From sle-security-updates at lists.suse.com Tue Oct 1 10:13:52 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 1 Oct 2019 18:13:52 +0200 (CEST) Subject: SUSE-SU-2019:14184-1: moderate: Security update for jasper Message-ID: <20191001161352.38D23F7BE@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14184-1 Rating: moderate References: #1010783 #1087020 #1117505 #1117507 #1117508 #1117511 Cross-References: CVE-2016-9396 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541 CVE-2018-19542 CVE-2018-9055 Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508). - CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507). - CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505). - CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511). - CVE-2018-9055: Fixed a denial of service in jpc_firstone (bsc#1087020). - CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-jasper-14184=1 Package List: - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): jasper-debuginfo-1.900.14-134.33.10.1 jasper-debugsource-1.900.14-134.33.10.1 References: https://www.suse.com/security/cve/CVE-2016-9396.html https://www.suse.com/security/cve/CVE-2018-19539.html https://www.suse.com/security/cve/CVE-2018-19540.html https://www.suse.com/security/cve/CVE-2018-19541.html https://www.suse.com/security/cve/CVE-2018-19542.html https://www.suse.com/security/cve/CVE-2018-9055.html https://bugzilla.suse.com/1010783 https://bugzilla.suse.com/1087020 https://bugzilla.suse.com/1117505 https://bugzilla.suse.com/1117507 https://bugzilla.suse.com/1117508 https://bugzilla.suse.com/1117511 From sle-security-updates at lists.suse.com Tue Oct 1 10:16:10 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 1 Oct 2019 18:16:10 +0200 (CEST) Subject: SUSE-SU-2019:2503-1: important: Security update for php7 Message-ID: <20191001161610.E42F6F7BE@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2503-1 Rating: important References: #1145095 #1146360 #1151793 Cross-References: CVE-2019-11041 CVE-2019-11042 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). Non-security issue fixed: - Drop -n from php invocation from pecl (bsc#1151793). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2503=1 - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-2503=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2503=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2503=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2503=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.40.1 apache2-mod_php7-debuginfo-7.2.5-4.40.1 php7-7.2.5-4.40.1 php7-bcmath-7.2.5-4.40.1 php7-bcmath-debuginfo-7.2.5-4.40.1 php7-bz2-7.2.5-4.40.1 php7-bz2-debuginfo-7.2.5-4.40.1 php7-calendar-7.2.5-4.40.1 php7-calendar-debuginfo-7.2.5-4.40.1 php7-ctype-7.2.5-4.40.1 php7-ctype-debuginfo-7.2.5-4.40.1 php7-curl-7.2.5-4.40.1 php7-curl-debuginfo-7.2.5-4.40.1 php7-dba-7.2.5-4.40.1 php7-dba-debuginfo-7.2.5-4.40.1 php7-debuginfo-7.2.5-4.40.1 php7-debugsource-7.2.5-4.40.1 php7-devel-7.2.5-4.40.1 php7-dom-7.2.5-4.40.1 php7-dom-debuginfo-7.2.5-4.40.1 php7-enchant-7.2.5-4.40.1 php7-enchant-debuginfo-7.2.5-4.40.1 php7-exif-7.2.5-4.40.1 php7-exif-debuginfo-7.2.5-4.40.1 php7-fastcgi-7.2.5-4.40.1 php7-fastcgi-debuginfo-7.2.5-4.40.1 php7-fileinfo-7.2.5-4.40.1 php7-fileinfo-debuginfo-7.2.5-4.40.1 php7-fpm-7.2.5-4.40.1 php7-fpm-debuginfo-7.2.5-4.40.1 php7-ftp-7.2.5-4.40.1 php7-ftp-debuginfo-7.2.5-4.40.1 php7-gd-7.2.5-4.40.1 php7-gd-debuginfo-7.2.5-4.40.1 php7-gettext-7.2.5-4.40.1 php7-gettext-debuginfo-7.2.5-4.40.1 php7-gmp-7.2.5-4.40.1 php7-gmp-debuginfo-7.2.5-4.40.1 php7-iconv-7.2.5-4.40.1 php7-iconv-debuginfo-7.2.5-4.40.1 php7-intl-7.2.5-4.40.1 php7-intl-debuginfo-7.2.5-4.40.1 php7-json-7.2.5-4.40.1 php7-json-debuginfo-7.2.5-4.40.1 php7-ldap-7.2.5-4.40.1 php7-ldap-debuginfo-7.2.5-4.40.1 php7-mbstring-7.2.5-4.40.1 php7-mbstring-debuginfo-7.2.5-4.40.1 php7-mysql-7.2.5-4.40.1 php7-mysql-debuginfo-7.2.5-4.40.1 php7-odbc-7.2.5-4.40.1 php7-odbc-debuginfo-7.2.5-4.40.1 php7-opcache-7.2.5-4.40.1 php7-opcache-debuginfo-7.2.5-4.40.1 php7-openssl-7.2.5-4.40.1 php7-openssl-debuginfo-7.2.5-4.40.1 php7-pcntl-7.2.5-4.40.1 php7-pcntl-debuginfo-7.2.5-4.40.1 php7-pdo-7.2.5-4.40.1 php7-pdo-debuginfo-7.2.5-4.40.1 php7-pgsql-7.2.5-4.40.1 php7-pgsql-debuginfo-7.2.5-4.40.1 php7-phar-7.2.5-4.40.1 php7-phar-debuginfo-7.2.5-4.40.1 php7-posix-7.2.5-4.40.1 php7-posix-debuginfo-7.2.5-4.40.1 php7-shmop-7.2.5-4.40.1 php7-shmop-debuginfo-7.2.5-4.40.1 php7-snmp-7.2.5-4.40.1 php7-snmp-debuginfo-7.2.5-4.40.1 php7-soap-7.2.5-4.40.1 php7-soap-debuginfo-7.2.5-4.40.1 php7-sockets-7.2.5-4.40.1 php7-sockets-debuginfo-7.2.5-4.40.1 php7-sqlite-7.2.5-4.40.1 php7-sqlite-debuginfo-7.2.5-4.40.1 php7-sysvmsg-7.2.5-4.40.1 php7-sysvmsg-debuginfo-7.2.5-4.40.1 php7-sysvsem-7.2.5-4.40.1 php7-sysvsem-debuginfo-7.2.5-4.40.1 php7-sysvshm-7.2.5-4.40.1 php7-sysvshm-debuginfo-7.2.5-4.40.1 php7-tokenizer-7.2.5-4.40.1 php7-tokenizer-debuginfo-7.2.5-4.40.1 php7-wddx-7.2.5-4.40.1 php7-wddx-debuginfo-7.2.5-4.40.1 php7-xmlreader-7.2.5-4.40.1 php7-xmlreader-debuginfo-7.2.5-4.40.1 php7-xmlrpc-7.2.5-4.40.1 php7-xmlrpc-debuginfo-7.2.5-4.40.1 php7-xmlwriter-7.2.5-4.40.1 php7-xmlwriter-debuginfo-7.2.5-4.40.1 php7-xsl-7.2.5-4.40.1 php7-xsl-debuginfo-7.2.5-4.40.1 php7-zip-7.2.5-4.40.1 php7-zip-debuginfo-7.2.5-4.40.1 php7-zlib-7.2.5-4.40.1 php7-zlib-debuginfo-7.2.5-4.40.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): php7-pear-7.2.5-4.40.1 php7-pear-Archive_Tar-7.2.5-4.40.1 - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.40.1 apache2-mod_php7-debuginfo-7.2.5-4.40.1 php7-7.2.5-4.40.1 php7-bcmath-7.2.5-4.40.1 php7-bcmath-debuginfo-7.2.5-4.40.1 php7-bz2-7.2.5-4.40.1 php7-bz2-debuginfo-7.2.5-4.40.1 php7-calendar-7.2.5-4.40.1 php7-calendar-debuginfo-7.2.5-4.40.1 php7-ctype-7.2.5-4.40.1 php7-ctype-debuginfo-7.2.5-4.40.1 php7-curl-7.2.5-4.40.1 php7-curl-debuginfo-7.2.5-4.40.1 php7-dba-7.2.5-4.40.1 php7-dba-debuginfo-7.2.5-4.40.1 php7-debuginfo-7.2.5-4.40.1 php7-debugsource-7.2.5-4.40.1 php7-devel-7.2.5-4.40.1 php7-dom-7.2.5-4.40.1 php7-dom-debuginfo-7.2.5-4.40.1 php7-enchant-7.2.5-4.40.1 php7-enchant-debuginfo-7.2.5-4.40.1 php7-exif-7.2.5-4.40.1 php7-exif-debuginfo-7.2.5-4.40.1 php7-fastcgi-7.2.5-4.40.1 php7-fastcgi-debuginfo-7.2.5-4.40.1 php7-fileinfo-7.2.5-4.40.1 php7-fileinfo-debuginfo-7.2.5-4.40.1 php7-fpm-7.2.5-4.40.1 php7-fpm-debuginfo-7.2.5-4.40.1 php7-ftp-7.2.5-4.40.1 php7-ftp-debuginfo-7.2.5-4.40.1 php7-gd-7.2.5-4.40.1 php7-gd-debuginfo-7.2.5-4.40.1 php7-gettext-7.2.5-4.40.1 php7-gettext-debuginfo-7.2.5-4.40.1 php7-gmp-7.2.5-4.40.1 php7-gmp-debuginfo-7.2.5-4.40.1 php7-iconv-7.2.5-4.40.1 php7-iconv-debuginfo-7.2.5-4.40.1 php7-intl-7.2.5-4.40.1 php7-intl-debuginfo-7.2.5-4.40.1 php7-json-7.2.5-4.40.1 php7-json-debuginfo-7.2.5-4.40.1 php7-ldap-7.2.5-4.40.1 php7-ldap-debuginfo-7.2.5-4.40.1 php7-mbstring-7.2.5-4.40.1 php7-mbstring-debuginfo-7.2.5-4.40.1 php7-mysql-7.2.5-4.40.1 php7-mysql-debuginfo-7.2.5-4.40.1 php7-odbc-7.2.5-4.40.1 php7-odbc-debuginfo-7.2.5-4.40.1 php7-opcache-7.2.5-4.40.1 php7-opcache-debuginfo-7.2.5-4.40.1 php7-openssl-7.2.5-4.40.1 php7-openssl-debuginfo-7.2.5-4.40.1 php7-pcntl-7.2.5-4.40.1 php7-pcntl-debuginfo-7.2.5-4.40.1 php7-pdo-7.2.5-4.40.1 php7-pdo-debuginfo-7.2.5-4.40.1 php7-pgsql-7.2.5-4.40.1 php7-pgsql-debuginfo-7.2.5-4.40.1 php7-phar-7.2.5-4.40.1 php7-phar-debuginfo-7.2.5-4.40.1 php7-posix-7.2.5-4.40.1 php7-posix-debuginfo-7.2.5-4.40.1 php7-shmop-7.2.5-4.40.1 php7-shmop-debuginfo-7.2.5-4.40.1 php7-snmp-7.2.5-4.40.1 php7-snmp-debuginfo-7.2.5-4.40.1 php7-soap-7.2.5-4.40.1 php7-soap-debuginfo-7.2.5-4.40.1 php7-sockets-7.2.5-4.40.1 php7-sockets-debuginfo-7.2.5-4.40.1 php7-sodium-7.2.5-4.40.1 php7-sodium-debuginfo-7.2.5-4.40.1 php7-sqlite-7.2.5-4.40.1 php7-sqlite-debuginfo-7.2.5-4.40.1 php7-sysvmsg-7.2.5-4.40.1 php7-sysvmsg-debuginfo-7.2.5-4.40.1 php7-sysvsem-7.2.5-4.40.1 php7-sysvsem-debuginfo-7.2.5-4.40.1 php7-sysvshm-7.2.5-4.40.1 php7-sysvshm-debuginfo-7.2.5-4.40.1 php7-tokenizer-7.2.5-4.40.1 php7-tokenizer-debuginfo-7.2.5-4.40.1 php7-wddx-7.2.5-4.40.1 php7-wddx-debuginfo-7.2.5-4.40.1 php7-xmlreader-7.2.5-4.40.1 php7-xmlreader-debuginfo-7.2.5-4.40.1 php7-xmlrpc-7.2.5-4.40.1 php7-xmlrpc-debuginfo-7.2.5-4.40.1 php7-xmlwriter-7.2.5-4.40.1 php7-xmlwriter-debuginfo-7.2.5-4.40.1 php7-xsl-7.2.5-4.40.1 php7-xsl-debuginfo-7.2.5-4.40.1 php7-zip-7.2.5-4.40.1 php7-zip-debuginfo-7.2.5-4.40.1 php7-zlib-7.2.5-4.40.1 php7-zlib-debuginfo-7.2.5-4.40.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): php7-pear-7.2.5-4.40.1 php7-pear-Archive_Tar-7.2.5-4.40.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.40.1 php7-debugsource-7.2.5-4.40.1 php7-embed-7.2.5-4.40.1 php7-embed-debuginfo-7.2.5-4.40.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.40.1 php7-debugsource-7.2.5-4.40.1 php7-embed-7.2.5-4.40.1 php7-embed-debuginfo-7.2.5-4.40.1 php7-readline-7.2.5-4.40.1 php7-readline-debuginfo-7.2.5-4.40.1 php7-sodium-7.2.5-4.40.1 php7-sodium-debuginfo-7.2.5-4.40.1 php7-tidy-7.2.5-4.40.1 php7-tidy-debuginfo-7.2.5-4.40.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.40.1 php7-debugsource-7.2.5-4.40.1 php7-embed-7.2.5-4.40.1 php7-embed-debuginfo-7.2.5-4.40.1 php7-readline-7.2.5-4.40.1 php7-readline-debuginfo-7.2.5-4.40.1 php7-sodium-7.2.5-4.40.1 php7-sodium-debuginfo-7.2.5-4.40.1 php7-tidy-7.2.5-4.40.1 php7-tidy-debuginfo-7.2.5-4.40.1 References: https://www.suse.com/security/cve/CVE-2019-11041.html https://www.suse.com/security/cve/CVE-2019-11042.html https://bugzilla.suse.com/1145095 https://bugzilla.suse.com/1146360 https://bugzilla.suse.com/1151793 From sle-security-updates at lists.suse.com Tue Oct 1 10:19:21 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 1 Oct 2019 18:19:21 +0200 (CEST) Subject: SUSE-SU-2019:2504-1: moderate: Security update for openssl-1_0_0 Message-ID: <20191001161921.CF93DF7BE@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2504-1 Rating: moderate References: #1131291 #1150003 #1150250 Cross-References: CVE-2019-1547 CVE-2019-1563 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for openssl-1_0_0 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2504=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2504=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2504=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.11.1 openssl-1_0_0-debuginfo-1.0.2p-3.11.1 openssl-1_0_0-debugsource-1.0.2p-3.11.