc#1175898, ECO-2743). - dma-direct: remove __dma_direct_free_pages (bsc#1175898, ECO-2743). - dma-direct: remove the dma_handle argument to __dma_direct_alloc_pages (bsc#1175898, ECO-2743). - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes). - dmaengine: dmatest: Check list for emptiness before access its last entry (git-fixes). - dma-mapping: add a dma_can_mmap helper (bsc#1175898, ECO-2743). - dma-mapping: always use VM_DMA_COHERENT for generic DMA remap (bsc#1175898, ECO-2743). - dma-mapping: DMA_COHERENT_POOL should select GENERIC_ALLOCATOR (bsc#1175898, ECO-2743). - dma-mapping: make dma_atomic_pool_init self-contained (bsc#1175898, ECO-2743). - dma-mapping: merge the generic remapping helpers into dma-direct (bsc#1175898, ECO-2743). - dma-mapping: remove arch_dma_mmap_pgprot (bsc#1175898, ECO-2743). - dma-mapping: warn when coherent pool is depleted (bsc#1175898, ECO-2743). - dma-pool: add additional coherent pools to map to gfp mask (bsc#1175898, ECO-2743). - dma-pool: add pool sizes to debugfs (bsc#1175898, ECO-2743). - dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL (bsc#1175898, ECO-2743). - dma-pool: do not allocate pool memory from CMA (bsc#1175898, ECO-2743). - dma-pool: dynamically expanding atomic pools (bsc#1175898, ECO-2743). - dma-pool: Fix an uninitialized variable bug in atomic_pool_expand() (bsc#1175898, ECO-2743). - dma-pool: fix coherent pool allocations for IOMMU mappings (bsc#1175898, ECO-2743). - dma-pool: fix too large DMA pools on medium memory size systems (bsc#1175898, ECO-2743). - dma-pool: get rid of dma_in_atomic_pool() (bsc#1175898, ECO-2743). - dma-pool: introduce dma_guess_pool() (bsc#1175898, ECO-2743). - dma-pool: make sure atomic pool suits device (bsc#1175898, ECO-2743). - dma-pool: Only allocate from CMA when in same memory zone (bsc#1175898, ECO-2743). - dma-pool: scale the default DMA coherent pool size with memory capacity (bsc#1175898, ECO-2743). - dma-remap: separate DMA atomic pools from direct remap code (bsc#1175898, ECO-2743). - dm: Call proper helper to determine dax support (bsc#1177817). - dm/dax: Fix table reference counts (bsc#1178246). - docs: driver-api: remove a duplicated index entry (git-fixes). - EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1152489). - extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips (git-fixes). - HID: hid-input: fix stylus battery reporting (git-fixes). - HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes). - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes). - i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs (git-fixes). - i2c: imx: Fix external abort on interrupt in exit paths (git-fixes). - i2c: rcar: Auto select RESET_CONTROLLER (git-fixes). - i3c: master add i3c_master_attach_boardinfo to preserve boardinfo (git-fixes). - i3c: master: Fix error return in cdns_i3c_master_probe() (git-fixes). - ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes). - ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes). - ibmvnic: set up 200GBPS speed (bsc#1129923 git-fixes). - ida: Free allocated bitmap in error path (git-fixes). - iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes). - iio: adc: gyroadc: fix leak of device node iterator (git-fixes). - iio: adc: stm32-adc: fix runtime autosuspend delay when slow polling (git-fixes). - iio:adc:ti-adc0832 Fix alignment issuewith timestamp (git-fixes). - iio:adc:ti-adc12138 Fix alignment issuewith timestamp (git-fixes). - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes). - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes). - ima: Do not ignore errors from crypto_shash_update() (git-fixes). - ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes). - Input: ati_remote2 - add missing newlines when printing module parameters (git-fixes). - Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes). - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes). - Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes). - Input: stmfts - fix a & vs && typo (git-fixes). - Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes). - Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes). - iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1177739). - ipmi_si: Fix wrong return value in try_smi_init() (git-fixes). - iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes). - kABI: Fix kABI after add CodeSigning extended key usage (bsc#1177353). - leds: mt6323: move period calculation (git-fixes). - lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes). - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes). - memory: omap-gpmc: Fix a couple off by ones (git-fixes). - memory: omap-gpmc: Fix build error without CONFIG_OF (git-fixes). - mfd: sm501: Fix leaks in probe() (git-fixes). - misc: mic: scif: Fix error handling path (git-fixes). - mm: do not panic when links can't be created in sysfs (bsc#1178002). - mm: do not rely on system state to detect hot-plug operations (bsc#1178002). - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)). - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)). - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)). - mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)). - mm: replace memmap_context by meminit_context (bsc#1178002). - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)). - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)). - mtd: lpddr: Fix bad logic in print_drs_error (git-fixes). - mtd: lpddr: fix excessive stack usage with clang (git-fixes). - mtd: mtdoops: Do not write panic data twice (git-fixes). - mtd: rawnand: stm32_fmc2: fix a buffer overflow (git-fixes). - mtd: rawnand: vf610: disable clk on error handling path in probe (git-fixes). - mtd: spinand: gigadevice: Add QE Bit (git-fixes). - mtd: spinand: gigadevice: Only one dummy byte in QUADIO (git-fixes). - mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes). - mwifiex: fix double free (git-fixes). - mwifiex: remove function pointer check (git-fixes). - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes). - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes). - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes). - nl80211: fix non-split wiphy information (git-fixes). - NTB: hw: amd: fix an issueabout leak system resources (git-fixes). - ntb: intel: Fix memleak in intel_ntb_pci_probe (git-fixes). - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748). - nvme-rdma: fix crash when connect rejected (bsc#1174748). - overflow: Include header file with SIZE_MAX declaration (git-fixes). - PCI: aardvark: Check for errors from pci_bridge_emul_init() call (git-fixes). - percpu: fix first chunk size calculation for populated bitmap (git-fixes (mm/percpu)). - perf/x86/amd: Fix sampling Large Increment per Cycle events (bsc#1152489). - perf/x86: Fix n_pair for cancelled txn (bsc#1152489). - pinctrl: mcp23s08: Fix mcp23x17 precious range (git-fixes). - pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser (git-fixes). - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification (bsc#1177353). - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes). - PM: hibernate: Batch hibernate and resume IO requests (bsc#1178079). - powerpc/book3s64/radix: Make radix_mem_block_size 64bit (bsc#1055186 ltc#153436 git-fixes). - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729). - powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729). - powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729). - powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729). - powerpc/papr_scm: Fix warning triggered by perf_stats_show() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729). - powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729). - powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729). - powerpc/pseries: Avoid using addr_to_pfn in real mode (jsc#SLE-9246 git-fixes). - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes). - powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729). - pwm: img: Fix null pointer access in probe (git-fixes). - pwm: lpss: Add range limit check for the base_unit register value (git-fixes). - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes). - qtnfmac: fix resource leaks on unsupported iftype error return path (git-fixes). - r8169: fix operation under forced interrupt threading (git-fixes). - rapidio: fix the missed put_device() for rio_mport_add_riodev (git-fixes). - reset: sti: reset-syscfg: fix struct description warnings (git-fixes). - ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes). - rtc: rx8010: do not modify the global rtc ops (git-fixes). - scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729). - scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA allocations (bsc#1175898, ECO-2743). - slimbus: core: check get_addr before removing laddr ida (git-fixes). - slimbus: core: do not enter to clock pause mode in core (git-fixes). - slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback (git-fixes). - soc: fsl: qbman: Fix return value on success (git-fixes). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: rtl8192u: Do not use GFP_KERNEL in atomic context (git-fixes). - tracing: Check return value of __create_val_fields() before using its result (git-fixes). - tracing: Save normal string variables (git-fixes). - USB: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes). - USB: dwc2: Fix parameter type in function pointer prototype (git-fixes). - USB: dwc3: core: add phy cleanup for probe error handling (git-fixes). - USB: dwc3: core: do not trigger runtime pm when remove driver (git-fixes). - USB: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes). - USB: dwc3: gadget: Resume pending requests after CLEAR_STALL (git-fixes). - USB: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM functionality (git-fixes). - USB: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes). - USB: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes). - usblp: fix race between disconnect() and read() (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - USB: serial: qcserial: fix altsetting probing (git-fixes). - usb: xhci-mtk: Fix typo (git-fixes). - VMCI: check return value of get_user_pages_fast() for errors (git-fixes). - w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes). - watchdog: Fix memleak in watchdog_cdev_register (git-fixes). - watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3 (git-fixes). - watchdog: Use put_device on error (git-fixes). - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1177755). - writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755). - writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755). - X.509: Add CodeSigning extended key usage parsing (bsc#1177353). - x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1152489). - x86/ioapic: Unbreak check_timer() (bsc#1152489). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1177765). - x86/mm: unencrypted non-blocking DMA allocations use coherent pools (bsc#1175898, ECO-2743). - x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pvcallsback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - xfs: force the log after remapping a synchronous-writes file (git-fixes). - xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes). ----------------------------------------- Patch: SUSE-2020-3123 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Severity: important References: 1177460,1178346,1178350,1178353 Description: This update for timezone fixes the following issue: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------- Patch: SUSE-2020-3138 Released: Tue Nov 3 12:14:03 2020 Summary: Recommended update for systemd Severity: moderate References: 1104902,1154935,1165502,1167471,1173422,1176513,1176800 Description: This update for systemd fixes the following issue: - seccomp: shm{get,at,dt} now have their own numbers everywhere (bsc#1173422) - test-seccomp: log function names - test-seccomp: add log messages when skipping tests - basic/virt: Detect PowerVM hypervisor (bsc#1176800) - fs-util: suppress world-writable warnings if we read /dev/null - udevadm: rename option '--log-priority' into '--log-level' - udev: rename kernel option 'log_priority' into 'log_level' - fstab-generator: add 'nofail' when NFS 'bg' option is used (bsc#1176513) - Fix memory protection default (bsc#1167471) - cgroup: Support 0-value for memory protection directives and accepts MemorySwapMax=0 (bsc#1154935) - Improve latency and reliability when users log in/out (bsc#1104902, bsc#1165502) ----------------------------------------- Version 1.0.10-OpenStack-Build1.1 2020-11-06T08:01:01 ----------------------------------------- Patch: SUSE-2020-3157 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1177864 Description: This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------- Version 1.0.11-OpenStack-Build1.1 2020-11-07T08:00:26 ----------------------------------------- Patch: SUSE-2020-3199 Released: Fri Nov 6 13:01:11 2020 Summary: Recommended update for SUSEConnect Severity: moderate References: 1155027 Description: This update for SUSEConnect fixes the following issues: - Recognize more formats when parsing the '.curlrc' for proxy credentials. (bsc#1155027) - Add 'rpmlintrc' to filter false-positive warning about patch not applied - Extend the YaST API in order to access to the package search functionality. (jsc#SLE-9109) ----------------------------------------- Version 1.0.11-OpenStack-Build1.2 2020-11-09T12:09:53 ----------------------------------------- Patch: SUSE-2020-3253 Released: Mon Nov 9 07:45:04 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1174697,1176173 Description: This update for mozilla-nss fixes the following issues: - Fixes an issue for Mozilla Firefox which has failed in fips mode (bsc#1174697) - FIPS: Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1176173). ----------------------------------------- Version 1.0.11-OpenStack-Build2.1 2020-11-11T08:00:09 ----------------------------------------- Patch: SUSE-2020-3270 Released: Tue Nov 10 17:53:08 2020 Summary: Recommended update for bind Severity: moderate References: 1175894,1177603,1177790,1177913,1177915,1178078 Description: This update for bind fixes the following issues: - Add '/usr/lib64/named' to the files and directories in bind config to include external plugins for chroot. (bsc#1178078) - Replaced named's dependency on time-sync with a dependency on time-set in 'named.service' to avoid a dependency-loop. (bsc#1177790) - Removed 'dnssec-enable' from named.conf as it has been obsoleted and may break. (bsc#1177915) - Added a comment for reference which should be removed in the future. (bsc#1177603) - Added a comment to the 'dnssec-validation' in named.conf with a reference to forwarders which do not return signed responses. (bsc#1175894) - Replaced an INSIST macro which calls abort with a test and a diagnostic output. (bsc#1177913) ----------------------------------------- Patch: SUSE-2020-3273 Released: Tue Nov 10 19:41:30 2020 Summary: Security update for the Linux Kernel Severity: important References: 1065600,1066382,1149032,1163592,1164648,1170415,1175749,1176354,1177281,1177766,1177799,1177801,1178166,1178173,1178175,1178176,1178177,1178183,1178184,1178185,1178186,1178190,1178191,1178255,1178307,1178330,1178395,CVE-2020-25656,CVE-2020-8694 Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2020-8694: Restricted energy meter to root access (bsc#1170415). The following non-security bugs were fixed: - act_ife: load meta modules before tcf_idr_check_alloc() (networking-stable-20_09_24). - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes). - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes). - block: Set same_page to false in __bio_try_merge_page if ret is false (git-fixes). - Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb (git-fixes). - Bluetooth: Only mark socket zapped after unlocking (git-fixes). - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (git-fixes). - bonding: show saner speed for broadcast mode (networking-stable-20_08_24). - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes). - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes). - btrfs: allocate scrub workqueues outside of locks (bsc#1178183). - btrfs: do not force read-only after error in drop snapshot (bsc#1176354). - btrfs: drop path before adding new uuid tree entry (bsc#1178176). - btrfs: fix filesystem corruption after a device replace (bsc#1178395). - btrfs: fix NULL pointer dereference after failure to create snapshot (bsc#1178190). - btrfs: fix overflow when copying corrupt csums for a message (bsc#1178191). - btrfs: fix space cache memory leak after transaction abort (bsc#1178173). - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks (bsc#1178395). - btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing (bsc#1178395). - btrfs: set the correct lockdep class for new nodes (bsc#1178184). - btrfs: set the lockdep class for log tree extent buffers (bsc#1178186). - can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes). - ceph: promote to unsigned long long before shifting (bsc#1178175). - crypto: ccp - fix error handling (git-fixes). - cxgb4: fix memory leak during module unload (networking-stable-20_09_24). - cxgb4: Fix offset when clearing filter byte counters (networking-stable-20_09_24). - Disable ipa-clones dump for KMP builds (bsc#1178330) The feature is not really useful for KMP, and rather confusing, so let's disable it at building out-of-tree codes - Disable module compression on SLE15 SP2 (bsc#1178307) - dmaengine: dw: Activate FIFO-mode for memory peripherals only (git-fixes). - eeprom: at25: set minimum read/write access stride to 1 (git-fixes). - futex: Adjust absolute futex timeouts with per time namespace offset (bsc#1164648). - futex: Consistently use fshared as boolean (bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1149032). - futex: Remove put_futex_key() (bsc#1149032). - futex: Remove unused or redundant includes (bsc#1149032). - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24). - gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11). - HID: ite: Add USB id match for Acer One S1003 keyboard dock (git-fixes). - ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897). - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes). - icmp: randomize the global rate limiter (git-fixes). - ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24). - ipv4: Initialize flowi4_multipath_hash in data path (networking-stable-20_09_24). - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes). - ipv4: Update exception handling for multipath routes via same device (networking-stable-20_09_24). - ipv6: avoid lockdep issue in fib6_del() (networking-stable-20_09_24). - ipv6: Fix sysctl max for fib_multipath_hash_policy (networking-stable-20_09_11). - ipvlan: fix device features (networking-stable-20_08_24). - kallsyms: Refactor kallsyms_show_value() to take cred (git-fixes). - kbuild: enforce -Werror=return-type (bsc#1177281). - KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (git-fixes). - libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178177). - mac80211: handle lack of sband->bitrates in rates (git-fixes). - mailbox: avoid timer start from callback (git-fixes). - media: ati_remote: sanity check for both endpoints (git-fixes). - media: bdisp: Fix runtime PM imbalance on error (git-fixes). - media: exynos4-is: Fix a reference count leak (git-fixes). - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes). - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes). - media: firewire: fix memory leak (git-fixes). - media: i2c: ov5640: Enable data pins on poweron for DVP mode (git-fixes). - media: i2c: ov5640: Remain in power down for DVP mode unless streaming (git-fixes). - media: i2c: ov5640: Separate out mipi configuration from s_power (git-fixes). - media: media/pci: prevent memory leak in bttv_probe (git-fixes). - media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes). - media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes). - media: rcar_drif: Allocate v4l2_async_subdev dynamically (git-fixes). - media: rcar_drif: Fix fwnode reference leak when parsing DT (git-fixes). - media: saa7134: avoid a shift overflow (git-fixes). - media: st-delta: Fix reference count leak in delta_run_work (git-fixes). - media: sti: Fix reference count leaks (git-fixes). - media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes). - media: venus: core: Fix runtime PM imbalance in venus_probe (git-fixes). - media: vsp1: Fix runtime PM imbalance on error (git-fixes). - mic: vop: copy data to kernel space then write to io memory (git-fixes). - misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes). - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes). - mm: fix a race during THP splitting (bsc#1178255). - mm: madvise: fix vma user-after-free (git-fixes). - mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes). - module: Correctly truncate sysfs sections output (git-fixes). - module: Do not expose section addresses to non-CAP_SYSLOG (git-fixes). - module: Refactor section attr into bin attribute (git-fixes). - module: statically initialize init section freeing data (git-fixes). - mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes). - net/core: check length before updating Ethertype in skb_mpls_{push,pop} (git-fixes). - net/mlx5: Fix FTE cleanup (networking-stable-20_09_24). - net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported (networking-stable-20_09_24). - net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported (networking-stable-20_09_24). - net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow (networking-stable-20_08_24). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (networking-stable-20_08_24). - net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under RCU (networking-stable-20_09_24). - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (networking-stable-20_09_24). - net: disable netpoll on fresh napis (networking-stable-20_09_11). - net: dsa: b53: check for timeout (networking-stable-20_08_24). - net: dsa: rtl8366: Properly clear member config (networking-stable-20_09_24). - net: fec: correct the error path for regulator disable in probe (networking-stable-20_08_24). - net: Fix bridge enslavement failure (networking-stable-20_09_24). - net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24). - net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11). - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24). - net: lantiq: Disable IRQs only if NAPI gets scheduled (networking-stable-20_09_24). - net: lantiq: Use napi_complete_done() (networking-stable-20_09_24). - net: lantiq: use netif_tx_napi_add() for TX NAPI (networking-stable-20_09_24). - net: lantiq: Wake TX queue again (networking-stable-20_09_24). - net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24). - net: phy: Do not warn in phy_stop() on PHY_DOWN (networking-stable-20_09_24). - net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24). - net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant (networking-stable-20_09_24). - net: sctp: Fix negotiation of the number of data streams (networking-stable-20_08_24). - net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11). - net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11). - net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes). - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes). - netlabel: fix problems with mapping removal (networking-stable-20_09_11). - nfp: use correct define to return NONE fec (networking-stable-20_09_24). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - r8169: fix issue with forced threading in combination with shared interrupts (git-fixes). - rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886) The in-tree KMP that is built with SLE kernels have a different scriptlet that is embedded in kernel-binary.spec.in rather than *.sh files. - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - rtl8xxxu: prevent potential memory leak (git-fixes). - rtw88: increse the size of rx buffer size (git-fixes). - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177799 LTC#188733). - s390/dasd: Fix zero write for FBA devices (bsc#1177801 LTC#188735). - scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226). - sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11). - selftests/timers: Turn off timeout setting (git-fixes). - spi: spi-s3c64xx: Check return values (git-fixes). - spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath() (git-fixes). - taprio: Fix allowing too small intervals (networking-stable-20_09_24). - time: Prevent undefined behaviour in timespec64_to_ns() (bsc#1164648). - tipc: fix memory leak caused by tipc_buf_append() (git-fixes). - tipc: Fix memory leak in tipc_group_create_member() (networking-stable-20_09_24). - tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24). - tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11). - tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes). - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24). - tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24). - tty: ipwireless: fix error handling (git-fixes). - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes). - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes). - usb: cdc-acm: handle broken union descriptors (git-fixes). - usb: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes). - usb: core: Solve race condition in anchor cleanup functions (git-fixes). - usb: dwc3: simple: add support for Hikey 970 (git-fixes). - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes). - usb: gadget: function: printer: fix use-after-free in __lock_acquire (git-fixes). - usb: ohci: Default to per-port over-current protection (git-fixes). - x86/alternative: Do not call text_poke() in lazy TLB mode (bsc#1175749). - xen/gntdev.c: Mark pages as dirty (bsc#1065600). - xfs: fix high key handling in the rt allocator's query_range function (git-fixes). - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files (git-fixes). - xfs: limit entries returned when counting fsmap records (git-fixes). ----------------------------------------- Version 1.0.11-OpenStack-Build2.2 2020-11-12T08:01:14 ----------------------------------------- Patch: SUSE-2020-3286 Released: Wed Nov 11 12:24:19 2020 Summary: Recommended update for grub2 Severity: moderate References: 1172952,1176062,1177957,1178278 Description: This update for grub2 fixes the following issues: - Fixed an issue, where the https boot was interrupted by an unrecognized network address error message (bsc#1172952) - Improve the error handling when grub2-install fails with short mbr gap (bsc#1176062) - Fixed an error in grub2-install where it exited with 'failed to get canonical path of `/boot/grub2/i386-pc'.' (bsc#1177957) - Fixed a boot failure issue on blocklist installations (bsc#1178278) ----------------------------------------- Patch: SUSE-2020-3290 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Severity: moderate References: 1174232 Description: This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------- Patch: SUSE-2020-3294 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Severity: moderate References: 1177998 Description: This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------- Version 1.0.11-OpenStack-Build2.4 2020-11-13T08:02:30 ----------------------------------------- Patch: SUSE-2020-3301 Released: Thu Nov 12 13:51:02 2020 Summary: Recommended update for openssh Severity: moderate References: 1177939 Description: This update for openssh fixes the following issues: - Ensure that only approved DH parameters are used in FIPS mode, to meet NIST 800-56arev3 restrictions. (bsc#1177939). ----------------------------------------- Patch: SUSE-2020-3313 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Severity: important References: 1178387,CVE-2020-25692 Description: This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------- Version 1.0.11-OpenStack-Build2.5 2020-11-14T08:01:57 ----------------------------------------- Patch: SUSE-2020-3323 Released: Fri Nov 13 15:25:55 2020 Summary: Recommended update for cloud-init Severity: moderate References: 1174443,1174444,1177526 Description: This update for cloud-init contains the following fixes: + Avoid exception if no gateway information is present and warning is triggered for existing routing. (bsc#1177526) Update to version 20.2 (bsc#1174443, bsc#1174444) + doc/format: reference make-mime.py instead of an inline script (#334) + Add docs about creating parent folders (#330) [Adrian Wilkins] + DataSourceNoCloud/OVF: drop claim to support FTP (#333) (LP: #1875470) + schema: ignore spurious pylint error (#332) + schema: add json schema for write_files module (#152) + BSD: find_devs_with_ refactoring (#298) [Goneri Le Bouder] + nocloud: drop work around for Linux 2.6 (#324) [Goneri Le Bouder] + cloudinit: drop dependencies on unittest2 and contextlib2 (#322) + distros: handle a potential mirror filtering error case (#328) + log: remove unnecessary import fallback logic (#327) + .travis.yml: don't run integration test on ubuntu/* branches (#321) + More unit test documentation (#314) + conftest: introduce disable_subp_usage autouse fixture (#304) + YAML align indent sizes for docs readability (#323) [Tak Nishigori] + network_state: add missing space to log message (#325) + tests: add missing mocks for get_interfaces_by_mac (#326) (LP: #1873910) + test_mounts: expand happy path test for both happy paths (#319) + cc_mounts: fix incorrect format specifiers (#316) (LP: #1872836) + swap file 'size' being used before checked if str (#315) [Eduardo Otubo] + HACKING.rst: add pytest version gotchas section (#311) + docs: Add steps to re-run cloud-id and cloud-init (#313) [Joshua Powers] + readme: OpenBSD is now supported (#309) [Goneri Le Bouder] + net: ignore 'renderer' key in netplan config (#306) (LP: #1870421) + Add support for NFS/EFS mounts (#300) [Andrew Beresford] (LP: #1870370) + openbsd: set_passwd should not unlock user (#289) [Goneri Le Bouder] + tools/.github-cla-signers: add beezly as CLA signer (#301) + util: remove unnecessary lru_cache import fallback (#299) + HACKING.rst: reorganise/update CLA signature info (#297) + distros: drop leading/trailing hyphens from mirror URL labels (#296) + HACKING.rst: add note about variable annotations (#295) + CiTestCase: stop using and remove sys_exit helper (#283) + distros: replace invalid characters in mirror URLs with hyphens (#291) (LP: #1868232) + rbxcloud: gracefully handle arping errors (#262) [Adam Dobrawy] + Fix cloud-init ignoring some misdeclared mimetypes in user-data. [Kurt Garloff] + net: ubuntu focal prioritize netplan over eni even if both present (#267) (LP: #1867029) + cloudinit: refactor util.is_ipv4 to net.is_ipv4_address (#292) + net/cmdline: replace type comments with annotations (#294) + HACKING.rst: add Type Annotations design section (#293) + net: introduce is_ip_address function (#288) + CiTestCase: remove now-unneeded parse_and_read helper method (#286) + .travis.yml: allow 30 minutes of inactivity in cloud tests (#287) + sources/tests/test_init: drop use of deprecated inspect.getargspec (#285) + setup.py: drop NIH check_output implementation (#282) + Identify SAP Converged Cloud as OpenStack [Silvio Knizek] + add Openbsd support (#147) [Goneri Le Bouder] + HACKING.rst: add examples of the two test class types (#278) + VMWware: support to update guest info gc status if enabled (#261) [xiaofengw-vmware] + Add lp-to-git mapping for kgarloff (#279) + set_passwords: avoid chpasswd on BSD (#268) [Goneri Le Bouder] + HACKING.rst: add Unit Testing design section (#277) + util: read_cc_from_cmdline handle urlencoded yaml content (#275) + distros/tests/test_init: add tests for _get_package_mirror_info (#272) + HACKING.rst: add links to new Code Review Process doc (#276) + freebsd: ensure package update works (#273) [Goneri Le Bouder] + doc: introduce Code Review Process documentation (#160) + tools: use python3 (#274) + cc_disk_setup: fix RuntimeError (#270) (LP: #1868327) + cc_apt_configure/util: combine search_for_mirror implementations (#271) + bsd: boottime does not depend on the libc soname (#269) [Goneri Le Bouder] + test_oracle,DataSourceOracle: sort imports (#266) + DataSourceOracle: update .network_config docstring (#257) + cloudinit/tests: remove unneeded with_logs configuration (#263) + .travis.yml: drop stale comment (#255) + .gitignore: add more common directories (#258) + ec2: render network on all NICs and add secondary IPs as static (#114) (LP: #1866930) + ec2 json validation: fix the reference to the 'merged_cfg' key (#256) [Paride Legovini] + releases.yaml: quote the Ubuntu version numbers (#254) [Paride Legovini] + cloudinit: remove six from packaging/tooling (#253) + util/netbsd: drop six usage (#252) + workflows: introduce stale pull request workflow (#125) + cc_resolv_conf: introduce tests and stabilise output across Python versions (#251) + fix minor issue with resolv_conf template (#144) [andreaf74] + doc: CloudInit also support NetBSD (#250) [Goneri Le Bouder] + Add Netbsd support (#62) [Goneri Le Bouder] + tox.ini: avoid substition syntax that causes a traceback on xenial (#245) + Add pub_key_ed25519 to cc_phone_home (#237) [Daniel Hensby] + Introduce and use of a list of GitHub usernames that have signed CLA (#244) + workflows/cla.yml: use correct username for CLA check (#243) + tox.ini: use xenial version of jsonpatch in CI (#242) + workflows: CLA validation altered to fail status on pull_request (#164) + tox.ini: bump pyflakes version to 2.1.1 (#239) + cloudinit: move to pytest for running tests (#211) + instance-data: add cloud-init merged_cfg and sys_info keys to json (#214) (LP: #1865969) + ec2: Do not fallback to IMDSv1 on EC2 (#216) + instance-data: write redacted cfg to instance-data.json (#233) (LP: #1865947) + net: support network-config:disabled on the kernel commandline (#232) (LP: #1862702) + ec2: only redact token request headers in logs, avoid altering request (#230) (LP: #1865882) + docs: typo fixed: dta → data [Alexey Vazhnov] + Fixes typo on Amazon Web Services (#217) [Nick Wales] + Fix docs for OpenStack DMI Asset Tag (#228) [Mark T. Voelker] (LP: #1669875) + Add physical network type: cascading to openstack helpers (#200) [sab-systems] + tests: add focal integration tests for ubuntu (#225) - From 20.1 (first vesrion after 19.4) + ec2: Do not log IMDSv2 token values, instead use REDACTED (#219) (LP: #1863943) + utils: use SystemRandom when generating random password. (#204) [Dimitri John Ledkov] + docs: mount_default_files is a list of 6 items, not 7 (#212) + azurecloud: fix issues with instances not starting (#205) (LP: #1861921) + unittest: fix stderr leak in cc_set_password random unittest output. (#208) + cc_disk_setup: add swap filesystem force flag (#207) + import sysvinit patches from freebsd-ports tree (#161) [Igor Galić] + docs: fix typo (#195) [Edwin Kofler] + sysconfig: distro-specific config rendering for BOOTPROTO option (#162) [Robert Schweikert] (LP: #1800854) + cloudinit: replace 'from six import X' imports (except in util.py) (#183) + run-container: use 'test -n' instead of 'test ! -z' (#202) [Paride Legovini] + net/cmdline: correctly handle static ip= config (#201) [Dimitri John Ledkov] (LP: #1861412) + Replace mock library with unittest.mock (#186) + HACKING.rst: update CLA link (#199) + Scaleway: Fix DatasourceScaleway to avoid backtrace (#128) [Louis Bouchard] + cloudinit/cmd/devel/net_convert.py: add missing space (#191) + tools/run-container: drop support for python2 (#192) [Paride Legovini] + Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789) + Make the RPM build use Python 3 (#190) [Paride Legovini] + cc_set_password: increase random pwlength from 9 to 20 (#189) (LP: #1860795) + .travis.yml: use correct Python version for xenial tests (#185) + cloudinit: remove ImportError handling for mock imports (#182) + Do not use fallocate in swap file creation on xfs. (#70) [Eduardo Otubo] (LP: #1781781) + .readthedocs.yaml: install cloud-init when building docs (#181) (LP: #1860450) + Introduce an RTD config file, and pin the Sphinx version to the RTD default (#180) + Drop most of the remaining use of six (#179) + Start removing dependency on six (#178) + Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy] + docs: add proposed SRU testing procedure (#167) + util: rename get_architecture to get_dpkg_architecture (#173) + Ensure util.get_architecture() runs only once (#172) + Only use gpart if it is the BSD gpart (#131) [Conrad Hoffmann] + freebsd: remove superflu exception mapping (#166) [Goneri Le Bouder] + ssh_auth_key_fingerprints_disable test: fix capitalization (#165) [Paride Legovini] + util: move uptime's else branch into its own boottime function (#53) [Igor Galić] (LP: #1853160) + workflows: add contributor license agreement checker (#155) + net: fix rendering of 'static6' in network config (#77) (LP: #1850988) + Make tests work with Python 3.8 (#139) [Conrad Hoffmann] + fixed minor bug with mkswap in cc_disk_setup.py (#143) [andreaf74] + freebsd: fix create_group() cmd (#146) [Goneri Le Bouder] + doc: make apt_update example consistent (#154) + doc: add modules page toc with links (#153) (LP: #1852456) + Add support for the amazon variant in cloud.cfg.tmpl (#119) [Frederick Lefebvre] + ci: remove Python 2.7 from CI runs (#137) + modules: drop cc_snap_config config module (#134) + migrate-lp-user-to-github: ensure Launchpad repo exists (#136) + docs: add initial troubleshooting to FAQ (#104) [Joshua Powers] + doc: update cc_set_hostname frequency and descrip (#109) [Joshua Powers] (LP: #1827021) + freebsd: introduce the freebsd renderer (#61) [Goneri Le Bouder] + cc_snappy: remove deprecated module (#127) + HACKING.rst: clarify that everyone needs to do the LP->GH dance (#130) + freebsd: cloudinit service requires devd (#132) [Goneri Le Bouder] + cloud-init: fix capitalisation of SSH (#126) + doc: update cc_ssh clarify host and auth keys [Joshua Powers] (LP: #1827021) + ci: emit names of tests run in Travis (#120) ----------------------------------------- Version 1.0.11-OpenStack-Build2.7 2020-11-18T08:00:50 ----------------------------------------- Patch: SUSE-2020-3358 Released: Tue Nov 17 13:17:10 2020 Summary: Security update for tcpdump Severity: moderate References: 1178466,CVE-2020-8037 Description: This update for tcpdump fixes the following issues: - CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466). ----------------------------------------- Version 1.0.12-OpenStack-Build1.1 2020-11-20T08:02:49 ----------------------------------------- Patch: SUSE-2020-3377 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Severity: moderate References: 1178512,CVE-2020-28196 Description: This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------- Patch: SUSE-2020-3381 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Severity: moderate References: 1177458,1177490,1177510 Description: This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------- Patch: SUSE-2020-3382 Released: Thu Nov 19 11:03:01 2020 Summary: Recommended update for dmidecode Severity: moderate References: 1174257 Description: This update for dmidecode fixes the following issues: - Add partial support for SMBIOS 3.4.0. (bsc#1174257) - Skip details of uninstalled memory modules. (bsc#1174257) ----------------------------------------- Patch: SUSE-2020-3412 Released: Thu Nov 19 12:44:57 2020 Summary: Security update for xen Severity: important References: 1027519,1177950,1178591,CVE-2020-28368 Description: This update for xen fixes the following issues: Security issue fixed: - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591). Non-security issues fixed: - Updated to Xen 4.13.2 bug fix release (bsc#1027519). - Fixed a panic during MSI cleanup on AMD hardware (bsc#1027519). - Adjusted help for --max_iters, default is 5 (bsc#1177950). ----------------------------------------- Patch: SUSE-2020-3420 Released: Thu Nov 19 13:40:55 2020 Summary: Recommended update for multipath-tools Severity: moderate References: 1162896,1178354 Description: This update for multipath-tools fixes the following issues: - Avoid reading files extensions other than '.conf' from config dir. (bsc#1162896) - Fix wrong usage of '%service_del_preun -n' macro in spec file. (bsc#1178354) ----------------------------------------- Version 1.0.12-OpenStack-Build1.3 2020-11-21T08:01:55 ----------------------------------------- Patch: SUSE-2020-3461 Released: Fri Nov 20 13:09:07 2020 Summary: Recommended update for bind Severity: low References: 1177983 Description: This update for bind fixes the following issue: - Build the 'Administrator Reference Manual' which is built using python3-Sphinx (bsc#1177983) ----------------------------------------- Patch: SUSE-2020-3462 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Severity: moderate References: 1174593,1177858,1178727 Description: This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------- Version 1.0.12-OpenStack-Build1.8 2020-11-25T08:01:54 ----------------------------------------- Patch: SUSE-2020-3478 Released: Mon Nov 23 09:33:17 2020 Summary: Security update for c-ares Severity: moderate References: 1178882,CVE-2020-8277 Description: This update for c-ares fixes the following issues: - Version update to 1.17.0 * CVE-2020-8277: Fixed a Denial of Service through DNS request (bsc#1178882) * For further details see https://c-ares.haxx.se/changelog.html ----------------------------------------- Patch: SUSE-2020-3481 Released: Mon Nov 23 11:17:09 2020 Summary: Optional update for vim Severity: low References: 1166602,1173256,1174564,1176549 Description: This update for vim doesn't fix any user visible issues and it is optional to install. - Introduce vim-small package with reduced requirements for small installations (bsc#1166602). - Stop owning /etc/vimrc so the old, distro provided config actually gets removed. - Own some dirs in vim-data-common so installation of vim-small doesn't leave not owned directories. (bsc#1173256) - Add vi as slave to update-alternatives so that every package has a matching 'vi' symlink. (bsc#1174564, bsc#1176549) ----------------------------------------- Patch: SUSE-2020-3498 Released: Tue Nov 24 13:07:16 2020 Summary: Recommended update for dracut Severity: moderate References: 1164076,1177811,1178217 Description: This update for dracut fixes the following issues: - Update from version 049.1+suse.156.g7d852636 to version 049.1+suse.171.g65b2addf: - dracut.sh: FIPS workaround for openssl-libs (bsc#1178217) - 01fips: turn info calls into fips_info calls (bsc#1164076) - 00systemd: add missing cryptsetup-related targets (bsc#1177811) ----------------------------------------- Version 1.0.12-OpenStack-Build1.9 2020-11-26T08:01:34 ----------------------------------------- Patch: SUSE-2020-3517 Released: Wed Nov 25 13:36:40 2020 Summary: Recommended update for cpupower Severity: moderate References: 1177394 Description: This update for cpupower fixes the following issue: - Add AMD Family 19h support. (bsc#1177394) Family 19h processors have the same RAPL (Running average power limit) hardware register interface as Family 17h processors. Change the family checks to succeed for Family 17h and above to enable core and package energy measurement on Family 19h machines. ----------------------------------------- Version 1.0.12-OpenStack-Build1.10 2020-11-27T07:58:43 ----------------------------------------- Patch: SUSE-2020-3534 Released: Thu Nov 26 15:12:41 2020 Summary: Recommended update for kdump Severity: important References: 1173914,1177196 Description: This update for kdump fixes the following issues: - Remove `console=hvc0` from command line. (bsc#1173914) - Set serial console from Xen command line. (bsc#1173914) - Do not add `rd.neednet=1` to dracut command line. (bsc#1177196) ----------------------------------------- Patch: SUSE-2020-3540 Released: Thu Nov 26 15:57:16 2020 Summary: Recommended update for wicked Severity: moderate References: 1168155,1171234,1172082,1174099,959556 Description: This update for wicked fixes the following issues: - Fix to avoid incomplete ifdown/timeout on route deletion error. (bsc#1174099) - Allow 'linuxrc' to send 'RFC2132' without providing the MAC address. (jsc#SLE-15770) - Fixes to ifreload on port changes. (bsc#1168155, bsc#1172082) - Fix schema to use correct 'hwaddr_policy' property. (bsc#1171234) - Enable IPv6 on ports when 'nsna_ping' linkwatch is used. (bsc#959556) ----------------------------------------- Version 1.0.12-OpenStack-Build1.11 2020-12-01T07:58:47 ----------------------------------------- Patch: SUSE-2020-3566 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Severity: important References: 1176262,CVE-2019-20916 Description: This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------- Patch: SUSE-2020-3570 Released: Mon Nov 30 17:14:35 2020 Summary: Recommended update for rsyslog Severity: moderate References: 1178288 Description: This update for rsyslog fixes the following issue: - Fix location and naming of journald dropin. (bsc#1178288) ----------------------------------------- Version 1.0.12-OpenStack-Build1.12 2020-12-02T07:57:54 ----------------------------------------- Patch: SUSE-2020-3581 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Severity: moderate References: 1178376 Description: This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------- Version 1.0.12-OpenStack-Build1.14 2020-12-03T07:58:55 ----------------------------------------- Patch: SUSE-2020-3592 Released: Wed Dec 2 10:31:34 2020 Summary: Security update for python-cryptography Severity: moderate References: 1178168,CVE-2020-25659 Description: This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). ----------------------------------------- Patch: SUSE-2020-3593 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Severity: important References: 1176262,1179193,CVE-2019-20916 Description: This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------- Patch: SUSE-2020-3608 Released: Wed Dec 2 18:16:12 2020 Summary: Recommended update for cloud-init Severity: important References: 1177526,1179150,1179151 Description: This update for cloud-init contains the following fixes: - Add cloud-init-azure-def-usr-pass.patch (bsc#1179150, bsc#1179151) + Properly set the password for the default user in all circumstances - Patch the full package version into the cloud-init version file - Update cloud-init-write-routes.patch (bsc#1177526) + Fix missing default route when dual stack network setup is used. Once a default route was configured for Ipv6 or IPv4 the default route configuration for the othre protocol was skipped. ----------------------------------------- Version 1.0.12-OpenStack-Build1.16 2020-12-04T08:50:12 ----------------------------------------- Patch: SUSE-2020-3615 Released: Thu Dec 3 10:02:02 2020 Summary: Security update for xen Severity: important References: 1177409,1177412,1177413,1177414,1178591,1178963,CVE-2020-27670,CVE-2020-27671,CVE-2020-27672,CVE-2020-27674,CVE-2020-28368 Description: This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) ----------------------------------------- Patch: SUSE-2020-3616 Released: Thu Dec 3 10:56:12 2020 Summary: Recommended update for c-ares Severity: moderate References: 1178882 Description: - Fixed incomplete c-ares-devel dependencies introduced by the privous update (bsc#1178882). ----------------------------------------- Patch: SUSE-2020-3620 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Severity: moderate References: Description: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------- Version 1.0.12-OpenStack-Build1.17 2020-12-06T08:12:14 ----------------------------------------- Patch: SUSE-2020-3626 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Severity: moderate References: 1179515 Description: This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------- Version 1.0.12-OpenStack-Build1.19 2020-12-08T07:40:32 ----------------------------------------- Patch: SUSE-2020-3703 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1179431 Description: This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------- Version 1.0.12-OpenStack-Build1.20 2020-12-09T18:06:15 ----------------------------------------- Patch: SUSE-2020-3721 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Severity: important References: 1179491,CVE-2020-1971 Description: This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------- Patch: SUSE-2020-3723 Released: Wed Dec 9 13:37:55 2020 Summary: Security update for python-urllib3 Severity: moderate References: 1177120,CVE-2020-26137 Description: This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). ----------------------------------------- Version 1.0.12-OpenStack-Build1.21 2020-12-10T07:41:00 ----------------------------------------- Patch: SUSE-2020-3735 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 Description: This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------- Patch: SUSE-2020-3736 Released: Wed Dec 9 18:19:58 2020 Summary: Security update for openssh Severity: moderate References: 1173513,CVE-2020-14145 Description: This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). ----------------------------------------- Version 1.0.15-OpenStack-Build1.2 2020-12-11T12:33:20 ----------------------------------------- Patch: SUSE-2020-3748 Released: Thu Dec 10 14:04:28 2020 Summary: Security update for the Linux Kernel Severity: important References: 1149032,1152489,1153274,1154353,1155518,1160634,1166146,1166166,1167030,1167773,1170139,1171073,1171558,1172873,1173504,1174852,1175306,1175918,1176109,1176180,1176200,1176481,1176586,1176855,1176983,1177066,1177070,1177353,1177397,1177577,1177666,1177703,1177820,1178123,1178182,1178227,1178286,1178304,1178330,1178393,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178635,1178653,1178659,1178661,1178669,1178686,1178740,1178755,1178762,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179211,1179217,1179225,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179442,1179550,CVE-2020-15436,CVE-2020-15437,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-27777,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29371,CVE-2020-4788 Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107) - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721). - CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes). - ACPICA: Add NHLT table signature (bsc#1176200). - ACPI: dock: fix enum-conversion warning (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - Add bug reference to two hv_netvsc patches (bsc#1178853). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: fix kernel-doc markups (git-fixes). - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes). - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes). - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes). - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - arm64: bpf: Fix branch offset in JIT (git-fixes). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes). - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes). - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes). - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes). - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes). - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes). - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes). - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes). - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes). - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes). - ASoC: cs42l51: manage mclk shutdown delay (git-fixes). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ASoC: qcom: sdm845: set driver name correctly (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274). - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes). - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274). - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518). - bpf: Zero-fill re-used per-cpu map element (bsc#1155518). - btrfs: Account for merged patches upstream Move below patches to sorted section. - btrfs: cleanup cow block on error (bsc#1178584). - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217). - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217). - btrfs: fix relocation failure due to race with fallocate (bsc#1179217). - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217). - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217). - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217). - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217). - btrfs: reschedule if necessary when logging directory items (bsc#1178585). - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579). - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes). - can: flexcan: flexcan_setup_stop_mode(): add missing 'req_bit' to stop mode property comment (git-fixes). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179012). - ceph: check session state after bumping session->s_seq (bsc#1179012). - ceph: check the sesion state and return false in case it is closed (bsc#1179012). - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cfg80211: initialize wdev data earlier (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - clk: define to_clk_regmap() as inline function (git-fixes). - Convert trailing spaces and periods in path components (bsc#1179424). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073). - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073). - Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch (bsc#1179419) - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076). - Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process. - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397). - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64. - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001). - EDAC/amd64: Gather hardware information early (bsc#1179001). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001). - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001). - EDAC/amd64: Save max number of controllers to family type (bsc#1179001). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001). - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes). - efi: efibc: check for efivars write capability (git-fixes). - efi: EFI_EARLYCON should depend on EFI (git-fixes). - efi/efivars: Set generic ops before loading SSDT (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Fix the deletion of variables in mixed mode (git-fixes). - efi/x86: Free efi_pgd with free_pages() (git-fixes). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - exfat: fix name_hash computation on big endian systems (git-fixes). - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes). - exfat: fix possible memory leak in exfat_find() (git-fixes). - exfat: fix use of uninitialized spinlock on error path (git-fixes). - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes). - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes). - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module. - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1149032). - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes). - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes). - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes). - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes). - hv_balloon: disable warning when floor reached (git-fixes). - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes). - hv_netvsc: Add XDP support (bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820). - hv_netvsc: record hardware hash in skb (bsc#1177820). - hwmon: (pwm-fan) Fix RPM calculation (git-fixes). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i2c: mediatek: move dma reset before i2c reset (git-fixes). - i2c: sh_mobile: implement atomic transfers (git-fixes). - igc: Fix not considering the TX delay for timestamps (bsc#1160634). - igc: Fix wrong timestamp latency numbers (bsc#1160634). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - iio: adc: mediatek: fix unset field (git-fixes). - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes). - intel_idle: Customize IceLake server support (bsc#1178286). - ionic: check port ptr before use (bsc#1167773). - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes). - kABI: revert use_mm name change (MM Functionality, bsc#1178426). - kABI workaround for HD-audio (git-fixes). - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes). - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes). - lan743x: fix 'BUG: invalid wait context' when setting rx mode (git-fixes). - lan743x: fix issue causing intermittent kernel log warnings (git-fixes). - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - lib/crc32test: remove extra local_irq_disable/enable (git-fixes). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518). - mac80211: always wind down STA state (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - media: imx274: fix frame interval handling (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes). - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes). - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes). - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426). - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426). - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)). - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235). - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)). - mm, memcg: fix inconsistent oom event behavior (bsc#1178659). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - mm/memcontrol.c: add missed css_put() (bsc#1178661). - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)). - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes). - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)). - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)). - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755). - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (bsc#1174852). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464). - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180). - nvme: do not update disk info for multipathed device (bsc#1171558). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes). - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426). - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321). - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - power: supply: bq27xxx: report 'not charging' on all types (git-fixes). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160). - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449). - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449). - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449). - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449). - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464). - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215). - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes). - reboot: fix overflow parsing reboot cpu number (git-fixes). - Refresh patches.suse/vfs-add-super_operations-get_inode_dev. (bsc#1176983) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc '(kABI: revert use_mm name change (MM Functionality, bsc#1178426))'. - Revert 'cdc-acm: hardening against malicious devices' (git-fixes). - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes). - Revert 'xfs: complain if anyone tries to create a too-large buffer' (bsc#1179425, bsc#1179550). - rfkill: Fix use-after-free in rfkill_resume() (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger - - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead. - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342). - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)). - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227). - sched: Fix rq->nr_iowait ordering (git fixes (sched)). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: libiscsi: Fix NOP race condition (bsc#1176481). - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - spi: lpspi: Fix use-after-free on unbind (git-fixes). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair 'fixed-link' support (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353). - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes). - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes). - timer: Fix wheel index calculation on last level (git-fixes). - timer: Prevent base->clk from moving backward (git-fixes). - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes). - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (git-fixes). - tty: serial: fsl_lpuart: add LS1028A support (git-fixes). - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes). - tty: serial: imx: fix potential deadlock (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - uio: Fix use-after-free in uio_unregister_device() (git-fixes). - uio: free uio id after uio file node is freed (git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: adutux: fix debugging (git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: cdc-acm: fix cooldown mechanism (git-fixes). - USB: core: Change %pK for __user pointers to %px (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: gadget: goku_udc: fix potential crashes in probe (git-fixes). - USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes). - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv_fb: include vmalloc.h (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489). - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166). - xfs: prohibit fs freezing when using empty transactions (bsc#1179442). - xfs: remove unused variable 'done' (bsc#1166166). - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes). - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes). - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes). - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166). - xhci: Fix sizeof() mismatch (git-fixes). - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes). kernel-default-base fixes the following issues: - Add wireguard kernel module (bsc#1179225) - Create the list of crypto kernel modules dynamically, supersedes hardcoded list of crc32 implementations (bsc#1177577) ----------------------------------------- Patch: SUSE-2020-3756 Released: Fri Dec 11 09:12:36 2020 Summary: Recommended update for hwinfo Severity: moderate References: 1177261,1177600 Description: This update for hwinfo fixes the following issues: - Fixed an issue where the DPAA2 network did not come up (bsc#1177600, bsc#1177261) ----------------------------------------- Version 1.0.15-OpenStack-Build1.5 2020-12-15T07:41:19 ----------------------------------------- Patch: SUSE-2020-3791 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Severity: moderate References: Description: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------- Version 1.0.15-OpenStack-Build1.6 2020-12-16T07:40:20 ----------------------------------------- Patch: SUSE-2020-3809 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Severity: moderate References: 1178346 Description: This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------- Version 1.0.15-OpenStack-Build1.7 2020-12-17T07:41:10 ----------------------------------------- Patch: SUSE-2020-3853 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 Description: This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942) ----------------------------------------- Version 1.0.15-OpenStack-Build1.11 2020-12-23T07:41:30 ----------------------------------------- Patch: SUSE-2020-3915 Released: Tue Dec 22 14:16:27 2020 Summary: Security update for xen Severity: moderate References: 1027519,1176782,1179496,1179498,1179501,1179502,1179506,1179514,1179516,CVE-2020-29480,CVE-2020-29481,CVE-2020-29483,CVE-2020-29484,CVE-2020-29566,CVE-2020-29570,CVE-2020-29571 Description: This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) ----------------------------------------- Patch: SUSE-2020-3923 Released: Tue Dec 22 15:22:42 2020 Summary: Recommended update for kexec-tools Severity: moderate References: 1174508,1176606 Description: This update for kexec-tools fixes the following issues: - Xen 4.7 introduced _soft-reset_ for HVM domUs. (bsc#1176606, bsc#1174508) This host feature removes the requirement to _un-ballon_ the `domU` prior `kexec`. With Xen 4.13 _cpuid faulting_ became the default, which affects the approach used before to detect the _domU_ type. As a result, invoking kexec in _dom0_ failed. ----------------------------------------- Version 1.0.15-OpenStack-Build1.12 2020-12-30T07:39:39 ----------------------------------------- Patch: SUSE-2020-3930 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 Description: This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(…). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------- Patch: SUSE-2020-3942 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Severity: moderate References: 1180138 Description: This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------- Patch: SUSE-2020-3943 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Severity: moderate References: 1178823 Description: This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------- Patch: SUSE-2020-3946 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Severity: important References: 1180377 Description: This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------- Version 1.0.15-OpenStack-Build1.15 2021-01-05T07:40:55 ----------------------------------------- Patch: SUSE-2021-6 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 Description: This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------- Patch: SUSE-2021-10 Released: Mon Jan 4 10:01:52 2021 Summary: Recommended update for dmidecode Severity: moderate References: 1174257 Description: This update for dmidecode fixes the following issue: - Two missing commas in the data arrays cause 'OUT OF SPEC' messages during the index resolution. (bnc#1174257) ----------------------------------------- Version 1.0.17-OpenStack-Build1.3 2021-01-13T07:42:42 ----------------------------------------- Patch: SUSE-2021-73 Released: Tue Jan 12 10:24:50 2021 Summary: Recommended update for SUSEConnect Severity: low References: Description: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. ----------------------------------------- Version 1.0.17-OpenStack-Build1.5 2021-01-14T07:42:46 ----------------------------------------- Patch: SUSE-2021-109 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 Description: This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------- Patch: SUSE-2021-117 Released: Thu Jan 14 06:14:36 2021 Summary: Security update for the Linux Kernel Severity: moderate References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1163727,1165933,1167657,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175480,1175995,1176396,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178372,1178590,1178612,1178634,1178660,1178756,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506,1180541,1180559,1180566,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28374,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158 Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-27830: Fixed a null pointer dereference in speakup (bsc#1179656). - CVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435). - CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601). The following non-security bugs were fixed: - ACPI: APEI: Kick the memory_failure() queue for synchronous errors (jsc#SLE-16610). - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G (git-fixes). - ALSA: core: memalloc: add page alignment for iram (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes). - ALSA: hda/hdmi: packet buffer index must be set before reading value (git-fixes). - ALSA: hda/proc - print DP-MST connections (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 (git-fixes). - ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add quirk for MSI-GP73 (git-fixes). - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (git-fixes). - ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: rawmidi: Access runtime->avail always in spinlock (git-fixes). - ALSA: seq: remove useless function (git-fixes). - ALSA: usb-audio: Add generic implicit fb parsing (bsc#1178203). - ALSA: usb-audio: Add hw constraint for implicit fb sync (bsc#1178203). - ALSA: usb-audio: Add implicit fb support for Steinberg UR22 (git-fixes). - ALSA: usb-audio: Add implicit_fb module option (bsc#1178203). - ALSA: usb-audio: Add quirk for Pioneer DJ DDJ-SR2 (git-fixes). - ALSA: usb-audio: Add snd_usb_get_endpoint() helper (bsc#1178203). - ALSA: usb-audio: Add snd_usb_get_host_interface() helper (bsc#1178203). - ALSA: usb-audio: Add support for Pioneer DJ DDJ-RR controller (git-fixes). - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices (git-fixes). - ALSA: usb-audio: Always set up the parameters after resume (bsc#1178203). - ALSA: usb-audio: Avoid doubly initialization for implicit fb (bsc#1178203). - ALSA: usb-audio: Check implicit feedback EP generically for UAC2 (bsc#1178203). - ALSA: usb-audio: Check valid altsetting at parsing rates for UAC2/3 (bsc#1178203). - ALSA: usb-audio: Constify audioformat pointer references (bsc#1178203). - ALSA: usb-audio: Convert to the common vmalloc memalloc (bsc#1178203). - ALSA: usb-audio: Correct wrongly matching entries with audio class (bsc#1178203). - ALSA: usb-audio: Create endpoint objects at parsing phase (bsc#1178203). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Do not call usb_set_interface() at trigger callback (bsc#1178203). - ALSA: usb-audio: Do not set altsetting before initializing sample rate (bsc#1178203). - ALSA: usb-audio: Drop debug.h (bsc#1178203). - ALSA: usb-audio: Drop keep_interface flag again (bsc#1178203). - ALSA: usb-audio: Drop unneeded snd_usb_substream fields (bsc#1178203). - ALSA: usb-audio: Factor out the implicit feedback quirk code (bsc#1178203). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix EP matching for continuous rates (bsc#1178203). - ALSA: usb-audio: Fix MOTU M-Series quirks (bsc#1178203). - ALSA: usb-audio: Fix possible stall of implicit fb packet ring-buffer (bsc#1178203). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix quirks for other BOSS devices (bsc#1178203). - ALSA: usb-audio: Handle discrete rates properly in hw constraints (bsc#1178203). - ALSA: usb-audio: Improve some debug prints (bsc#1178203). - ALSA: usb-audio: Move device rename and profile quirks to an internal table (bsc#1178203). - ALSA: usb-audio: Move snd_usb_autoresume() call out of setup_hw_info() (bsc#1178203). - ALSA: usb-audio: Pass snd_usb_audio object to quirk functions (bsc#1178203). - ALSA: usb-audio: Properly match with audio interface class (bsc#1178203). - ALSA: usb-audio: Quirk for BOSS GT-001 (bsc#1178203). - ALSA: usb-audio: Refactor endpoint management (bsc#1178203). - ALSA: usb-audio: Refactoring endpoint URB deactivation (bsc#1178203). - ALSA: usb-audio: Replace slave/master terms (bsc#1178203). - ALSA: usb-audio: Set and clear sync EP link properly (bsc#1178203). - ALSA: usb-audio: Set callbacks via snd_usb_endpoint_set_callback() (bsc#1178203). - ALSA: usb-audio: Show sync endpoint information in proc outputs (bsc#1178203). - ALSA: usb-audio: Simplify hw_params rules (bsc#1178203). - ALSA: usb-audio: Simplify quirk entries with a macro (bsc#1178203). - ALSA: usb-audio: Simplify rate_min/max and rates set up (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_pitch() arguments (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_sample_rate() arguments (bsc#1178203). - ALSA: usb-audio: Stop both endpoints properly at error (bsc#1178203). - ALSA: usb-audio: Support PCM sync_stop (bsc#1178203). - ALSA: usb-audio: Track implicit fb sync endpoint in audioformat list (bsc#1178203). - ALSA: usb-audio: Unify the code for the next packet size calculation (bsc#1178203). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG Strix TRX40 mobo (bsc#1178203). - ALSA: usb-audio: Use atomic_t for endpoint use_count (bsc#1178203). - ALSA: usb-audio: Use managed buffer allocation (bsc#1178203). - ALSA: usb-audio: Use unsigned char for iface and altsettings fields (bsc#1178203). - ALSA: usb-audio: workaround for iface reset issue (bsc#1178203). - arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (jsc#SLE-16610). - ASoC: amd: change clk_get() to devm_clk_get() and add missed checks (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable quirks (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: meson: fix COMPILE_TEST error (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: SOF: control: fix size checks for ext_bytes control .get() (git-fixes). - ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode (git-fixes). - ASoC: tegra20-spdif: remove 'default m' (git-fixes). - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: fix error return code in wm_adsp_load() (git-fixes). - ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - batman-adv: Consider fragmentation for needed_headroom (git-fixes). - batman-adv: Do not always reallocate the fragmentation skb head (git-fixes). - batman-adv: Reserve needed_*room for fragments (git-fixes). - blk-mq: Remove 'running from the wrong CPU' warning (bsc#1174486). - block: return status code in blk_mq_end_request() (bsc#1171000, bsc#1165933). - Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware() (git-fixes). - Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware() (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - Bluetooth: hci_h5: fix memory leak in h5_close (git-fixes). - bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address() (git-fixes). - btrfs: add missing check for nocow and compression inode flags (bsc#1178780). - btrfs: allow btrfs_truncate_block() to fallback to nocow for data space reservation (bsc#1161099). - btrfs: delete duplicated words + other fixes in comments (bsc#1180566). - btrfs: do not commit logs and transactions during link and rename operations (bsc#1180566). - btrfs: do not take the log_mutex of the subvolume when pinning the log (bsc#1180566). - btrfs: fix readahead hang and use-after-free after removing a device (bsc#1179963). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: c_can: c_can_power_up(): fix error handling (git-fixes). - can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - clk: at91: sam9x60: remove atmel,osc-bypass support (git-fixes). - clk: ingenic: Fix divider calculation with div tables (git-fixes). - clk: mediatek: Make mtk_clk_register_mux() a static function (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: renesas: r9a06g032: Drop __packed for portability (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Do not return 0 on failure (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI (git-fixes). - clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne (git-fixes). - clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() (git-fixes). - clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path (git-fixes). - compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use (bsc#1178203). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: ap806: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: vexpress-spc: Add missing MODULE_ALIAS (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: atmel-i2c - select CONFIG_BITREVERSE (git-fixes). - crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd (git-fixes). - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() (git-fixes). - crypto: inside-secure - Fix sizeof() mismatch (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: sun4i-ss - add the A33 variant of SS (git-fixes). - crypto: talitos - Endianess in current_desc_hdr() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: Fix wrong return value in dm_update_plane_state() (bsc#1152489) - drm/amdgpu: pass NULL pointer instead of 0 (bsc#1152489) Backporting changes: * context fixes - drm/crc-debugfs: Fix memleak in crc_control_write (bsc#1152472) - drm/gma500: fix error check (bsc#1152472) Backporting changes: * context fixes - drm/i915/gem: Avoid implicit vmap for highmem on x86-32 (bsc#1152489) Backporting changes: * context fixes - drm/i915: Fix sha_text population code (bsc#1152489) Backporting changes: * context fixes * adapted I/O functions to old driver - drm/imx: tve remove extraneous type qualifier (bsc#1152489) - drm/mediatek: Add exception handing in mtk_drm_probe() if component (bsc#1152472) - drm/mediatek: Add missing put_device() call in (bsc#1152472) - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152472) Backporting changes: * context fixes * adapted to function layout - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1152489) - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (bsc#1152489) Backporting changes: * context fixes - drm/panfrost: Ensure GPU quirks are always initialised (bsc#1152489) - drm/panfrost: increase readl_relaxed_poll_timeout values (bsc#1152472) Backporting changes: * context fixes - drm/radeon: Prefer lower feedback dividers (bsc#1152489) - drm/sun4i: sun8i-csc: Secondary CSC register correction (bsc#1152489) - drm/vc4/vc4_hdmi: fill ASoC card owner (bsc#1152489) - drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1152472) Backporting changes: * context fixes - drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1152489) Backporting changes: * context fixes - drm/vkms: fix xrgb on compute crc (bsc#1152472) Backporting changes: * changed filename from vkms_composer.c to vkms_crc.c * context fixes - drm: mxsfb: check framebuffer pitch (bsc#1152472) Backporting changes: * context fixes - drm: mxsfb: Remove fbdev leftovers (bsc#1152472) Backporting changes: * context fixes - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1152489) - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1152472) Backporting changes: * context fixes - drm: rcar-du: Put reference to VSP device (bsc#1152489) - EDAC/amd64: Do not load on family 0x15, model 0x13 (bsc#1179763). - EDAC/i10nm: Use readl() to access MMIO registers (bsc#1152489). - EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId (bsc#1152489). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ethtool: fix error handling in ethtool_phys_id (git-fixes). - ext4: correctly report 'not supported' for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fail_function: Remove a redundant mutex unlock (bsc#1149032). - fbcon: Remove the superfluous break (bsc#1152472) - firmware: arm_sdei: Document the motivation behind these set_fs() calls (jsc#SLE-16610). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - fs/minix: check return value of sb_getblk() (bsc#1179676). - fs/minix: do not allow getting deleted inodes (bsc#1179677). - fs/minix: fix block limit check for V1 filesystems (bsc#1179680). - fs/minix: reject too-large maximum file size (bsc#1179678). - fs/minix: remove expected error message in block_to_path() (bsc#1179681). - fs/minix: set s_maxbytes correctly (bsc#1179679). - fs/ufs: avoid potential u32 multiplication overflow (bsc#1179682). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes). - geneve: pull IP header before ECN decapsulation (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - genirq/matrix: Deal with the sillyness of for_each_cpu() on UP (bsc#1156315). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpio: mvebu: update Armada XP per-CPU comment (git-fixes). - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices (git-fixes). - HID: Add Logitech Dinovo Edge battery quirk (git-fixes). - HID: add support for Sega Saturn (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: i2c-hid: add Vero K147 to descriptor override (git-fixes). - HID: ite: Replace ABS_MISC 120/121 events with touchpad on/off keypresses (git-fixes). - HID: logitech-hidpp: Add HIDPP_CONSUMER_VENDOR_KEYS quirk for the Dinovo Edge (git-fixes). - HID: uclogic: Add ID for Trust Flex Design Tablet (git-fixes). - HMAT: Register memory-side cache after parsing (bsc#1178660). - HMAT: Skip publishing target info for nodes with no online memory (bsc#1178660). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - IB/isert: Fix unaligned immediate-data handling (bsc#1152489) - IB/mlx4: Add and improve logging (bsc#1152489) - IB/mlx4: Add support for MRA (bsc#1152489) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1152489) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1152489) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1152489) - IB/rdmavt: Fix sizeof mismatch (bsc#1152489) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1152489) - IB/uverbs: Set IOVA on IB MR in uverbs layer (bsc#1152489) - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio:adc:ti-ads124s08: Fix alignment and data leak issues (git-fixes). - iio:adc:ti-ads124s08: Fix buffer being too long (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:light:rpr0521: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:st_uvis25: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:mag3110: Fix alignment and data leak issues (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - iomap: Clear page error before beginning a write (bsc#1179683). - iomap: Mark read blocks uptodate in write_begin (bsc#1179684). - iomap: Set all uptodate bits for an Uptodate page (bsc#1179685). - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (bsc#1179652). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: hook up missing RX handlers (git-fixes). - iwlwifi: pcie: add one missing entry for AX210 (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - jbd2: fix up sparse warnings in checkpoint code (bsc#1179707). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for USB audio driver (bsc#1178203). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page (bsc#1156395). - lan743x: fix for potential NULL pointer dereference with bare card (git-fixes). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1149032). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - media: gspca: Fix memory leak in probe (git-fixes). - media: imx214: Fix stop streaming (git-fixes). - media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE (git-fixes). - media: ipu3-cio2: Remove traces of returned buffers (git-fixes). - media: ipu3-cio2: Return actual subdev format (git-fixes). - media: ipu3-cio2: Serialise access to pad format (git-fixes). - media: ipu3-cio2: Validate mbus format in setting subdev format (git-fixes). - media: max2175: fix max2175_set_csm_mode() error code (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_dec_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_enc_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: tm6000: Fix sizeof() mismatches (git-fixes). - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values (bsc#1180117). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/error_inject: Fix allow_error_inject function signatures (bsc#1179710). - mm/memory-failure: Add memory_failure_queue_kick() (jsc#SLE-16610). - mm/memory_hotplug: shrink zones when offlining memory (bsc#1177679). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - mm: memcg: fix memcg reclaim soft lockup (VM Functionality, bsc#1180056). - mmc: block: Fixup condition for CMD13 polling for RPMB requests (git-fixes). - mmc: pxamci: Fix error return code in pxamci_probe (git-fixes). - mtd: rawnand: gpmi: fix reference count leak in gpmi ops (git-fixes). - mtd: rawnand: gpmi: Fix the random DMA timeout issue (git-fixes). - mtd: rawnand: meson: Fix a resource leak in init (git-fixes). - mtd: rawnand: meson: fix meson_nfc_dma_buffer_release() arguments (git-fixes). - mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read (git-fixes). - mtd: spinand: Fix OOB read (git-fixes). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/x25: prevent a couple of overflows (bsc#1178590). - net: sctp: Rename fallthrough label to unhandled (bsc#1178203). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nvme-fabrics: allow to queue requests for live queues (git-fixes). - nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#1179519). - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context (bsc#1177326). - nvme-fc: cancel async events before freeing event struct (git-fixes). - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#1177326). - nvme-fc: fix error loop in create_hw_io_queues (git-fixes). - nvme-fc: fix io timeout to abort I/O (bsc#1177326). - nvme-fc: remove err_work work item (bsc#1177326). - nvme-fc: remove nvme_fc_terminate_io() (bsc#1177326). - nvme-fc: shorten reconnect delay if possible for FC (git-fixes). - nvme-fc: track error_recovery while connecting (bsc#1177326). - nvme-fc: wait for queues to freeze before calling (git-fixes). - nvme-multipath: fix deadlock between ana_work and scan_work (git-fixes). - nvme-multipath: fix deadlock due to head->lock (git-fixes). - nvme-pci: properly print controller address (git-fixes). - nvme-rdma: avoid race between time out and tear down (bsc#1179519). - nvme-rdma: avoid repeated request completion (bsc#1179519). - nvme-rdma: cancel async events before freeing event struct (git-fixes). - nvme-rdma: fix controller reset hang during traffic (bsc#1179519). - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-rdma: fix timeout handler (bsc#1179519). - nvme-rdma: handle unexpected nvme completion data length (bsc#1178612). - nvme-rdma: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: avoid race between time out and tear down (bsc#1179519). - nvme-tcp: avoid repeated request completion (bsc#1179519). - nvme-tcp: avoid scheduling io_work if we are already polling (bsc#1179519). - nvme-tcp: break from io_work loop if recv failed (bsc#1179519). - nvme-tcp: cancel async events before freeing event struct (git-fixes). - nvme-tcp: do not poll a non-live queue (bsc#1179519). - nvme-tcp: fix controller reset hang during traffic (bsc#1179519). - nvme-tcp: fix possible crash in recv error flow (bsc#1179519). - nvme-tcp: fix possible leakage during error flow (git-fixes). - nvme-tcp: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-tcp: fix timeout handler (bsc#1179519). - nvme-tcp: have queue prod/cons send list become a llist (bsc#1179519). - nvme-tcp: leverage request plugging (bsc#1179519). - nvme-tcp: move send failure to nvme_tcp_try_send (bsc#1179519). - nvme-tcp: optimize network stack with setting msg flags (bsc#1179519). - nvme-tcp: optimize queue io_cpu assignment for multiple queue (git-fixes). - nvme-tcp: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: set MSG_SENDPAGE_NOTLAST with MSG_MORE when we have (bsc#1179519). - nvme-tcp: try to send request in queue_rq context (bsc#1179519). - nvme-tcp: use bh_lock in data_ready (bsc#1179519). - nvme: do not protect ns mutation with ns->head->lock (git-fixes). - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1179519). - nvme: introduce nvme_sync_io_queues (bsc#1179519). - nvme: Revert: Fix controller creation races with teardown (git-fixes). - nvmet-fc: fix missing check for no hostport struct (bsc#1176942). - nvmet-tcp: fix maxh2cdata icresp parameter (bsc#1179892). - ocfs2: fix unbalanced locking (bsc#1180506). - orinoco: Move context allocation after processing the skb (git-fixes). - PCI: brcmstb: Initialize 'tmp' before use (git-fixes). - PCI: Fix overflow in command-line resource alignment requests (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - PCI: iproc: Fix out-of-bound array accesses (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - platform/chrome: cros_ec_spi: Do not overwrite spi::mode (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (git-fixes). - platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (git-fixes). - power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (jsc#SLE-9246 git-fixes). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix allnoconfig build since uaccess flush (bsc#1177666 git-fixes). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() (bsc#1156395). - powerpc/eeh_cache: Fix a possible debugfs deadlock (bsc#1156395). - powerpc/numa: Fix a regression on memoryless node 0 (bsc#1179639 ltc#189002). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Avoid broken GCC __attribute__((optimize)) (bsc#1156395). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - pwm: zx: Add missing cleanup in error path (git-fixes). - qede: Notify qedr when mtu has changed (bsc#1152489) - qtnfmac: fix error return code in qtnf_pcie_probe() (git-fixes). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1152489) - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1152489) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1152489) - RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued() (bsc#1152489) - RDMA/core: Fix reported speed and width (bsc#1152489) - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1152489) - RDMA/core: Free DIM memory in error unwind (bsc#1152489) - RDMA/core: Stop DIM before destroying CQ (bsc#1152489) - RDMA/counter: Allow manually bind QPs with different pids to same counter (bsc#1152489) - RDMA/counter: Only bind user QPs in auto mode (bsc#1152489) - RDMA/hns: Add check for the validity of sl configuration (bsc#1152489) - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1152489) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1152489) - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1152489) - RDMA/hns: Set the unsupported wr opcode (bsc#1152489) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1152489) - RDMA/mlx5: Disable IB_DEVICE_MEM_MGT_EXTENSIONS if IB_WR_REG_MR can't work (bsc#1152489) - RDMA/netlink: Remove CAP_NET_RAW check when dump a raw QP (bsc#1152489) - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1152489) - RDMA/qedr: Endianness warnings cleanup (bsc#1152489) - RDMA/qedr: Fix doorbell setting (bsc#1152489) - RDMA/qedr: Fix inline size returned for iWARP (bsc#1152489) - RDMA/qedr: Fix iWARP active mtu display (bsc#1152489) - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1152489) - RDMA/qedr: Fix qp structure memory leak (bsc#1152489) - RDMA/qedr: Fix resource leak in qedr_create_qp (bsc#1152489) - RDMA/qedr: Fix use of uninitialized field (bsc#1152489) - RDMA/qedr: SRQ's bug fixes (bsc#1152489) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1152489) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1152489) - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (bsc#1152489) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1152489) - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (bsc#1152489) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1152489) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1152489) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1152489) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1152489) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1152489) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1152489) - RDMA/umem: Fix ib_umem_find_best_pgsz() for mappings that cross a page boundary (bsc#1152489) - RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (bsc#1152489) - Re-import the upstream uvcvideo fix; one more fix will be added later (bsc#1180117) - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: axp20x: Fix DLDO2 voltage control register mask for AXP22x (git-fixes). - regulator: mcp16502: add linear_min_sel (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable (git-fixes). - remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() (git-fixes). - remoteproc: qcom: fix reference leak in adsp_start (git-fixes). - rsi: fix error return code in rsi_reset_card() (git-fixes). - rtc: ep93xx: Fix NULL pointer dereference in ep93xx_rtc_read_time (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtw88: debug: Fix uninitialized memory in debugfs code (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: delay draining the TX buffers (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (bsc#1179604 LTC#190151). - s390: add 3f program exception handler (git-fixes). - samples/bpf: Remove unused test_ipip.sh (bsc#1155518). - samples: bpf: Refactor test_cgrp2_sock2 program with libbpf (bsc#1155518). - sched/fair: Fix overutilized update in enqueue_task_fair() (git-fixes) - sched/fair: Fix race between runtime distribution and (git-fixes) - sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes) - sched/fair: Refill bandwidth before scaling (git-fixes) - sched: correct SD_flags returned by tl->sd_flags() (git-fixes) - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049). - scsi: core: Return BLK_STS_AGAIN for ALUA transitioning (bsc#1165933, bsc#1171000). - scsi: fnic: Avoid looping in TRANS ETH on unload (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_FCS_DBG() (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_MAIN_DBG() (bsc#1175079). - scsi: fnic: Set scsi_set_resid() only for underflow (bsc#1175079). - scsi: fnic: Validate io_req before others (bsc#1175079). - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_bsg: Provide correct documentation for a bunch of functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Fix some kernel-doc related issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Remove unused variable 'phba' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvmet: Fix-up some formatting and doc-rot issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Reject CT request for MIB commands (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove set but not used 'qp' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Use generic power management (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: mpt3sas: A small correction in _base_process_reply_queue (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add bypass_dirty_port_flag parameter (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add module parameter multipath_on_hba (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Allocate memory for hba_port objects (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Bump driver version to 35.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Cancel the running work during host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Capture IOC data for debugging purposes (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Define hba_port structure (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Detect tampered Aero and Sea adapters (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Disable DIF when prot_mask set to zero (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not change the DMA coherent mask after allocations (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Dump system registers for debugging (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix double free warnings (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix error returns in BRM_status_show (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix memset() in non-RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix reply queue count in non RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix set but unused variable (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix sync irqs (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix unlock imbalance (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get device objects using sas_address & portID (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get sas_device objects using device's rphy (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle vSES vphy object during HBA reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handling HBA vSES device (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Postprocessing of target and LUN reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove NULL check before freeing function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove pci-dma-compat wrapper API (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove superfluous memset() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename and export interrupt mask/unmask functions (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename function name is_MSB_are_same (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Separate out RDPQ allocation to new function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update driver version to 35.100.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port objects after host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port's sas_address & phy_mask (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: use true,false for bool variables (jsc#SLE-16914, bsc#1177733). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not consume srb greedily (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688 bsc#1172733). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Use constant when it is known (bsc#1171688 bsc#1172733). - scsi: Remove unneeded break statements (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1171688 bsc#1172733). - scsi_dh_alua: return BLK_STS_AGAIN for ALUA transitioning state (bsc#1165933, bsc#1171000). - scsi_dh_alua: set 'transitioning' state on unit attention (bsc#1171000, bsc#1165933). - selftest/bpf: Add missed ip6ip6 test back (bsc#1155518). - selftests/bpf/test_offload.py: Reset ethtool features after failed setting (bsc#1155518). - selftests/bpf: Fix invalid use of strncat in test_sockmap (bsc#1155518). - selftests/bpf: Print reason when a tester could not run a program (bsc#1155518). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: amlogic: canvas: add missing put_device() call in meson_canvas_get() (git-fixes). - soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: geni: More properly switch to DMA mode (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains() (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - speakup: fix uninitialized flush_lock (git-fixes). - spi: atmel-quadspi: Disable clock in probe error path (git-fixes). - spi: atmel-quadspi: Fix AHB memory accesses (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: fix resource leak for drivers without .remove callback (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: mt7621: Disable clock in probe error path (git-fixes). - spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe (git-fixes). - spi: mxs: fix reference leak in mxs_spi_probe (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: sprd: fix reference leak in sprd_spi_remove (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: stm32: fix reference leak in stm32_spi_resume (git-fixes). - spi: synquacer: Disable clock in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - thunderbolt: Fix use-after-free in remove_unplugged_switch() (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: Fix ->session locking (bsc#1179745). - ubifs: dent: Fix some potential memory leaks while iterating entries (bsc#1179703). - ubifs: Do not parse authentication mount options in remount process (bsc#1179688). - ubifs: Fix a memleak after dumping authentication mount options (bsc#1179687). - ubifs: Fix wrong orphan node deletion in ubifs_jnl_update|rename (bsc#1179675). - ubifs: journal: Make sure to not dirty twice for auth nodes (bsc#1179704). - ubifs: mount_ubifs: Release authentication resource in error handling path (bsc#1179689). - ubifs: xattr: Fix some potential memory leaks while iterating entries (bsc#1179690). - udf: Fix memory leak when mounting (bsc#1179712). - usb/max3421: fix return error code in max3421_probe() (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: mtu3: fix memory corruption in mtu3_debugfs_regset() (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: radeon: Fix memleak in radeonfb_pci_register (bsc#1152472) - video: fbdev: sis: fix null ptr dereference (bsc#1152472) - watchdog: armada_37xx: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: Fix potential dereferencing of null pointer (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: sprd: change to use usleep_range() instead of busy loop (git-fixes). - watchdog: sprd: check busy bit before new loading rather than after that (git-fixes). - watchdog: sprd: remove watchdog disable from resume fail path (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - x86/apic/vector: Fix ordering in vector assignment (bsc#1156315). - x86/CPU/AMD: Remove amd_get_nb_id() (bsc#1152489). - x86/CPU/AMD: Save AMD NodeId as cpu_die_id (bsc#1152489). - x86/ima: use correct identifier for SetupMode variable (bsc#1152489). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1152489). - x86/mce: Do not overwrite no_way_out if mce_end() fails (bsc#1152489). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1152489). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1152489). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1152489). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1152489). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1152489). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1152489). - x86/topology: Set cpu_die_id only if DIE_TYPE found (bsc#1152489). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1152489). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). ----------------------------------------- Version 1.0.18-OpenStack-Build1.1 2021-01-15T11:43:25 ----------------------------------------- Patch: SUSE-2021-127 Released: Thu Jan 14 10:30:23 2021 Summary: Security update for open-iscsi Severity: important References: 1179440,1179908 Description: This update for open-iscsi fixes the following issues: - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908, including: * uip: check for TCP urgent pointer past end of frame * uip: check for u8 overflow when processing TCP options * uip: check for header length underflow during checksum calculation * fwparam_ppc: Fix memory leak in fwparam_ppc.c * iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c * fwparam_ppc: Fix illegal memory access in fwparam_ppc.c * sysfs: Verify parameter of sysfs_device_get() * fwparam_ppc: Fix NULL pointer dereference in find_devtree() * open-iscsi: Clean user_param list when process exit * iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev() * open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req() * open-iscsi: Fix invalid pointer deference in find_initiator() * iscsiuio: Fix invalid parameter when call fstat() * iscsi-iname: Verify open() return value before calling read() * iscsi_sysfs: Fix NULL pointer deference in iscsi_sysfs_read_iface - Updatged to latest upstream, including: * iscsiadm: Optimize the the verification of mode paramters * iscsid: Poll timeout value to 1 minute for iscsid * iscsiadm: fix host stats mode coredump * iscsid: fix logging level when starting and shutting down daemon * Updated iscsiadm man page. * Fix memory leak in sysfs_get_str * libopeniscsiusr: Compare with max int instead of max long - Systemd unit files should not depend on network.target (bsc#1179440). - Updated to latest upstream, including async login ability: * Implement login 'no_wait' for iscsiadm NODE mode * iscsiadm buffer overflow regression when discovering many targets at once * iscsid: Check Invalid Session id for stop connection * Add ability to attempt target logins asynchronously - %service_del_postun_without_restart is now available on SLE More accurately it's been introduced in SLE12-SP2+ and SLE15+ ----------------------------------------- Patch: SUSE-2021-129 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 Description: This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------- Version 1.0.18-OpenStack-Build1.2 2021-01-16T07:40:32 ----------------------------------------- Patch: SUSE-2021-152 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Severity: moderate References: 1179691,1179738 Description: This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------- Version 1.0.18-OpenStack-Build1.7 2021-01-23T09:27:52 ----------------------------------------- Patch: SUSE-2021-169 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Severity: moderate References: 1179816,1180077,1180663,1180721 Description: This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------- Patch: SUSE-2021-174 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Severity: moderate References: 1172695 Description: This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------- Patch: SUSE-2021-179 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------- Patch: SUSE-2021-197 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Severity: moderate References: 1171883,CVE-2020-8025 Description: This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------- Version 1.0.18-OpenStack-Build1.11 2021-01-27T07:39:55 ----------------------------------------- Patch: SUSE-2021-220 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Severity: moderate References: 1180603 Description: This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------- Patch: SUSE-2021-227 Released: Tue Jan 26 19:22:14 2021 Summary: Security update for sudo Severity: important References: 1180684,1180685,1180687,1181090,CVE-2021-23239,CVE-2021-23240,CVE-2021-3156 Description: This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] ----------------------------------------- Version 1.0.18-OpenStack-Build1.12 2021-01-28T07:39:37 ----------------------------------------- Patch: SUSE-2021-233 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 Description: This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------- Version 1.0.18-OpenStack-Build1.13 2021-01-29T07:41:39 ----------------------------------------- Patch: SUSE-2021-239 Released: Fri Jan 29 06:49:13 2021 Summary: Recommended update for btrfsprogs Severity: moderate References: 1174206 Description: This update for btrfsprogs fixes the following issues: - Add patches to fix the logical-resolve lookup process and to accept the 'ignore offsets' kernel feature. (bsc#1174206) ----------------------------------------- Version 1.0.18-OpenStack-Build1.16 2021-02-02T07:40:18 ----------------------------------------- Patch: SUSE-2021-264 Released: Mon Feb 1 15:04:00 2021 Summary: Recommended update for dracut Severity: important References: 1142248,1177870,1180119 Description: This update for dracut fixes the following issues: - As of v246 of systemd 'syslog' and 'syslog-console' switches have been deprecated. (bsc#1180119) - Make collect optional. (bsc#1177870) - Inclusion of dracut modifications to enable 'nvme-fc boo't support. (bsc#1142248) - Add nvmf module. (jsc#ECO-3063) * Implement 'fc,auto' commandline syntax. * Add nvmf-autoconnect script. * Fixup FC connections. * Rework parameter handling. * Fix typo in the example documentation. * Add 'NVMe over TCP' support. * Add module for 'NVMe-oF'. ----------------------------------------- Patch: SUSE-2021-265 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Severity: important References: 1178775,1180885 Description: This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------- Version 1.0.18-OpenStack-Build1.19 2021-02-03T07:40:18 ----------------------------------------- Patch: SUSE-2021-278 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Severity: moderate References: 1181319 Description: This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------- Patch: SUSE-2021-285 Released: Tue Feb 2 13:08:54 2021 Summary: Security update for cups Severity: moderate References: 1170671,1180520,CVE-2019-8842,CVE-2020-10001 Description: This update for cups fixes the following issues: - CVE-2020-10001: Fixed an out-of-bounds read in the ippReadIO function (bsc#1180520). - CVE-2019-8842: Fixed an out-of-bounds read in an extension field (bsc#1170671). ----------------------------------------- Version 1.0.18-OpenStack-Build1.22 2021-02-04T07:39:31 ----------------------------------------- Patch: SUSE-2021-293 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Severity: moderate References: 1180603 Description: This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------- Version 1.0.18-OpenStack-Build1.24 2021-02-05T07:40:09 ----------------------------------------- Patch: SUSE-2021-301 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------- Patch: SUSE-2021-302 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Severity: important References: 1179691 Description: This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------- Version 1.0.18-OpenStack-Build1.26 2021-02-09T07:40:23 ----------------------------------------- Patch: SUSE-2021-339 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Severity: low References: Description: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------- Version 1.0.18-OpenStack-Build1.28 2021-02-10T07:40:12 ----------------------------------------- Patch: SUSE-2021-354 Released: Tue Feb 9 16:38:54 2021 Summary: Security update for the Linux Kernel Severity: important References: 1065600,1149032,1152472,1152489,1153274,1154353,1155518,1163930,1165545,1167773,1172355,1175389,1176395,1176831,1176846,1178142,1178631,1179142,1179396,1179508,1179509,1179567,1179572,1179575,1179878,1180008,1180130,1180264,1180412,1180759,1180765,1180773,1180809,1180812,1180848,1180859,1180889,1180891,1180971,1181014,1181018,1181077,1181104,1181148,1181158,1181161,1181169,1181203,1181217,1181218,1181219,1181220,1181237,1181318,1181335,1181346,1181349,1181425,1181494,1181504,1181511,1181538,1181553,1181584,1181645,CVE-2020-25211,CVE-2020-25639,CVE-2020-27835,CVE-2020-29568,CVE-2020-29569,CVE-2021-0342,CVE-2021-20177,CVE-2021-3347,CVE-2021-3348 Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504). - CVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765). - CVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. (bnc#1180812) - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). The following non-security bugs were fixed: - ACPI/IORT: Do not blindly trust DMA masks from firmware (git-fixes). - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI (git-fixes). - ACPI: scan: Harden acpi_device_add() against device ID overflows (git-fixes). - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error (git-fixes). - ACPI: sysfs: Prefer 'compatible' modalias (git-fixes). - ALSA: doc: Fix reference to mixart.rst (git-fixes). - ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes). - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() (git-fixes). - ALSA: hda: Add Cometlake-R PCI ID (git-fixes). - ALSA: hda/conexant: add a new hda codec CX11970 (git-fixes). - ALSA: hda/hdmi - enable runtime pm for CI AMD display audio (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for more HP laptops (git-fixes). - ALSA: hda/realtek: Add two 'Intel Reference board' SSID in the ALC256 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256 (git-fixes). - ALSA: hda/realtek: Enable mute and micmute LED on HP EliteBook 850 G7 (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 (git-fixes). - ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T (git-fixes). - ALSA: hda/realtek - Modify Dell platform name (git-fixes). - ALSA: hda/realtek: Remove dummy lineout on Acer TravelMate P648/P658 (git-fixes). - ALSA: hda/realtek - Supported Dell fixed type headset (git-fixes). - ALSA: hda/tegra: fix tegra-hda on tegra30 soc (git-fixes). - ALSA: hda/via: Add minimum mute flag (git-fixes). - ALSA: hda/via: Apply the workaround generically for Clevo machines (git-fixes). - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes). - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes). - ALSA: pcm: fix hw_rule deps kABI (bsc#1181014). - ALSA: pcm: One more dependency for hw constraints (bsc#1181014). - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info() (git-fixes). - ALSA: usb-audio: Add quirk for BOSS AD-10 (git-fixes). - ALSA: usb-audio: Add quirk for RC-505 (git-fixes). - ALSA: usb-audio: Always apply the hw constraints for implicit fb sync (bsc#1181014). - ALSA: usb-audio: Annotate the endpoint index in audioformat (git-fixes). - ALSA: usb-audio: Avoid implicit feedback on Pioneer devices (bsc#1181014). - ALSA: usb-audio: Avoid unnecessary interface re-setup (git-fixes). - ALSA: usb-audio: Choose audioformat of a counter-part substream (git-fixes). - ALSA: usb-audio: Fix hw constraints dependencies (bsc#1181014). - ALSA: usb-audio: Fix implicit feedback sync setup for Pioneer devices (git-fixes). - ALSA: usb-audio: Fix the missing endpoints creations for quirks (git-fixes). - ALSA: usb-audio: Fix UAC1 rate setup for secondary endpoints (bsc#1181014). - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks (git-fixes). - ALSA: usb-audio: Set sample rate for all sharing EPs on UAC1 (bsc#1181014). - arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback (bsc#1152489). - arm64: mm: Fix ARCH_LOW_ADDRESS_LIMIT when !CONFIG_ZONE_DMA (git-fixes). - arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (bsc#1180130). - arm64: pgtable: Fix pte_accessible() (bsc#1180130). - ASoC: ak4458: correct reset polarity (git-fixes). - ASoC: dapm: remove widget from dirty list on free (git-fixes). - ASoC: Intel: fix error code cnl_set_dsp_D0() (git-fixes). - ASoC: meson: axg-tdm-interface: fix loopback (git-fixes). - bitmap: remove unused function declaration (git-fixes). - Bluetooth: hci_h5: close serdev device and free hu in h5_close (git-fixes). - Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close (git-fixes). - bnxt_en: Fix AER recovery (jsc#SLE-8371 bsc#1153274). - bpf: Do not leak memory in bpf getsockopt when optlen == 0 (bsc#1155518). - bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback (bsc#1155518). - btrfs: fix missing delalloc new bit for new delalloc ranges (bsc#1180773). - btrfs: make btrfs_dirty_pages take btrfs_inode (bsc#1180773). - btrfs: make btrfs_set_extent_delalloc take btrfs_inode (bsc#1180773). - btrfs: send: fix invalid clone operations when cloning from the same file and root (bsc#1181511). - btrfs: send: fix wrong file path when there is an inode with a pending rmdir (bsc#1181237). - bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes). - cachefiles: Drop superfluous readpages aops NULL check (git-fixes). - can: dev: prevent potential information leak in can_fill_info() (git-fixes). - can: vxcan: vxcan_xmit: fix use after free bug (git-fixes). - CDC-NCM: remove 'connected' log message (git-fixes). - clk: tegra30: Add hda clock default rates to clock driver (git-fixes). - crypto: asym_tpm: correct zero out potential secrets (git-fixes). - crypto: ecdh - avoid buffer overflow in ecdh_set_secret() (git-fixes). - dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate() (git-fixes). - dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate() (git-fixes). - dmaengine: at_hdmac: Substitute kzalloc with kmalloc (git-fixes). - dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk() (git-fixes). - dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the error handling path of the probe function (git-fixes). - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes). - dmaengine: xilinx_dma: fix incompatible param warning in _child_probe() (git-fixes). - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes). - drivers/base/memory.c: indicate all memory blocks as removable (bsc#1180264). - drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling (bsc#1180848). - drivers/perf: hisi: Permit modular builds of HiSilicon uncore drivers (bsc#1180848). - Update config files. - supported.conf: - drm: Added orientation quirk for ASUS tablet model T103HAF (git-fixes). - drm/amd/display: Add missing pflip irq for dcn2.0 (git-fixes). - drm/amd/display: Avoid MST manager resource leak (git-fixes). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: dchubbub p-state warning during surface planes switch (git-fixes). - drm/amd/display: Do not double-buffer DTO adjustments (git-fixes). - drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes). - drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init (git-fixes). - drm/amd/display: Free gamma after calculating legacy transfer function (git-fixes). - drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes). - drm/amd/display: Increase timeout for DP Disable (git-fixes). - drm/amd/display: Reject overlay plane configurations in multi-display scenarios (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amd/display: Retry AUX write when fail occurs (git-fixes). - drm/amd/display: Stop if retimer is not available (git-fixes). - drm/amd/display: update nv1x stutter latencies (git-fixes). - drm/amdgpu: add DID for navi10 blockchain SKU (git-fixes). - drm/amdgpu: correct the gpu reset handling for job != NULL case (git-fixes). - drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is (git-fixes). - drm/amdgpu: do not map BO in reserved region (git-fixes). - drm/amdgpu: fix a GPU hang issue when remove device (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/amdgpu: fix calltrace during kmd unload(v3) (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu: increase the reserved VM size to 2MB (git-fixes). - drm/amdgpu: perform srbm soft reset always on SDMA resume (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu: prevent double kfree ttm->sg (git-fixes). - drm/amdgpu/psp: fix psp gfx ctrl cmds (git-fixes). - drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix leak in dmabuf import (git-fixes). - drm/amdkfd: fix restore worker race condition (git-fixes). - drm/amdkfd: Use same SQ prefetch setting as amdgpu (git-fixes). - drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp setting (git-fixes). - drm/aspeed: Fix Kconfig warning & subsequent build errors (bsc#1152472) - drm/aspeed: Fix Kconfig warning & subsequent build errors (git-fixes). - drm/atomic: put state on error path (git-fixes). - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1152472) - drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes). - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes). - drm/dp_aux_dev: check aux_dev before use in (bsc#1152472) - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/etnaviv: always start/stop scheduler in timeout processing (git-fixes). - drm/exynos: dsi: Remove bridge node reference in error handling path in probe function (git-fixes). - drm/gma500: fix double free of gma_connector (bsc#1152472) Backporting notes: * context changes - drm/gma500: fix double free of gma_connector (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (git-fixes). - drm/i915: Avoid memory leak with more than 16 workarounds on a list (git-fixes). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/i915: Check for all subplatform bits (git-fixes). - drm/i915: clear the gpu reloc batch (git-fixes). - drm/i915: Correctly set SFC capability for video engines (bsc#1152489) Backporting notes: * context changes - drm/i915/display/dp: Compute the correct slice count for VDSC on DP (git-fixes). - drm/i915: Drop runtime-pm assert from vgpu io accessors (git-fixes). - drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence (git-fixes). - drm/i915: Filter wake_flags passed to default_wake_function (git-fixes). - drm/i915: Fix mismatch between misplaced vma check and vma insert (git-fixes). - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes). - drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes). - drm/i915/gt: Delay execlist processing for tgl (git-fixes). - drm/i915/gt: Free stale request on destroying the virtual engine (git-fixes). - drm/i915/gt: Prevent use of engine->wa_ctx after error (git-fixes). - drm/i915/gt: Program mocs:63 for cache eviction on gen9 (git-fixes). - drm/i915/gvt: return error when failing to take the module reference (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/i915: Handle max_bpc==16 (git-fixes). - drm/i915/selftests: Avoid passing a random 0 into ilog2 (git-fixes). - drm/mcde: Fix handling of platform_get_irq() error (bsc#1152472) - drm/mcde: Fix handling of platform_get_irq() error (git-fixes). - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm/a6xx: fix a potential overflow issue (git-fixes). - drm/msm/a6xx: fix gmu start on newer firmware (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dpu: Fix scale params in plane validation (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/msm/dsi_pll_10nm: restore VCO rate during restore_state (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes). - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields (git-fixes). - drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 (git-fixes). - drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes). - drm/nouveau/mmu: fix vram heap sizing (git-fixes). - drm/nouveau/nouveau: fix the start/end range for migration (git-fixes). - drm/nouveau/privring: ack interrupts the same way as RM (git-fixes). - drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/omap: dss: Cleanup DSS ports on initialisation failure (git-fixes). - drm/omap: fix incorrect lock state (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/panfrost: add amlogic reset quirk callback (git-fixes). - drm: rcar-du: Set primary plane zpos immutably at initializing (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (bsc#1152472) - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - drm/scheduler: Avoid accessing freed bad job (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1152472) - drm/sun4i: frontend: Fix the scaler phase on A33 (git-fixes). - drm/sun4i: frontend: Reuse the ch0 phase for RGB formats (git-fixes). - drm/sun4i: frontend: Rework a bit the phase data (git-fixes). - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - drm/syncobj: Fix use-after-free (git-fixes). - drm/tegra: replace idr_init() by idr_init_base() (git-fixes). - drm/tegra: sor: Disable clocks on error in tegra_sor_init() (git-fixes). - drm/ttm: fix eviction valuable range check (git-fixes). - drm/tve200: Fix handling of platform_get_irq() error (bsc#1152472) - drm/tve200: Fix handling of platform_get_irq() error (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - e1000e: bump up timeout to wait when ME un-configures ULP mode (jsc#SLE-8100). - EDAC/amd64: Fix PCI component registration (bsc#1152489). - ehci: fix EHCI host controller initialization sequence (git-fixes). - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes). - Exclude Symbols.list again. Removing the exclude builds vanilla/linux-next builds. Fixes: 55877625c800 ('kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.') - firmware: imx: select SOC_BUS to fix firmware build (git-fixes). - floppy: reintroduce O_NDELAY fix (boo#1181018). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Remove needless goto's (bsc#1149032). - futex: Remove unused empty compat_exit_robust_list() (bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - HID: Ignore battery for Elan touchscreen on ASUS UX550 (git-fixes). - HID: logitech-dj: add the G602 receiver (git-fixes). - HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input devices (git-fixes). - HID: multitouch: do not filter mice nodes (git-fixes). - HID: multitouch: Enable multi-input for Synaptics pointstick/touchpad device (git-fixes). - HID: multitouch: Remove MT_CLS_WIN_8_DUAL (git-fixes). - HID: wacom: Constify attribute_groups (git-fixes). - HID: wacom: Correct NULL dereference on AES pen proximity (git-fixes). - HID: wacom: do not call hid_set_drvdata(hdev, NULL) (git-fixes). - HID: wacom: Fix memory leakage caused by kfifo_alloc (git-fixes). - hwmon: (pwm-fan) Ensure that calculation does not discard big period values (git-fixes). - i2c: bpmp-tegra: Ignore unknown I2C_M flags (git-fixes). - i2c: i801: Fix the i2c-mux gpiod_lookup_table not being properly terminated (git-fixes). - i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: sprd: use a specific timeout to avoid system hang up issue (git-fixes). - i3c master: fix missing destroy_workqueue() on error in i3c_master_register (git-fixes). - IB/hfi1: Remove kobj from hfi1_devdata (bsc#1179878). - IB/hfi1: Remove module parameter for KDETH qpns (bsc#1179878). - ice: avoid premature Rx buffer reuse (jsc#SLE-7926). - ice, xsk: clear the status bits for the next_to_use descriptor (jsc#SLE-7926). - iio: ad5504: Fix setting power-down state (git-fixes). - iomap: fix WARN_ON_ONCE() from unprivileged users (bsc#1181494). - iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1181217). - ionic: account for vlan tag len in rx buffer len (bsc#1167773). - kABI fixup for dwc3 introduction of DWC_usb32 (git-fixes). - kdb: Fix pager search for multi-line strings (git-fixes). - kgdb: Drop malformed kernel doc comment (git-fixes). - kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot (git fixes (kernel/kprobe)). - KVM: nVMX: Reload vmcs01 if getting vmcs12's pages fails (bsc#1181218). - KVM: s390: pv: Mark mm as protected after the set secure parameters and improve cleanup (jsc#SLE-7512 bsc#1165545). - KVM: SVM: Initialize prev_ga_tag before use (bsc#1180809). - leds: trigger: fix potential deadlock with libata (git-fixes). - lib/genalloc: fix the overflow when size is too big (git-fixes). - lib/string: remove unnecessary #undefs (git-fixes). - lockd: do not use interval-based rebinding over TCP (for-next). - mac80211: check if atf has been disabled in __ieee80211_schedule_txq (git-fixes). - mac80211: do not drop tx nulldata packets on encrypted links (git-fixes). - md: fix a warning caused by a race between concurrent md_ioctl()s (for-next). - media: dvb-usb: Fix memory leak at error in dvb_usb_device_init() (bsc#1181104). - media: dvb-usb: Fix use-after-free access (bsc#1181104). - media: gp8psk: initialize stats at power control logic (git-fixes). - media: rc: ensure that uevent can be read directly after rc device register (git-fixes). - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes). - misdn: dsp: select CONFIG_BITREVERSE (git-fixes). - mmc: core: do not initialize block size from ext_csd if not present (git-fixes). - mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes). - mm: memcontrol: fix missing wakeup polling thread (bsc#1181584). - mm/vmalloc: Fix unlock order in s_stop() (git fixes (mm/vmalloc)). - module: delay kobject uevent until after module init call (bsc#1178631). - mt7601u: fix kernel crash unplugging the device (git-fixes). - mt7601u: fix rx buffer refcounting (git-fixes). - net/af_iucv: fix null pointer dereference on shutdown (bsc#1179567 LTC#190111). - net/af_iucv: set correct sk_protocol for child sockets (git-fixes). - net: fix proc_fs init handling in af_packet and tls (bsc#1154353). - net: hns3: fix a phy loopback fail issue (bsc#1154353). - net: hns3: remove a misused pragma packed (bsc#1154353). - net/mlx5e: ethtool, Fix restriction of autoneg with 56G (jsc#SLE-8464). - net: mscc: ocelot: allow offloading of bridge on top of LAG (git-fixes). - net/smc: cancel event worker during device removal (git-fixes). - net/smc: check for valid ib_client_data (git-fixes). - net/smc: fix cleanup for linkgroup setup failures (git-fixes). - net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() (git-fixes). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/smc: no peer ID in CLC decline for SMCD (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: transfer fasync_list in case of fallback (git-fixes). - net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs' (for-next). - net: sunrpc: interpret the return value of kstrtou32 correctly (for-next). - net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes). - net: vlan: avoid leaks on register_vlan_dev() failures (bsc#1154353). - NFC: fix possible resource leak (git-fixes). - NFC: fix resource leak when target index is invalid (git-fixes). - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock (for-next). - nfs_common: need lock during iterate through the list (for-next). - nfsd4: readdirplus shouldn't return parent of export (git-fixes). - nfsd: Fix message level for normal termination (for-next). - NFS: nfs_delegation_find_inode_server must first reference the superblock (for-next). - NFS: nfs_igrab_and_active must first reference the superblock (for-next). - NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter (for-next). - NFS/pNFS: Fix a typo in ff_layout_resend_pnfs_read() (for-next). - NFS: switch nfsiod to be an UNBOUND workqueue (for-next). - NFSv4.2: condition READDIR's mask for security label based on LSM state (for-next). - NFSv4: Fix the alignment of page data in the getdeviceinfo reply (for-next). - nvme-multipath: fix bogus request queue reference put (bsc#1175389). - nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout (bsc#1181161). - nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout (bsc#1181161). - platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634 (git-fixes). - platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list (git-fixes). - platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on some HP x360 models (git-fixes). - PM: hibernate: flush swap writer after marking (git-fixes). - pNFS: Mark layout for return if return-on-close was not sent (git-fixes). - powerpc: Fix build error in paravirt.h (bsc#1181148 ltc#190702). - powerpc/paravirt: Use is_kvm_guest() in vcpu_is_preempted() (bsc#1181148 ltc#190702). - powerpc: Refactor is_kvm_guest() declaration to new header (bsc#1181148 ltc#190702). - powerpc: Reintroduce is_kvm_guest() as a fast-path check (bsc#1181148 ltc#190702). - powerpc: Rename is_kvm_guest() to check_kvm_guest() (bsc#1181148 ltc#190702). - power: vexpress: add suppress_bind_attrs to true (git-fixes). - prom_init: enable verbose prints (bsc#1178142 bsc#1180759). - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() (bsc#1163930). - ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930). - r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes). - r8169: work around power-saving bug on some chip versions (git-fixes). - regmap: debugfs: Fix a memory leak when calling regmap_attach_dev (git-fixes). - regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() (git-fixes). - Revive usb-audio Keep Interface mixer (bsc#1181014). - rtc: pl031: fix resource leak in pl031_probe (git-fixes). - rtc: sun6i: Fix memleak in sun6i_rtc_clk_init (git-fixes). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1181169 LTC#190914). - s390/dasd: fix list corruption of lcu list (git-fixes). - s390/dasd: fix list corruption of pavgroup group list (git-fixes). - s390/dasd: prevent inconsistent LCU device data (git-fixes). - s390/kexec_file: fix diag308 subcode when loading crash kernel (git-fixes). - s390/qeth: consolidate online/offline code (git-fixes). - s390/qeth: do not raise NETDEV_REBOOT event from L3 offline path (git-fixes). - s390/qeth: fix deadlock during recovery (git-fixes). - s390/qeth: fix L2 header access in qeth_l3_osa_features_check() (git-fixes). - s390/qeth: fix locking for discipline setup / removal (git-fixes). - s390/smp: perform initial CPU reset also for SMT siblings (git-fixes). - sched/fair: Check for idle core in wake_affine (git fixes (sched)). - scsi: ibmvfc: Set default timeout to avoid crash during migration (bsc#1181425 ltc#188252). - scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability (bsc#1180891). - scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3 (bsc#1180891). - scsi: lpfc: Fix crash when a fabric node is released prematurely (bsc#1180891). - scsi: lpfc: Fix crash when nvmet transport calls host_release (bsc#1180891). - scsi: lpfc: Fix error log messages being logged following SCSI task mgnt (bsc#1180891). - scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891). - scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891). - scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891). - scsi: lpfc: Fix target reset failing (bsc#1180891). - scsi: lpfc: Fix vport create logging (bsc#1180891). - scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891). - scsi: lpfc: Prevent duplicate requests to unregister with cpuhp framework (bsc#1180891). - scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue state (bsc#1180891). - scsi: lpfc: Simplify bool comparison (bsc#1180891). - scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891). - scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests (bsc#1180891). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1179142). - scsi: scsi_transport_srp: Do not block target in failfast state (bsc#1172355). - selftests/ftrace: Select an existing function in kprobe_eventname test (bsc#1179396 ltc#185738). - selftests: net: fib_tests: remove duplicate log test (git-fixes). - selftests/powerpc: Add a test of bad (out-of-range) accesses (bsc#1181158 ltc#190851). - selftests/powerpc: Add a test of spectre_v2 mitigations (bsc#1181158 ltc#190851). - selftests/powerpc: Ignore generated files (bsc#1181158 ltc#190851). - selftests/powerpc: Move Hash MMU check to utilities (bsc#1181158 ltc#190851). - selftests/powerpc: Move set_dscr() into rfi_flush.c (bsc#1181158 ltc#190851). - selftests/powerpc: Only test lwm/stmw on big endian (bsc#1180412 ltc#190579). - selftests/powerpc: spectre_v2 test must be built 64-bit (bsc#1181158 ltc#190851). - serial: mvebu-uart: fix tx lost characters at power off (git-fixes). - spi: cadence: cache reference clock rate during probe (git-fixes). - spi: stm32: FIFO threshold level - fix align packet size (git-fixes). - staging: mt7621-dma: Fix a resource leak in an error handling path (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() (for-next). - sunrpc: fix xs_read_xdr_buf for partial pages receive (for-next). - SUNRPC: rpc_wake_up() should wake up tasks in the correct order (for-next). - swiotlb: fix 'x86: Do not panic if can not alloc buffer for swiotlb' (git-fixes). - swiotlb: using SIZE_MAX needs limits.h included (git-fixes). - timers: Preserve higher bits of expiration on index calculation (bsc#1181318). - timers: Use only bucket expiry for base->next_expiry value (bsc#1181318). - udp: Prevent reuseport_select_sock from reading uninitialized socks (git-fixes). - USB: cdc-acm: blacklist another IR Droid device (git-fixes). - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt() (git-fixes). - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes). - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - usb: dwc3: Add support for DWC_usb32 IP (git-fixes). - usb: dwc3: core: Properly default unspecified speed (git-fixes). - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes). - usb: dwc3: Update soft-reset wait polling rate (git-fixes). - USB: ehci: fix an interrupt calltrace error (git-fixes). - usb: gadget: aspeed: fix stop dma register setting (git-fixes). - usb: gadget: configfs: Fix use-after-free issue with udc_name (git-fixes). - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes). - usb: gadget: enable super speed plus (git-fixes). - usb: gadget: Fix spinlock lockup on usb_function_deactivate (git-fixes). - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes). - usb: gadget: function: printer: Fix a memory leak for interface descriptor (git-fixes). - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes). - usb: gadget: select CONFIG_CRC32 (git-fixes). - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size (git-fixes). - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes). - USB: serial: option: add LongSung M5710 module support (git-fixes). - USB: serial: option: add Quectel EM160R-GL (git-fixes). - usb: typec: Fix copy paste error for NVIDIA alt-mode description (git-fixes). - usb: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes). - usb: udc: core: Use lock when write to soft_connect (git-fixes). - usb: usbip: vhci_hcd: protect shift size (git-fixes). - USB: usblp: fix DMA to stack (git-fixes). - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes). - USB: yurex: fix control-URB timeout handling (git-fixes). - vfio iommu: Add dma available capability (bsc#1179572 LTC#190110). - vfio/pci: Implement ioeventfd thread handler for contended memory lock (bsc#1181219). - vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181220). - video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() (git-fixes). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - video: fbdev: pvr2fb: initialize variables (git-fixes). - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes). - wan: ds26522: select CONFIG_BITREVERSE (git-fixes). - wil6210: select CONFIG_CRC32 (git-fixes). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1152489). - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (bsc#1181077). - x86/cpu/amd: Set __max_die_per_package on AMD (bsc#1152489). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - x86/kprobes: Restore BTF if the single-stepping is cancelled (bsc#1152489). - x86/mm: Fix leak of pmd ptlock (bsc#1152489). - x86/mm/numa: Remove uninitialized_var() usage (bsc#1152489). - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1152489). - x86/resctrl: Do not move a task to the same resource group (bsc#1152489). - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1152489). - x86/topology: Make __max_die_per_package available unconditionally (bsc#1152489). - x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled (bsc#1181335). - xen-blkfront: allow discard-* nodes to be optional (bsc#1181346). - xen/privcmd: allow fetching resource sizes (bsc#1065600). - xfs: show the proper user quota options (bsc#1181538). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xhci: make sure TRB is fully written before giving it to the controller (git-fixes). - xhci: tegra: Delay for disabling LFPS detector (git-fixes).