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.11.1 libopenssl1_0_0-1.0.2p-3.11.1 libopenssl1_0_0-debuginfo-1.0.2p-3.11.1 libopenssl1_0_0-hmac-1.0.2p-3.11.1 openssl-1_0_0-1.0.2p-3.11.1 openssl-1_0_0-debuginfo-1.0.2p-3.11.1 openssl-1_0_0-debugsource-1.0.2p-3.11.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.11.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.11.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.11.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): openssl-1_0_0-doc-1.0.2p-3.11.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.11.1 libopenssl1_0_0-1.0.2p-3.11.1 libopenssl1_0_0-32bit-1.0.2p-3.11.1 libopenssl1_0_0-debuginfo-1.0.2p-3.11.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.11.1 openssl-1_0_0-1.0.2p-3.11.1 openssl-1_0_0-debuginfo-1.0.2p-3.11.1 openssl-1_0_0-debugsource-1.0.2p-3.11.1 References: https://www.suse.com/security/cve/CVE-2019-1547.html https://www.suse.com/security/cve/CVE-2019-1563.html https://bugzilla.suse.com/1131291 https://bugzilla.suse.com/1150003 https://bugzilla.suse.com/1150250 From sle-security-updates at lists.suse.com Tue Oct 1 10:20:25 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 1 Oct 2019 18:20:25 +0200 (CEST) Subject: SUSE-SU-2019:2502-1: important: Security update for bind Message-ID: <20191001162025.942DCF7BE@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2502-1 Rating: important References: #1104129 #1118367 #1118368 #1126068 #1126069 #1128220 #1133185 #1138687 Cross-References: CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 CVE-2019-6471 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: This update for bind fixes the following issues: Security issues fixed: - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). - CVE-2018-5740: Fixed a denial of service vulnerability in the "deny-answer-aliases" feature (bsc#1104129). Non-security issues fixed: - Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367, bsc#1118368). - Fix FIPS related regression (bsc#1128220). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2502=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2502=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2502=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.2-3.10.1 bind-debugsource-9.11.2-3.10.1 bind-devel-9.11.2-3.10.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): bind-9.11.2-3.10.1 bind-chrootenv-9.11.2-3.10.1 bind-debuginfo-9.11.2-3.10.1 bind-debugsource-9.11.2-3.10.1 bind-utils-9.11.2-3.10.1 bind-utils-debuginfo-9.11.2-3.10.1 libbind9-160-9.11.2-3.10.1 libbind9-160-debuginfo-9.11.2-3.10.1 libdns169-9.11.2-3.10.1 libdns169-debuginfo-9.11.2-3.10.1 libirs160-9.11.2-3.10.1 libirs160-debuginfo-9.11.2-3.10.1 libisc166-9.11.2-3.10.1 libisc166-debuginfo-9.11.2-3.10.1 libisccc160-9.11.2-3.10.1 libisccc160-debuginfo-9.11.2-3.10.1 libisccfg160-9.11.2-3.10.1 libisccfg160-debuginfo-9.11.2-3.10.1 liblwres160-9.11.2-3.10.1 liblwres160-debuginfo-9.11.2-3.10.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libisc166-32bit-9.11.2-3.10.1 libisc166-debuginfo-32bit-9.11.2-3.10.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): bind-doc-9.11.2-3.10.1 python-bind-9.11.2-3.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): bind-debuginfo-9.11.2-3.10.1 bind-debugsource-9.11.2-3.10.1 bind-utils-9.11.2-3.10.1 bind-utils-debuginfo-9.11.2-3.10.1 libbind9-160-9.11.2-3.10.1 libbind9-160-debuginfo-9.11.2-3.10.1 libdns169-9.11.2-3.10.1 libdns169-debuginfo-9.11.2-3.10.1 libirs160-9.11.2-3.10.1 libirs160-debuginfo-9.11.2-3.10.1 libisc166-32bit-9.11.2-3.10.1 libisc166-9.11.2-3.10.1 libisc166-debuginfo-32bit-9.11.2-3.10.1 libisc166-debuginfo-9.11.2-3.10.1 libisccc160-9.11.2-3.10.1 libisccc160-debuginfo-9.11.2-3.10.1 libisccfg160-9.11.2-3.10.1 libisccfg160-debuginfo-9.11.2-3.10.1 liblwres160-9.11.2-3.10.1 liblwres160-debuginfo-9.11.2-3.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): python-bind-9.11.2-3.10.1 References: https://www.suse.com/security/cve/CVE-2018-5740.html https://www.suse.com/security/cve/CVE-2018-5743.html https://www.suse.com/security/cve/CVE-2018-5745.html https://www.suse.com/security/cve/CVE-2019-6465.html https://www.suse.com/security/cve/CVE-2019-6471.html https://bugzilla.suse.com/1104129 https://bugzilla.suse.com/1118367 https://bugzilla.suse.com/1118368 https://bugzilla.suse.com/1126068 https://bugzilla.suse.com/1126069 https://bugzilla.suse.com/1128220 https://bugzilla.suse.com/1133185 https://bugzilla.suse.com/1138687 From sle-security-updates at lists.suse.com Tue Oct 1 13:11:48 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 1 Oct 2019 21:11:48 +0200 (CEST) Subject: SUSE-SU-2019:2510-1: moderate: Security update for libgcrypt Message-ID: <20191001191148.89E24F7BE@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2510-1 Rating: moderate References: #1148987 Cross-References: CVE-2019-13627 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2510=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2510=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2510=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2510=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2510=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2510=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2510=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2510=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2510=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2510=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2510=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2510=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2510=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2510=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2510=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2510=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2510=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2510=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2510=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2510=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE OpenStack Cloud 8 (x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt-devel-1.6.1-16.68.1 libgcrypt-devel-debuginfo-1.6.1-16.68.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt-devel-1.6.1-16.68.1 libgcrypt-devel-debuginfo-1.6.1-16.68.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 - SUSE Enterprise Storage 5 (x86_64): libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE Enterprise Storage 4 (x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 - SUSE CaaS Platform 3.0 (x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 - HPE Helion Openstack 8 (x86_64): libgcrypt-debugsource-1.6.1-16.68.1 libgcrypt20-1.6.1-16.68.1 libgcrypt20-32bit-1.6.1-16.68.1 libgcrypt20-debuginfo-1.6.1-16.68.1 libgcrypt20-debuginfo-32bit-1.6.1-16.68.1 libgcrypt20-hmac-1.6.1-16.68.1 libgcrypt20-hmac-32bit-1.6.1-16.68.1 References: https://www.suse.com/security/cve/CVE-2019-13627.html https://bugzilla.suse.com/1148987 From sle-security-updates at lists.suse.com Wed Oct 2 07:11:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 2 Oct 2019 15:11:05 +0200 (CEST) Subject: SUSE-SU-2019:2513-1: moderate: Security update for jasper Message-ID: <20191002131105.D46B6F7BE@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2513-1 Rating: moderate References: #1010783 #1117505 #1117507 #1117508 #1117511 Cross-References: CVE-2016-9396 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541 CVE-2018-19542 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508). - CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507). - CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505). - CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511). - CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2513=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2513=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2513=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.15.1 jasper-debugsource-1.900.14-195.15.1 libjasper-devel-1.900.14-195.15.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.15.1 jasper-debugsource-1.900.14-195.15.1 libjasper1-1.900.14-195.15.1 libjasper1-debuginfo-1.900.14-195.15.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libjasper1-32bit-1.900.14-195.15.1 libjasper1-debuginfo-32bit-1.900.14-195.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): jasper-debuginfo-1.900.14-195.15.1 jasper-debugsource-1.900.14-195.15.1 libjasper1-1.900.14-195.15.1 libjasper1-32bit-1.900.14-195.15.1 libjasper1-debuginfo-1.900.14-195.15.1 libjasper1-debuginfo-32bit-1.900.14-195.15.1 References: https://www.suse.com/security/cve/CVE-2016-9396.html https://www.suse.com/security/cve/CVE-2018-19539.html https://www.suse.com/security/cve/CVE-2018-19540.html https://www.suse.com/security/cve/CVE-2018-19541.html https://www.suse.com/security/cve/CVE-2018-19542.html https://bugzilla.suse.com/1010783 https://bugzilla.suse.com/1117505 https://bugzilla.suse.com/1117507 https://bugzilla.suse.com/1117508 https://bugzilla.suse.com/1117511 From sle-security-updates at lists.suse.com Wed Oct 2 10:11:46 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 2 Oct 2019 18:11:46 +0200 (CEST) Subject: SUSE-SU-2019:2517-1: moderate: Security update for libseccomp Message-ID: <20191002161146.5952DFCD3@maintenance.suse.de> SUSE Security Update: Security update for libseccomp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2517-1 Rating: moderate References: #1082318 #1128828 #1142614 Cross-References: CVE-2019-9893 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828) libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893): - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates libseccomp was updated to release 2.3.3: - Updated the syscall table for Linux v4.15-rc7 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2517=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2517=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2517=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2517=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libseccomp-debugsource-2.4.1-3.3.1 libseccomp-tools-2.4.1-3.3.1 libseccomp-tools-debuginfo-2.4.1-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libseccomp-debugsource-2.4.1-3.3.1 libseccomp-tools-2.4.1-3.3.1 libseccomp-tools-debuginfo-2.4.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libseccomp-debugsource-2.4.1-3.3.1 libseccomp-devel-2.4.1-3.3.1 libseccomp2-2.4.1-3.3.1 libseccomp2-debuginfo-2.4.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libseccomp2-32bit-2.4.1-3.3.1 libseccomp2-32bit-debuginfo-2.4.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libseccomp-debugsource-2.4.1-3.3.1 libseccomp-devel-2.4.1-3.3.1 libseccomp2-2.4.1-3.3.1 libseccomp2-debuginfo-2.4.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libseccomp2-32bit-2.4.1-3.3.1 libseccomp2-32bit-debuginfo-2.4.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-9893.html https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1128828 https://bugzilla.suse.com/1142614 From sle-security-updates at lists.suse.com Wed Oct 2 10:19:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 2 Oct 2019 18:19:38 +0200 (CEST) Subject: SUSE-SU-2019:2521-1: moderate: Security update for SUSE Manager Server 3.2 Message-ID: <20191002161938.CFDC2F7BE@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2521-1 Rating: moderate References: #1093381 #1096426 #1135957 #1137229 #1138454 #1140644 #1141661 #1142309 #1142764 #1142774 #1143016 #1143562 #1144500 #1144510 #1144515 #1144889 #1145086 #1145119 #1146416 #1146419 #1146869 #1146895 #1147126 #1149409 Cross-References: CVE-2019-10088 CVE-2019-10093 CVE-2019-10094 Affected Products: SUSE Manager Server 3.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 21 fixes is now available. Description: This update fixes the following issues: cobbler: - Jinja2 template library fix (bsc#1141661) pgjdbc-ng: - Allow dots in database name (bsc#1146416) py26-compat-salt: - Get tornado dependency from the system on SLE12 (bsc#1149409) - Catch SSLError for TLS 1.2 bootstraps with RES/RHEL6 and SLE11 (bsc#1147126) spacecmd: - Check that a channel doesn't have clones before deleting it (bsc#1138454) spacewalk-backend: - Remove credentials also from potential rhn.conf backup files in spacewalk-debug (bsc#1146419) - Do not make 'rhn-satellite-exporter' to crash with "AttributeError" (bsc#1146869) - Spacewalk-remove-channel check that channel doesn't have cloned channels before deleting it (bsc#1138454) - Prevent duplicate changelog entries due VARCHAR(3000) db text column (bsc#1144889) - Avoid traceback on mgr-inter-sync when exception message contains UTF8 characters or there are problems with the package cache (bsc#1143016) registered guest (bsc#1093381) spacewalk-branding: - Add missing strings for task status page spacewalk-client-tools: - Invalidate cache 5 minutes before actual expiration(bsc#1143562) spacewalk-java: - Add UI message when salt-formulas system folders are unreachable (bsc#1142309) - Don't convert localhost repositories URL in mirror case (bsc#1135957) - Check that a channel doesn't have clones before deleting it (bsc#1138454) - Improve websocket authentication to prevent errors in logs (bsc#1138454) - Normalize date formats for actions, notifications and clm (bsc#1142774) - Cloning Errata from a specific channel should not take packages from other channels (bsc#1142764) - Add susemanager as prerequired for spacewalk-java - Improve performance for retrieving the user permissions on channels (bsc#1140644) - Prerequire salt package to avoid not existing user issues - Support partly patched CVEs in CVE audit (bsc#1137229) spacewalk-setup: - Configure 150 Tomcat workers by default, matching httpds MaxClients spacewalk-utils: - Common-channels: Fix repo type assignment for type YUM - Adds support for Ubuntu and Debian channels to spacewalk-common-channels. spacewalk-web: - Fix the 'include recommended' button on channels selection in SSM (bsc#1145086) - Normalize date formats for actions, notifications and clm (bsc#1142774) - Add unsupported browser warning when using Internet Explorer susemanager: - Dmidecode does not exist on s390x (bsc#1145119) susemanager-docs_en: - Add link to the creation of the bootstrap script (bsc#1146895). - Improve adoc tagging. - LimitNOFILE back-port. - Fix command-line error (bsc#1096426). susemanager-schema: - Improve performance for retrieving the user permissions on channels (bsc#1140644) susemanager-sls: - Bootstrapping RES6/RHEL6/SLE11 with TLS1.2 now shows error message. (bsc#1147126) - Dmidecode does not exist on ppc64le and s390x (bsc#1145119) - Update susemanager.conf to use adler32 for computing the server_id for new minions tika-core: New upstream version 1.2.2. Fixes security issues: - CVE-2019-10088: Fixed an OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper (bsc#1144500). - CVE-2019-10093: Fixed a Denial of Service in Apache Tika's 2003ml and 2006ml Parsers (bsc#1144510). - CVE-2019-10094: Fixed a stack overflow from crafted compressed files in Apache Tika's RecursiveParserWrapper (bsc#1144515). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-2521=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): spacewalk-branding-2.8.5.16-3.22.1 susemanager-3.2.20-3.31.2 susemanager-tools-3.2.20-3.31.2 - SUSE Manager Server 3.2 (noarch): cobbler-2.6.6-6.22.1 pgjdbc-ng-0.7.1-2.6.1 py26-compat-salt-2016.11.10-6.32.1 python2-spacewalk-client-tools-2.8.22.5-3.6.1 spacecmd-2.8.25.11-3.23.1 spacewalk-backend-2.8.57.19-3.39.2 spacewalk-backend-app-2.8.57.19-3.39.2 spacewalk-backend-applet-2.8.57.19-3.39.2 spacewalk-backend-config-files-2.8.57.19-3.39.2 spacewalk-backend-config-files-common-2.8.57.19-3.39.2 spacewalk-backend-config-files-tool-2.8.57.19-3.39.2 spacewalk-backend-iss-2.8.57.19-3.39.2 spacewalk-backend-iss-export-2.8.57.19-3.39.2 spacewalk-backend-libs-2.8.57.19-3.39.2 spacewalk-backend-package-push-server-2.8.57.19-3.39.2 spacewalk-backend-server-2.8.57.19-3.39.2 spacewalk-backend-sql-2.8.57.19-3.39.2 spacewalk-backend-sql-oracle-2.8.57.19-3.39.2 spacewalk-backend-sql-postgresql-2.8.57.19-3.39.2 spacewalk-backend-tools-2.8.57.19-3.39.2 spacewalk-backend-xml-export-libs-2.8.57.19-3.39.2 spacewalk-backend-xmlrpc-2.8.57.19-3.39.2 spacewalk-base-2.8.7.19-3.36.1 spacewalk-base-minimal-2.8.7.19-3.36.1 spacewalk-base-minimal-config-2.8.7.19-3.36.1 spacewalk-client-tools-2.8.22.5-3.6.1 spacewalk-html-2.8.7.19-3.36.1 spacewalk-java-2.8.78.24-3.38.1 spacewalk-java-config-2.8.78.24-3.38.1 spacewalk-java-lib-2.8.78.24-3.38.1 spacewalk-java-oracle-2.8.78.24-3.38.1 spacewalk-java-postgresql-2.8.78.24-3.38.1 spacewalk-setup-2.8.7.8-3.19.1 spacewalk-taskomatic-2.8.78.24-3.38.1 spacewalk-utils-2.8.18.5-3.9.1 susemanager-advanced-topics_en-pdf-3.2-11.32.1 susemanager-best-practices_en-pdf-3.2-11.32.1 susemanager-docs_en-3.2-11.32.1 susemanager-getting-started_en-pdf-3.2-11.32.1 susemanager-jsp_en-3.2-11.32.1 susemanager-reference_en-pdf-3.2-11.32.1 susemanager-schema-3.2.21-3.31.1 susemanager-sls-3.2.27-3.35.1 susemanager-web-libs-2.8.7.19-3.36.1 tika-core-1.22-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-10088.html https://www.suse.com/security/cve/CVE-2019-10093.html https://www.suse.com/security/cve/CVE-2019-10094.html https://bugzilla.suse.com/1093381 https://bugzilla.suse.com/1096426 https://bugzilla.suse.com/1135957 https://bugzilla.suse.com/1137229 https://bugzilla.suse.com/1138454 https://bugzilla.suse.com/1140644 https://bugzilla.suse.com/1141661 https://bugzilla.suse.com/1142309 https://bugzilla.suse.com/1142764 https://bugzilla.suse.com/1142774 https://bugzilla.suse.com/1143016 https://bugzilla.suse.com/1143562 https://bugzilla.suse.com/1144500 https://bugzilla.suse.com/1144510 https://bugzilla.suse.com/1144515 https://bugzilla.suse.com/1144889 https://bugzilla.suse.com/1145086 https://bugzilla.suse.com/1145119 https://bugzilla.suse.com/1146416 https://bugzilla.suse.com/1146419 https://bugzilla.suse.com/1146869 https://bugzilla.suse.com/1146895 https://bugzilla.suse.com/1147126 https://bugzilla.suse.com/1149409 From sle-security-updates at lists.suse.com Wed Oct 2 10:23:08 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 2 Oct 2019 18:23:08 +0200 (CEST) Subject: SUSE-SU-2019:2514-1: important: Security update for dovecot23 Message-ID: <20191002162308.38364F7BE@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2514-1 Rating: important References: #1133624 #1133625 #1145559 Cross-References: CVE-2019-11494 CVE-2019-11499 CVE-2019-11500 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for dovecot23 fixes the following issues: - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). - CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2514=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.3-8.1 dovecot23-backend-mysql-2.3.3-8.1 dovecot23-backend-mysql-debuginfo-2.3.3-8.1 dovecot23-backend-pgsql-2.3.3-8.1 dovecot23-backend-pgsql-debuginfo-2.3.3-8.1 dovecot23-backend-sqlite-2.3.3-8.1 dovecot23-backend-sqlite-debuginfo-2.3.3-8.1 dovecot23-debuginfo-2.3.3-8.1 dovecot23-debugsource-2.3.3-8.1 dovecot23-devel-2.3.3-8.1 dovecot23-fts-2.3.3-8.1 dovecot23-fts-debuginfo-2.3.3-8.1 dovecot23-fts-lucene-2.3.3-8.1 dovecot23-fts-lucene-debuginfo-2.3.3-8.1 dovecot23-fts-solr-2.3.3-8.1 dovecot23-fts-solr-debuginfo-2.3.3-8.1 dovecot23-fts-squat-2.3.3-8.1 dovecot23-fts-squat-debuginfo-2.3.3-8.1 References: https://www.suse.com/security/cve/CVE-2019-11494.html https://www.suse.com/security/cve/CVE-2019-11499.html https://www.suse.com/security/cve/CVE-2019-11500.html https://bugzilla.suse.com/1133624 https://bugzilla.suse.com/1133625 https://bugzilla.suse.com/1145559 From sle-security-updates at lists.suse.com Wed Oct 2 10:26:30 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 2 Oct 2019 18:26:30 +0200 (CEST) Subject: SUSE-SU-2019:2512-1: moderate: Security update for jasper Message-ID: <20191002162630.2DDA0F7BE@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2512-1 Rating: moderate References: #1117507 #1117508 Cross-References: CVE-2018-19540 CVE-2018-19541 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508). - CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2512=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2512=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2512=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2512=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2512=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2512=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): jasper-2.0.14-3.8.1 jasper-debuginfo-2.0.14-3.8.1 jasper-debugsource-2.0.14-3.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libjasper4-32bit-2.0.14-3.8.1 libjasper4-32bit-debuginfo-2.0.14-3.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): jasper-2.0.14-3.8.1 jasper-debuginfo-2.0.14-3.8.1 jasper-debugsource-2.0.14-3.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.8.1 jasper-debugsource-2.0.14-3.8.1 libjasper-devel-2.0.14-3.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.8.1 jasper-debugsource-2.0.14-3.8.1 libjasper-devel-2.0.14-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.8.1 jasper-debugsource-2.0.14-3.8.1 libjasper4-2.0.14-3.8.1 libjasper4-debuginfo-2.0.14-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.8.1 jasper-debugsource-2.0.14-3.8.1 libjasper4-2.0.14-3.8.1 libjasper4-debuginfo-2.0.14-3.8.1 References: https://www.suse.com/security/cve/CVE-2018-19540.html https://www.suse.com/security/cve/CVE-2018-19541.html https://bugzilla.suse.com/1117507 https://bugzilla.suse.com/1117508 From sle-security-updates at lists.suse.com Wed Oct 2 10:27:28 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 2 Oct 2019 18:27:28 +0200 (CEST) Subject: SUSE-SU-2019:2515-1: important: Security update for MozillaThunderbird Message-ID: <20191002162728.D32BAF7BE@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2515-1 Rating: important References: #1140868 #1141322 #1149296 #1149297 #1149298 #1149299 #1149303 #1149304 #1150939 #1152375 Cross-References: CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11755 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes 27 vulnerabilities is now available. Description: This update for MozillaThunderbird to version 68.1.1 fixes the following issues: - CVE-2019-11709: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11711: Fixed a script injection within domain through inner window reuse. (bsc#1140868) - CVE-2019-11712: Fixed an insufficient validation of cross-origin POST requests within NPAPI plugins. (bsc#1140868) - CVE-2019-11713: Fixed a use-after-free with HTTP/2 cached stream. (bsc#1140868) - CVE-2019-11714: Fixed a crash in NeckoChild. (bsc#1140868) - CVE-2019-11715: Fixed an HTML parsing error that can contribute to content XSS. (bsc#1140868) - CVE-2019-11716: Fixed an enumeration issue in globalThis. (bsc#1140868) - CVE-2019-11717: Fixed an improper escaping of the caret character in origins. (bsc#1140868) - CVE-2019-11719: Fixed an out-of-bounds read when importing curve25519 private key. (bsc#1140868) - CVE-2019-11720: Fixed a character encoding XSS vulnerability. (bsc#1140868) - CVE-2019-11721: Fixed domain spoofing through unicode latin 'kra' character. (bsc#1140868) - CVE-2019-11723: Fixed a cookie leakage during add-on fetching across private browsing boundaries. (bsc#1140868) - CVE-2019-11724: Fixed a permissions issue with the retired site input.mozilla.org. (bsc#1140868) - CVE-2019-11725: Fixed a SafeBrowsing bypass through WebSockets. (bsc#1140868) - CVE-2019-11727: Fixed an insufficient validation for PKCS#1 v1.5 signatures being used with TLS 1.3. (bsc#1140868) - CVE-2019-11728: Fixed port scanning through Alt-Svc header. (bsc#1140868) - CVE-2019-11729: Fixed a segmentation fault due to empty or malformed p256-ECDH public keys. (bsc#1140868) - CVE-2019-11730: Fixed an insufficient enforcement of the same-origin policy that treats all files in a directory as having the same-origin. (bsc#1140868) - CVE-2019-11739: Fixed a Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message. (bsc#1150939) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) - CVE-2019-11742: Fixed a same-origin policy violation with SVG filters and canvas that enabled theft of cross-origin images. (bsc#1149303) - CVE-2019-11743: Fixed a cross-origin access issue. (bsc#1149298) - CVE-2019-11744: Fixed a XSS involving breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11755: Fixed an insufficient validation of S/MIME messages that allowed the author to be spoofed. (bsc#1152375) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2515=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2515=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-68.1.1-3.51.1 MozillaThunderbird-debuginfo-68.1.1-3.51.1 MozillaThunderbird-debugsource-68.1.1-3.51.1 MozillaThunderbird-translations-common-68.1.1-3.51.1 MozillaThunderbird-translations-other-68.1.1-3.51.1 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-68.1.1-3.51.1 MozillaThunderbird-debuginfo-68.1.1-3.51.1 MozillaThunderbird-debugsource-68.1.1-3.51.1 MozillaThunderbird-translations-common-68.1.1-3.51.1 MozillaThunderbird-translations-other-68.1.1-3.51.1 References: https://www.suse.com/security/cve/CVE-2019-11709.html https://www.suse.com/security/cve/CVE-2019-11710.html https://www.suse.com/security/cve/CVE-2019-11711.html https://www.suse.com/security/cve/CVE-2019-11712.html https://www.suse.com/security/cve/CVE-2019-11713.html https://www.suse.com/security/cve/CVE-2019-11714.html https://www.suse.com/security/cve/CVE-2019-11715.html https://www.suse.com/security/cve/CVE-2019-11716.html https://www.suse.com/security/cve/CVE-2019-11717.html https://www.suse.com/security/cve/CVE-2019-11719.html https://www.suse.com/security/cve/CVE-2019-11720.html https://www.suse.com/security/cve/CVE-2019-11721.html https://www.suse.com/security/cve/CVE-2019-11723.html https://www.suse.com/security/cve/CVE-2019-11724.html https://www.suse.com/security/cve/CVE-2019-11725.html https://www.suse.com/security/cve/CVE-2019-11727.html https://www.suse.com/security/cve/CVE-2019-11728.html https://www.suse.com/security/cve/CVE-2019-11729.html https://www.suse.com/security/cve/CVE-2019-11730.html https://www.suse.com/security/cve/CVE-2019-11739.html https://www.suse.com/security/cve/CVE-2019-11740.html https://www.suse.com/security/cve/CVE-2019-11742.html https://www.suse.com/security/cve/CVE-2019-11743.html https://www.suse.com/security/cve/CVE-2019-11744.html https://www.suse.com/security/cve/CVE-2019-11746.html https://www.suse.com/security/cve/CVE-2019-11752.html https://www.suse.com/security/cve/CVE-2019-11755.html https://bugzilla.suse.com/1140868 https://bugzilla.suse.com/1141322 https://bugzilla.suse.com/1149296 https://bugzilla.suse.com/1149297 https://bugzilla.suse.com/1149298 https://bugzilla.suse.com/1149299 https://bugzilla.suse.com/1149303 https://bugzilla.suse.com/1149304 https://bugzilla.suse.com/1150939 https://bugzilla.suse.com/1152375 From sle-security-updates at lists.suse.com Thu Oct 3 07:12:08 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 3 Oct 2019 15:12:08 +0200 (CEST) Subject: SUSE-SU-2018:4088-3: important: Security update for git Message-ID: <20191003131208.DE5C1F7BE@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4088-3 Rating: important References: #1110949 Cross-References: CVE-2018-17456 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issue: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1073=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1073=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): git-2.12.3-27.17.2 git-arch-2.12.3-27.17.2 git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-cvs-2.12.3-27.17.2 git-daemon-2.12.3-27.17.2 git-daemon-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 git-email-2.12.3-27.17.2 git-gui-2.12.3-27.17.2 git-svn-2.12.3-27.17.2 git-svn-debuginfo-2.12.3-27.17.2 git-web-2.12.3-27.17.2 gitk-2.12.3-27.17.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): git-doc-2.12.3-27.17.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 References: https://www.suse.com/security/cve/CVE-2018-17456.html https://bugzilla.suse.com/1110949 From sle-security-updates at lists.suse.com Thu Oct 3 10:19:14 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 3 Oct 2019 18:19:14 +0200 (CEST) Subject: SUSE-SU-2019:2536-1: moderate: Security update for sqlite3 Message-ID: <20191003161914.F3F1FF7BE@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2536-1 Rating: moderate References: #1150137 Cross-References: CVE-2019-16168 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2536=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2536=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2536=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): sqlite3-debuginfo-3.8.10.2-9.12.1 sqlite3-debugsource-3.8.10.2-9.12.1 sqlite3-devel-3.8.10.2-9.12.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.12.1 libsqlite3-0-debuginfo-3.8.10.2-9.12.1 sqlite3-3.8.10.2-9.12.1 sqlite3-debuginfo-3.8.10.2-9.12.1 sqlite3-debugsource-3.8.10.2-9.12.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.12.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsqlite3-0-3.8.10.2-9.12.1 libsqlite3-0-32bit-3.8.10.2-9.12.1 libsqlite3-0-debuginfo-3.8.10.2-9.12.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.12.1 sqlite3-3.8.10.2-9.12.1 sqlite3-debuginfo-3.8.10.2-9.12.1 sqlite3-debugsource-3.8.10.2-9.12.1 - SUSE CaaS Platform 3.0 (x86_64): libsqlite3-0-3.8.10.2-9.12.1 libsqlite3-0-debuginfo-3.8.10.2-9.12.1 sqlite3-debuginfo-3.8.10.2-9.12.1 sqlite3-debugsource-3.8.10.2-9.12.1 References: https://www.suse.com/security/cve/CVE-2019-16168.html https://bugzilla.suse.com/1150137 From sle-security-updates at lists.suse.com Thu Oct 3 10:15:49 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 3 Oct 2019 18:15:49 +0200 (CEST) Subject: SUSE-SU-2019:2533-1: moderate: Security update for sqlite3 Message-ID: <20191003161549.30188F7BE@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2533-1 Rating: moderate References: #1150137 Cross-References: CVE-2019-16168 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2533=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2533=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2533=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2533=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): sqlite3-doc-3.28.0-3.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): sqlite3-doc-3.28.0-3.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.28.0-3.9.2 libsqlite3-0-debuginfo-3.28.0-3.9.2 sqlite3-3.28.0-3.9.2 sqlite3-debuginfo-3.28.0-3.9.2 sqlite3-debugsource-3.28.0-3.9.2 sqlite3-devel-3.28.0-3.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libsqlite3-0-32bit-3.28.0-3.9.2 libsqlite3-0-32bit-debuginfo-3.28.0-3.9.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.28.0-3.9.2 libsqlite3-0-debuginfo-3.28.0-3.9.2 sqlite3-3.28.0-3.9.2 sqlite3-debuginfo-3.28.0-3.9.2 sqlite3-debugsource-3.28.0-3.9.2 sqlite3-devel-3.28.0-3.9.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libsqlite3-0-32bit-3.28.0-3.9.2 libsqlite3-0-32bit-debuginfo-3.28.0-3.9.2 References: https://www.suse.com/security/cve/CVE-2019-16168.html https://bugzilla.suse.com/1150137 From sle-security-updates at lists.suse.com Thu Oct 3 13:11:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 3 Oct 2019 21:11:05 +0200 (CEST) Subject: SUSE-SU-2019:2545-1: important: Security update for MozillaFirefox Message-ID: <20191003191105.B228AF7BE@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2545-1 Rating: important References: #1109465 #1117473 #1123482 #1124525 #1133810 #1138688 #1140868 #1141322 #1145665 #1149292 #1149293 #1149294 #1149295 #1149296 #1149297 #1149298 #1149299 #1149302 #1149303 #1149304 #1149323 Cross-References: CVE-2019-11710 CVE-2019-11714 CVE-2019-11716 CVE-2019-11718 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-9811 CVE-2019-9812 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: This update for MozillaFirefox to 68.1 fixes the following issues: Security issues fixed: - CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. (bsc#1140868) - CVE-2019-9812: Fixed a sandbox escape through Firefox Sync. (bsc#1149294) - CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11714: Fixed a potentially exploitable crash in Necko. (bsc#1140868) - CVE-2019-11716: Fixed a sandbox bypass. (bsc#1140868) - CVE-2019-11718: Fixed inadequate sanitation in the Activity Stream component. (bsc#1140868) - CVE-2019-11720: Fixed a character encoding XSS vulnerability. (bsc#1140868) - CVE-2019-11721: Fixed a homograph domain spoofing issue through unicode latin 'kra' character. (bsc#1140868) - CVE-2019-11723: Fixed a cookie leakage during add-on fetching across private browsing boundaries. (bsc#1140868) - CVE-2019-11724: Fixed an outdated permission, granting access to retired site input.mozilla.org. (bsc#1140868) - CVE-2019-11725: Fixed a Safebrowsing bypass involving WebSockets. (bsc#1140868) - CVE-2019-11727: Fixed a vulnerability where it possible to force NSS to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. (bsc#1141322) - CVE-2019-11728: Fixed an improper handling of the Alt-Svc header that allowed remote port scans. (bsc#1140868) - CVE-2019-11733: Fixed an insufficient protection of stored passwords in 'Saved Logins'. (bnc#1145665) - CVE-2019-11735: Fixed several memory safety bugs. (bnc#1149293) - CVE-2019-11736: Fixed a file manipulation and privilege escalation in Mozilla Maintenance Service. (bnc#1149292) - CVE-2019-11738: Fixed a content security policy bypass through hash-based sources in directives. (bnc#1149302) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295) Non-security issues fixed: - Latest update now also released for s390x. (bsc#1109465) - Fixed a segmentation fault on s390vsl082. (bsc#1117473) - Fixed a crash on SLES15 s390x. (bsc#1124525) - Fixed a segmentation fault. (bsc#1133810) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2545=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2545=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2545=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2545=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-68.1.0-3.54.2 MozillaFirefox-debuginfo-68.1.0-3.54.2 MozillaFirefox-debugsource-68.1.0-3.54.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): MozillaFirefox-buildsymbols-68.1.0-3.54.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): MozillaFirefox-devel-68.1.0-3.54.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-68.1.0-3.54.2 MozillaFirefox-debuginfo-68.1.0-3.54.2 MozillaFirefox-debugsource-68.1.0-3.54.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.1.0-3.54.2 MozillaFirefox-branding-SLE-68-4.8.5 MozillaFirefox-debuginfo-68.1.0-3.54.2 MozillaFirefox-debugsource-68.1.0-3.54.2 MozillaFirefox-translations-common-68.1.0-3.54.2 MozillaFirefox-translations-other-68.1.0-3.54.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-68.1.0-3.54.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.1.0-3.54.2 MozillaFirefox-branding-SLE-68-4.8.5 MozillaFirefox-debuginfo-68.1.0-3.54.2 MozillaFirefox-debugsource-68.1.0-3.54.2 MozillaFirefox-devel-68.1.0-3.54.2 MozillaFirefox-translations-common-68.1.0-3.54.2 MozillaFirefox-translations-other-68.1.0-3.54.2 References: https://www.suse.com/security/cve/CVE-2019-11710.html https://www.suse.com/security/cve/CVE-2019-11714.html https://www.suse.com/security/cve/CVE-2019-11716.html https://www.suse.com/security/cve/CVE-2019-11718.html https://www.suse.com/security/cve/CVE-2019-11720.html https://www.suse.com/security/cve/CVE-2019-11721.html https://www.suse.com/security/cve/CVE-2019-11723.html https://www.suse.com/security/cve/CVE-2019-11724.html https://www.suse.com/security/cve/CVE-2019-11725.html https://www.suse.com/security/cve/CVE-2019-11727.html https://www.suse.com/security/cve/CVE-2019-11728.html https://www.suse.com/security/cve/CVE-2019-11733.html https://www.suse.com/security/cve/CVE-2019-11735.html https://www.suse.com/security/cve/CVE-2019-11736.html https://www.suse.com/security/cve/CVE-2019-11738.html https://www.suse.com/security/cve/CVE-2019-11740.html https://www.suse.com/security/cve/CVE-2019-11742.html https://www.suse.com/security/cve/CVE-2019-11743.html https://www.suse.com/security/cve/CVE-2019-11744.html https://www.suse.com/security/cve/CVE-2019-11746.html https://www.suse.com/security/cve/CVE-2019-11747.html https://www.suse.com/security/cve/CVE-2019-11748.html https://www.suse.com/security/cve/CVE-2019-11749.html https://www.suse.com/security/cve/CVE-2019-11750.html https://www.suse.com/security/cve/CVE-2019-11751.html https://www.suse.com/security/cve/CVE-2019-11752.html https://www.suse.com/security/cve/CVE-2019-11753.html https://www.suse.com/security/cve/CVE-2019-9811.html https://www.suse.com/security/cve/CVE-2019-9812.html https://bugzilla.suse.com/1109465 https://bugzilla.suse.com/1117473 https://bugzilla.suse.com/1123482 https://bugzilla.suse.com/1124525 https://bugzilla.suse.com/1133810 https://bugzilla.suse.com/1138688 https://bugzilla.suse.com/1140868 https://bugzilla.suse.com/1141322 https://bugzilla.suse.com/1145665 https://bugzilla.suse.com/1149292 https://bugzilla.suse.com/1149293 https://bugzilla.suse.com/1149294 https://bugzilla.suse.com/1149295 https://bugzilla.suse.com/1149296 https://bugzilla.suse.com/1149297 https://bugzilla.suse.com/1149298 https://bugzilla.suse.com/1149299 https://bugzilla.suse.com/1149302 https://bugzilla.suse.com/1149303 https://bugzilla.suse.com/1149304 https://bugzilla.suse.com/1149323 From sle-security-updates at lists.suse.com Fri Oct 4 07:11:53 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 4 Oct 2019 15:11:53 +0200 (CEST) Subject: SUSE-SU-2019:14188-1: moderate: Security update for java-1_7_0-ibm Message-ID: <20191004131153.96084F7BE@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14188-1 Rating: moderate References: #1141782 #1141783 #1141789 #1147021 Cross-References: CVE-2019-11771 CVE-2019-11775 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for java-1_7_0-ibm fixes the following issues: Update to Java 7.0 Service Refresh 10 Fix Pack 50 (bsc#1147021). Security issues fixed: - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1147021). - CVE-2019-4473: Fixed insecure RPATH in multiple binaries on AIX (bsc#1147021). - CVE-2019-7317: Fixed use-after-free in libpng, affecting client-libs/java.awt (bsc#1147021). - CVE-2019-11771: Fixed insecure RPATH in OpenJ9 on AIX (bsc#1147021). - CVE-2019-11775: Fixed failure to privatize a value pulled out of the loop by versioning (bsc#1147021). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-14188=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr10.50-65.42.1 java-1_7_0-ibm-alsa-1.7.0_sr10.50-65.42.1 java-1_7_0-ibm-devel-1.7.0_sr10.50-65.42.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.50-65.42.1 java-1_7_0-ibm-plugin-1.7.0_sr10.50-65.42.1 References: https://www.suse.com/security/cve/CVE-2019-11771.html https://www.suse.com/security/cve/CVE-2019-11775.html https://www.suse.com/security/cve/CVE-2019-2762.html https://www.suse.com/security/cve/CVE-2019-2766.html https://www.suse.com/security/cve/CVE-2019-2769.html https://www.suse.com/security/cve/CVE-2019-2816.html https://www.suse.com/security/cve/CVE-2019-4473.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1141782 https://bugzilla.suse.com/1141783 https://bugzilla.suse.com/1141789 https://bugzilla.suse.com/1147021 From sle-security-updates at lists.suse.com Fri Oct 4 10:15:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 4 Oct 2019 18:15:31 +0200 (CEST) Subject: SUSE-SU-2019:2550-1: important: Security update for bind Message-ID: <20191004161531.A08D2F7BE@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2550-1 Rating: important References: #1118367 #1118368 #1138687 Cross-References: CVE-2019-6471 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for bind fixes the following issues: Security issue fixed: - CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) Non-security issue fixed: - bind will no longer rely on /etc/insserv.conf (bsc#1118367, bsc#1118368) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2550=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2550=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2550=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2550=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2550=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2550=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): bind-9.11.2-12.13.2 bind-chrootenv-9.11.2-12.13.2 bind-debuginfo-9.11.2-12.13.2 bind-debugsource-9.11.2-12.13.2 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): bind-doc-9.11.2-12.13.2 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): bind-9.11.2-12.13.2 bind-chrootenv-9.11.2-12.13.2 bind-debuginfo-9.11.2-12.13.2 bind-debugsource-9.11.2-12.13.2 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): bind-doc-9.11.2-12.13.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.2-12.13.2 bind-debugsource-9.11.2-12.13.2 bind-lwresd-9.11.2-12.13.2 bind-lwresd-debuginfo-9.11.2-12.13.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): bind-devel-32bit-9.11.2-12.13.2 libbind9-160-32bit-9.11.2-12.13.2 libbind9-160-32bit-debuginfo-9.11.2-12.13.2 libdns169-32bit-9.11.2-12.13.2 libdns169-32bit-debuginfo-9.11.2-12.13.2 libirs160-32bit-9.11.2-12.13.2 libirs160-32bit-debuginfo-9.11.2-12.13.2 libisc166-32bit-9.11.2-12.13.2 libisc166-32bit-debuginfo-9.11.2-12.13.2 libisccc160-32bit-9.11.2-12.13.2 libisccc160-32bit-debuginfo-9.11.2-12.13.2 libisccfg160-32bit-9.11.2-12.13.2 libisccfg160-32bit-debuginfo-9.11.2-12.13.2 liblwres160-32bit-9.11.2-12.13.2 liblwres160-32bit-debuginfo-9.11.2-12.13.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.2-12.13.2 bind-debugsource-9.11.2-12.13.2 bind-lwresd-9.11.2-12.13.2 bind-lwresd-debuginfo-9.11.2-12.13.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.2-12.13.2 bind-debugsource-9.11.2-12.13.2 bind-devel-9.11.2-12.13.2 bind-utils-9.11.2-12.13.2 bind-utils-debuginfo-9.11.2-12.13.2 libbind9-160-9.11.2-12.13.2 libbind9-160-debuginfo-9.11.2-12.13.2 libdns169-9.11.2-12.13.2 libdns169-debuginfo-9.11.2-12.13.2 libirs-devel-9.11.2-12.13.2 libirs160-9.11.2-12.13.2 libirs160-debuginfo-9.11.2-12.13.2 libisc166-9.11.2-12.13.2 libisc166-debuginfo-9.11.2-12.13.2 libisccc160-9.11.2-12.13.2 libisccc160-debuginfo-9.11.2-12.13.2 libisccfg160-9.11.2-12.13.2 libisccfg160-debuginfo-9.11.2-12.13.2 liblwres160-9.11.2-12.13.2 liblwres160-debuginfo-9.11.2-12.13.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-bind-9.11.2-12.13.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.2-12.13.2 bind-debugsource-9.11.2-12.13.2 bind-devel-9.11.2-12.13.2 bind-utils-9.11.2-12.13.2 bind-utils-debuginfo-9.11.2-12.13.2 libbind9-160-9.11.2-12.13.2 libbind9-160-debuginfo-9.11.2-12.13.2 libdns169-9.11.2-12.13.2 libdns169-debuginfo-9.11.2-12.13.2 libirs-devel-9.11.2-12.13.2 libirs160-9.11.2-12.13.2 libirs160-debuginfo-9.11.2-12.13.2 libisc166-9.11.2-12.13.2 libisc166-debuginfo-9.11.2-12.13.2 libisccc160-9.11.2-12.13.2 libisccc160-debuginfo-9.11.2-12.13.2 libisccfg160-9.11.2-12.13.2 libisccfg160-debuginfo-9.11.2-12.13.2 liblwres160-9.11.2-12.13.2 liblwres160-debuginfo-9.11.2-12.13.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python3-bind-9.11.2-12.13.2 References: https://www.suse.com/security/cve/CVE-2019-6471.html https://bugzilla.suse.com/1118367 https://bugzilla.suse.com/1118368 https://bugzilla.suse.com/1138687 From sle-security-updates at lists.suse.com Fri Oct 4 10:16:34 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 4 Oct 2019 18:16:34 +0200 (CEST) Subject: SUSE-SU-2019:2562-1: moderate: Security update for ansible1, ardana-ansible, ardana-cluster, ardana-db, ardana-extensions-nsx, ardana-glance, ardana-input-model, ardana-installer-ui, ardana-manila, ardana-monasca, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, grafana, novnc, openstack-cinder, openstack-dashboard, openstack-designate, openstack-glance, openstack-heat, openstack-horizon-plugin-heat-ui, openstack-horizon-plugin-monasca-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, openstack-octavia, openstack-sahara, openstack-tempest, openstack-watcher, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-urllib3, rubygem-easy_diff Message-ID: <20191004161634.8A801F7BE@maintenance.suse.de> SUSE Security Update: Security update for ansible1, ardana-ansible, ardana-cluster, ardana-db, ardana-extensions-nsx, ardana-glance, ardana-input-model, ardana-installer-ui, ardana-manila, ardana-monasca, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, grafana, novnc, openstack-cinder, openstack-dashboard, openstack-designate, openstack-glance, openstack-heat, openstack-horizon-plugin-heat-ui, openstack-horizon-plugin-monasca-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, openstack-octavia, openstack-sahara, openstack-tempest, openstack-watcher, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-urllib3, rubygem-easy_diff ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2562-1 Rating: moderate References: #1118900 #1119737 #1120657 #1140267 #1145967 #1147144 #1148158 #1150895 #1152032 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ansible1, ardana-ansible, ardana-cluster, ardana-db, ardana-extensions-nsx, ardana-glance, ardana-input-model, ardana-installer-ui, ardana-manila, ardana-monasca, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, grafana, novnc, openstack-cinder, openstack-dashboard, openstack-designate, openstack-glance, openstack-heat, openstack-horizon-plugin-heat-ui, openstack-horizon-plugin-monasca-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, openstack-octavia, openstack-sahara, openstack-tempest, openstack-watcher, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-urllib3, rubygem-easy_diff contains the following fixes: - 0004-add_ipv6_support_to_synchronize_action_plugin.patch fixes: bsc#1145967 IPv6 addreses need to be wrapped when used in scp command in the form scp user@[ipv6address]:port SOC-10117 - Update to version 9.0+git.1568385829.54601ac: * Enable Cloud9 parallelised upgrade workflow (SOC-10484) - Update to version 9.0+git.1568379640.07c5144: * Enable DB upgrade in ardana-update.yml (SOC-10094) - Update to version 9.0+git.1567617871.4426809: * Ensure tls-upgrade.yml called by ardana-update.yml (SOC-9942) - Update to version 9.0+git.1566486136.e2f6b0f: * Add deprecations cleanup support (SOC-10275) - Update to version 9.0+git.1568150980.027f167: * Enable auth_openidc Apache2 module (SOC-10509) - Update to version 9.0+git.1568382922.6f2cea4: * Use galera-upgrade.yml for update/upgrade workflow (SOC-10521) - Update to version 9.0+git.1568830037.2eea267: * Add missing DHCP options for NSX-T (SOC-5838) - Update to version 9.0+git.1568307751.d68a198: * Add NSX-T QoS service definition (SOC-10479) - Update to version 9.0+git.1567606893.85b4d54: * Add NSX-T LBaaS service definition (SOC-9900) - Update to version 9.0+git.1567416354.e45fd54: * Add missing policies for NSX-T (SOC-5831) - Update to version 9.0+git.1567196895.2e056b5: * Add NSX-T VPNaaS service definition (SOC-9935) * Add NSX-T FWaaS service definition (SOC-9935) - Update to version 9.0+git.1567196861.0ca4cc9: * Add the NSX-T DNS service definition (SOC-9912) - Update to version 9.0+git.1567196262.39a7dd0: * Improvements over initial NSX-T support (SOC-5831) - Update to version 9.0+git.1566918834.1b7a49a: * Update policy json templates for vmware-nsx (SOC-10254) - Update to version 9.0+git.1567000146.4569d10: * Cloud 8to9 upgrade enhancements for glance (SOC-10043) - Update to version 9.0+git.1566409257.eec6360: * Add neutron-fwaas.json when neutron-l3-agent is deployed (SOC-10280) - Update to version 9.0+git.1569535129.ca87ef0: * Add support for running in Docker container (SOC-8524) (#350) - Update to version 9.0+git.1567797529.273abf2: * Use IPv6 validator on baremetal (SOC-10251) - Update to version 9.0+git.1568835830.10c9689: * Ensure Manila services don't auto start on reboot (SOC-10641) - Update to version 9.0+git.1567695427.5974ab2: * Stop existing mon-api services during upgrade (SOC-10470) - Update to version 9.0+git.1568817582.a4813e2: * Fix neutron-ovsvapp-agent status (SOC-10637) - Update to version 9.0+git.1567606982.697a2bf: * Let SDNs configure LB service provider (SOC-9900) - Update to version 9.0+git.1567606981.c612be8: * API extension paths separated by colon (SOC-10447) - Update to version 9.0+git.1567000278.309171b: * Neutron 8to9 upgrade workflow (SOC-10080) - Update to version 9.0+git.1566503987.df6961f: * Add policy.d/neutron-fwaas.json.j2 (SOC-10280) - Update to version 9.0+git.1567630824.aa6dc2d: * api_db sync needed before db_expand.yml (SOC-10023) - Update to version 9.0+git.1567125466.9b151d6: * Enable tls channel for vnc on compute VM (SOC-9942) - Update to version 9.0+git.1566826931.741980f: * Install libosinfo package (SOC-10295) - Update to version 9.0+git.1568362662.7fba216: * Make octavia heartbeat frequency options configurable (SOC-9285) - Update to version 9.0+git.1566374458.f58d2bb: * Include SES variables when configuring image (SOC-9285) - Update to version 9.0+git.1566593422.813e56c: * Update ip address validator (SOC-9679) - Update to version 9.0+git.1567630791.5ca70a6: * Revert Ansible 2.x compatibility change (SOC-10452) - Update to version 9.0+git.1567553292.5991a87: * Configured openvswitch logrotate user based on system settings (SOC-10282) - Update to version 9.0+git.1569439941.6800991: * Re-enable streaming of playbook logs (SOC-10720) - Update to version 9.0+git.1569257240.456c4fc: * Add condition to avoid case with no compute (SOC-10692) - Update to version 9.0+git.1568075665.a627f71: * Fix missing key error for c9 update (SOC-10476) - Update to version 9.0+git.1567640139.61bbe4e: * Add support for redhat compute (SOC-9942) - Update to version 9.0+git.1567530252.4b0dc66: * Generate vnc server cert on compute host (SOC-9942) - Update to version 6.0+git.1569587091.3f083d63c: * barclamp_lib: Sync timeout with other barclamps (SOC-10513, SOC-10011) * Revert "batch: Use easy_merge for merging (SOC-10505)" * batch: Use easy_merge for merging (SOC-10505) - Update to version 6.0+git.1569357869.75e2690cc: * Update input group to be more specific (SOC-10644) - Update to version 6.0+git.1569231374.0fa522d5d: * Revert "batch: Use easy_merge for merging (SOC-10505)" - Update to version 6.0+git.1568968829.f21efcf5e: * batch: Use easy_merge for merging (SOC-10505) - Update to version 6.0+git.1568744770.09e7a1fe1: * upgrade: Fix pie chart colors on dashboard (SOC-10619) - Update to version 6.0+git.1568201547.4dfc6ffec: * gems: Update easy_diff to 1.0.0 (SOC-10505) - Update to version 6.0+git.1567846948.0f169d133: * upgrade: Reload nova services early (SOC-10273) * upgrade: Update release name (trivial) * upgrade: Upgrade compute services early (SOC-10273) - Update to version 6.0+git.1567731275.6019e8f62: * IPV6:Expose methods in chef NetworkHelper to crowbar_framework (SOC-6397) - Update to version 6.0+git.1567694723.1a9df112d: * Allow designate rndc for all nodes (SOC-10339) - Update to version 6.0+git.1567599465.9b1ea2814: * upgrade: dump Monasca, Grafana databases (SOC-9772) - Update to version 6.0+git.1567195728.44b7cf1d0: * Public ips for dns nodes when designate integration is in use (SOC-9635) - Update to version 6.0+git.1567161357.ba5de8885: * network: Check existing upper layers before bond setup (bsc#1120657) * network: never plug two interface into the same ovs bridge (bsc#1120657) * network: Avoid plugging the same interface to two ovs bridges (bsc#1120657) * nic library: some helper for identifying base interface (bsc#1120657) * network: Rework the vlan port replugging code (bsc#1120657) * network: DRY out "kill_nic_files" (noref) * network: override sysctl netfilter param(SOC-6229) - Update to version 6.0+git.1567094352.24e2a710d: * upgrade: Re-run upgrade on non-compute nodes (SOC-10072) - Update to version 6.0+git.1566808212.3e1e65b69: * allow user to ask for FQDN as public hostname (SOC-9616) - Update to version 6.0+git.1567673476.1342c3d: * Fix typo in error message - Update to version 6.0+git.1569805311.a94583476: * Designate: Add dns_domain_ports config (SOC-10740) - Update to version 6.0+git.1569429613.2b29fd9d6: * horizon: add back horizon service reload (SOC-10191) * helper:move config_for_role_exists from horizon to crowbar-openstack(SOC-10191) * tempest: don't rely on service catalogue (SOC-10633) - Update to version 6.0+git.1569343076.e8ca90fd9: * enable LDAP chase_referrals configuration (SOC-7364) - Update to version 6.0+git.1569255523.d14bb0d9d: * nova: Don't autoselect nodes for Xen (continued) (bsc#1147144) - Update to version 6.0+git.1569053948.d0e638900: * Add pci passthrough filter (SOC-10624) * glance: don't reuse sync mark names (SOC-10348) * nova: Don't autoselect nodes for Xen (bsc#1147144) * database: fix no-op migration 302 (SOC-10623) * Fix Cloud 8 no-op migrations (SOC-10623) - Update to version 6.0+git.1568986202.bae13ce05: * designate: Fix the keys syntax error on migrations (SOC-10660) - Update to version 6.0+git.1568968817.8df296f0c: * upgrade: restore Monasca/Grafana DB (SOC-9772) - Update to version 6.0+git.1568904766.a7e023933: * Revert "designate: Mark as user managed (SOC-10233)" * nova: set default attribute for max_threads_per_process * Add tempest filter for designate (SOC-10288) * Allow setting ElasticSearch path.repo from Crowbar (SOC-10440, bsc#1148158) - Update to version 6.0+git.1568735102.940794f57: * Use source load balancing for OpenID Connect (SOC-10551) - Update to version 6.0+git.1568676694.b4ebc087b: * designate: Mark as user managed (SOC-10233) * Octavia: Hide UI until complete (SOC-10550) - Update to version 6.0+git.1568650755.8399d83e9: * IPV6: Barclamp horizon make IPV6 compliant (SOC-6397) - Update to version 6.0+git.1568325876.a82d6c3c6: * designate: Correct missing variable (SOC-10549) - Update to version 6.0+git.1568242913.38fe0574a: * designate: cleanup producer HA deployment (SOC-9766) - Update to version 6.0+git.1568130776.de1686df9: * designate: No longer care about master/slave (SOC-10456) * tempest: remove manila test from blacklist (SOC-9298) * nova: raise neutron client timeout to 5 minutes * neutron: Small cleanup to neutron_lbaas.conf template * neutron-lbaas: remove loadbalancer/pool limit - Update to version 6.0+git.1568004341.35d132726: * Designate default Bind9 pool config (SOC-10339) - Update to version 6.0+git.1567626408.bd1a24326: * nova: Don't put nova-compute roles on monasca node (SOC-10373) - Update to version 6.0+git.1567522813.05041a6eb: * Fix OpenID migration (SOC-9616) - Update to version 6.0+git.1567383972.eeae4cf86: * designate: Update ns_records with all nameservers (SOC-9636) - Update to version 6.0+git.1567095011.0d080dce4: * support OpenID Connect WebSSO (SOC-9616) - Update to version 6.0+git.1566925661.1e127bf66: * designate: Deploy producer on a server node (SOC-9766) - Update to version 6.0+git.1566851961.bda2f922c: * database: Hardcode ruby version for package installation (SOC-10010) - Update to version 6.0+git.1566629500.bbc0dd82f: * rabbitmq: Turn off hipe compile * designate: initialize email in default designate proposal - Update to version 6.0+git.1566553393.e01147258: * memcache: lookup memcached servers port only on local node (SOC-10173) - Update to version 1.3.0+git.1568396400.0344a727: * upgrade: Add missing precheck titles - spec file change: * alter permissions of /etc/grafana and /var/lib/grafana to 755 * alter owner of /etc/grafana/provisioning/dashboards tree to root:root * this allows installing dashboards via rpms without these rpms depending on this rpm - Update to version 6.2.5: * release 6.2.5 * Panel: Fully escape html in drilldown links (was only sanitized before) (#17731) * Grafana-CLI: Wrapper for `grafana-cli` within RPM/DEB packages and config/homepath are now global flags (#17695) * config: fix connstr for remote_cache (#17675) * TablePanel: fix annotations display (#17646) * middleware: fix Strict-Transport-Security header (#17644) * Elasticsearch: Fix empty query request to send properly (#17488) * release 6.2.4 * grafana-cli: Fix receiving flags via command line (#17617) * HTTPServer: Fix X-XSS-Protection header formatting (#17620) * release 6.2.3 * cli: grafana-cli should receive flags from the command line (#17606) * AuthProxy: Optimistic lock pattern for remote cache Set (#17485) * OAuth: Fix for wrong user token updated on OAuth refresh in DS proxy (#17541) * middleware: add security related HTTP(S) response headers (#17522) * remote_cache: Fix redis (#17483) * auth_proxy: non-negative cache TTL (#17495) - Update to version 6.2.2: * Security Fix: Prevent csv formula injection attack * PluginConfig: Fixed plugin config page navigation when using subpath * Explore: Update time range before running queries * Perf: Fix slow dashboards ACL query * Database: Initialize xorm with an empty schema for postgres * CloudWatch: Avoid exception while accessing results - Remove phantomjs dependency * Modified: Makefile - Update to version 6.2.1 * Bug Fixes + Auth Proxy: Resolve database is locked errors. + Database: Retry transaction if sqlite returns database is locked error. + Explore: Fixes so clicking in a Prometheus Table the query is filtered by clicked value. + Singlestat: Fixes issue with value placement and line wraps. + Tech: Update jQuery to 3.4.1 to fix issue on iOS 10 based browers as well as Chrome 53.x. * Features / Enhancements + CLI: Add command to migrate all datasources to use encrypted password fields. + Gauge/BarGauge: Improvements to auto value font size. * Modified: README - Update to version 6.2.0 * Bug Fixes + BarGauge: Fix for negative min values. + Gauge/BarGauge: Fix for issues editing min & max options. + Search: Make only folder name only open search with current folder filter. + AzureMonitor: Revert to clearing chained dropdowns. + Dashboard: Fixes blank dashboard after window resize with panel without title. + Dashboard: Fixes lazy loading & expanding collapsed rows on mobile. + Dashboard: Fixes scrolling issues for Edge browser. + Dashboard: Show refresh button in first kiosk(tv) mode. + Explore: Fix empty result from datasource should render logs container. + Explore: Fixes so clicking in a Prometheus Table the query is filtered by clicked value. + Explore: Makes it possible to zoom in Explore/Loki/Graph without exception. + Gauge: Fixes orientation issue after switching from BarGauge to Gauge. + GettingStarted: Fixes layout issues in getting started panel. + InfluxDB: Fix HTTP method should default to GET. + Panels: Fixed alert icon position in panel header. + Panels: Fixes panel error tooltip not showing. + Plugins: Fix how datemath utils are exposed to plugins. + Singlestat: fixed centering issue for very small panels. + Search: Scroll issue in dashboard search in latest Chrome. + Docker: Prevent a permission denied error when writing files to the default provisioning directory. + Gauge: Adds background shade to gauge track and improves height usage. + RemoteCache: Avoid race condition in Set causing error on insert. . + Build: Fix bug where grafana didn't start after mysql on rpm packages. + CloudWatch: Fixes query order not affecting series ordering & color. + CloudWatch: Use default alias if there is no alias for metrics. + Config: Fixes bug where timeouts for alerting was not parsed correctly. + Elasticsearch: Fix view percentiles metric in table without date histogram. + Explore: Prevents histogram loading from killing Prometheus instance. + Graph: Allow override decimals to fully override. + Mixed Datasource: Fix error when one query is disabled. + Search: Fixes search limits and adds a page parameter. + Security: Responses from backend should not be cached. * Breaking Changes + Plugins: Data source plugins that process hidden queries need to add a "hiddenQueries: true" attribute in plugin.json. + Gauge Panel: The suffix / prefix options have been removed from the new Gauge Panel (introduced in v6.0). #16870. * Features / Enhancements + Plugins: Support templated urls in plugin routes. + Packaging: New MSI windows installer package**. + Admin: Add more stats about roles. + Alert list panel: Support variables in filters. + Alerting: Adjust label for send on all alerts to default . + Alerting: Makes timeouts and retries configurable. + Alerting: No notification when going from no data to pending. + Alerting: Pushover alert, support for different sound for OK. + Auth: Enable retries and transaction for some db calls for auth tokens . + AzureMonitor: Adds support for multiple subscriptions per datasource. + Bar Gauge: New multi series enabled gauge like panel with horizontal and vertical layouts and 3 display modes. + Build: Upgrades to golang 1.12.4. + CloudWatch: Update AWS/IoT metric and dimensions. + Config: Show user-friendly error message instead of stack trace. + Dashboard: Enable filtering dashboards in search by current folder. + Dashboard: Lazy load out of view panels . + DataProxy: Restore Set-Cookie header after proxy request. + Datasources: Add pattern validation for time input on datasource config pages. + Elasticsearch: Add 7.x version support. + Explore: Adds reconnect for failing datasource. + Explore: Support user timezone. + InfluxDB: Add support for POST HTTP verb. + Loki: Search is now case insensitive. + OAuth: Update jwt regexp to include =. + Panels: No title will no longer make panel header take up space. + Prometheus: Adds tracing headers for Prometheus datasource. + Provisioning: Add API endpoint to reload provisioning configs. + Provisioning: Do not allow deletion of provisioned dashboards. + Provisioning: Interpolate env vars in provisioning files. + Security: Add new setting allow_embedding. + Security: Store datasource passwords encrypted in secureJsonData. + UX: Improve Grafana usage for smaller screens. + Units: Add angle units, Arc Minutes and Seconds. - Update to version 6.1.6 * Security: Bump jQuery to 3.4.0 * Playlist: Fix loading dashboards by tag. - Update to version 6.0.2: * Fixed issue with alert links in alert list panel causing panel not found errors, fixes #15680 * Improved error handling when rendering dashboard panels, fixes #15913 * fix allow anonymous server bind for ldap search * add nil/length check when delete old login attempts * fix discord notifier so it doesn't crash when there are no image generated * fix only users that can edit a dashboard should be able to update panel json * move to new component to handle focus * added state to not set focus on search every render * Snapshots update * Use app config directly in ButtonRow instead of passing datasources page URL via prop * Update snapshots * Fixed url of back button in datasource edit page, when root_url configured * release: Bumped version - Update to version 6.0.1: * Bug Fixes: + utils: show string errors + Viewers with viewers_can_edit should be able to access /explore + log phantomjs output even if it timeout and include orgId when render alert - Update to version 6.0.0: * Breaking Changes: + Text Panel: The text panel does no longer by default allow unsantizied HTML. This means that if you have text panels with scripts tags they will no longer work as before. To enable unsafe javascript execution in text panels enable the settings disable_sanitize_html under the section [panels] in your Grafana ini file, or set env variable GF_PANELS_ABLE_SANITIZE_HTML=true. + Dashboard: Panel property minSpan replaced by maxPerRow. Dashboard migration will automatically migrate all dashboard panels using the minSpan property to the new maxPerRow property + Internal Metrics Edition has been added to the build_info metric. This will break any Graphite queries using this metric. Edition will be a new label for the Prometheus metric. * New Features: + Alerting: Adds support for Google Hangouts Chat notifications + Elasticsearch: Support bucket script pipeline aggregations + Influxdb: Add support for time zone (tz) clause + Snapshots: Enable deletion of public snapshot + Provisioning: Provisioning support for alert notifiers + Explore: A whole new way to do ad-hoc metric queries and exploration. Split view in half and compare metrics & logs and much much more. Read more here + Auth: Replace remember me cookie solution for Grafana's builtin, LDAP and OAuth authentication with a solution based on short-lived tokens + AzureMonitor: Enable alerting by converting Azure Monitor API to Go + Explore A new query focused workflow for ad-hoc data exploration and troubleshooting. + Grafana Loki Integration with the new open source log aggregation system from Grafana Labs. + Gauge Panel A new standalone panel for gauges. + New Panel Editor UX improves panel editing and enables easy switching between different visualizations. + Google Stackdriver Datasource is out of beta and is officially released. + React Plugin support enables an easier way to build plugins. + Named Colors in our new improved color picker. + Removal of user session storage makes Grafana easier to deploy & improves security. * Bug Fixes: + Metrics: Fixes broken usagestats metrics for /metrics + Dashboard: Fixes kiosk mode should have &kiosk appended to the url + Dashboard: Fixes kiosk=tv mode with autofitpanels should respect header + Image rendering: Fixed image rendering issue for dashboards with auto refresh, + Dashboard: Fix only users that can edit a dashboard should be able to update panel json. + LDAP: fix allow anonymous initial bind for ldap search. + UX: Fixed scrollbar not visible initially (only after manual scroll). + Datasource admin TestData + Dashboard: Fixed scrolling issue that caused scroll to be locked to bottom. + Explore: Viewers with viewers_can_edit should be able to access /explore. + Security fix: limit access to org admin and alerting pages. + Panel Edit minInterval changes did not persist + Teams: Fixed bug when getting teams for user. + Stackdriver: fix for float64 bounds for distribution metrics + Stackdriver: no reducers available for distribution type + Influxdb: Add support for alerting on InfluxDB queries that use the non_negative_difference function + Alerting: Fix percent_diff calculation when points are nulls + Alerting: Fixed handling of alert urls with true flags + Gauge: Fix issue with gauge requests being cancelled + Gauge: Accept decimal inputs for thresholds + UI: Fix error caused by named colors that are not part of named colors palette + Search: Bug pressing special regexp chars in input fields + Permissions: No need to have edit permissions to be able to "Save as" + Search: Fix for issue with scrolling the "tags filter" dropdown + Prometheus: Query for annotation always uses 60s step regardless of dashboard range + Annotations: Fix creating annotation when graph panel has ata points position the popup outside viewport + Piechart/Flot: Fixes multiple piechart instances with donut bug + plus many minor changes and fixes - Update to version 5.4.3: * Fixes: + Alerting Invalid frequency causes division by zero in alert scheduler + Dashboard Dashboard links do not update when time range changes + Limits Support more than 1000 datasources per org + Backend fix signed in user for orgId=0 result should return active org id + Provisioning Adds orgId to user dto for provisioned dashboards - Update to version 5.4.2: * Fixes: + Datasource admin: Fix for issue creating new data source when same name exists + OAuth: Fix for oauth auto login setting, can now be set using env variable + Dashboard search: Fix for searching tags in tags filter dropdown. - Update to version 5.4.1: * Fixes: + Stackdriver: Fixes issue with data proxy and Authorization header + Units: fixedUnit for Flow:l/min and mL/min + Logging: Fix for issue where data proxy logged a secret when debug logging was enabled, now redacted. + InfluxDB: Add support for alerting on InfluxDB queries that use the cumulative_sum function. + Plugins: Panel plugins should no receive the panel-initialized event again as usual. + Embedded Graphs: Iframe graph panels should now work as usual. + Postgres: Improve PostgreSQL Query Editor if using different Schemas, + Quotas: Fixed for updating org & user quotas. + Cloudwatch: Add the AWS/SES Cloudwatch metrics of BounceRate and ComplaintRate to auto complete list. + Dashboard Search: Fixed filtering by tag issues. + Graph: Fixed time region issues, + Graph: Fixed issue with series color picker popover being placed outside window. - Update to version 5.4.0: * Breaking Changes: + Postgres/MySQL/MSSQL datasources now per default uses max open connections = unlimited (earlier 10), max idle connections = 2 (earlier 10) and connection max lifetime = 4 hours (earlier unlimited). * Features: + Alerting: Introduce alert debouncing with the FOR setting. + Alerting: Option to disable OK alert notifications + Postgres/MySQL/MSSQL: Adds support for configuration of max open/idle connections and connection max lifetime. Also, panels with multiple SQL queries will now be executed concurrently + MySQL: Graphical query builder + MySQL: Support connecting thru Unix socket for MySQL datasource + MSSQL: Add encrypt setting to allow configuration of how data sent between client and server are encrypted + Stackdriver: Not possible to authenticate using GCE metadata server + Teams: Team preferences (theme, home dashboard, timezone) support + Graph: Time regions support enabling highlight of weekdays and/or certain timespans + OAuth: Automatic redirect to sign-in with OAuth + Stackdriver: Template query editor * Fixes: + Cloudwatch: Fix invalid time range causes segmentation fault + Cloudwatch: AWS/CodeBuild metrics and dimensions + MySQL: Fix $__timeFrom() and $__timeTo() should respect local time zone + Graph: Fix legend always visible even if configured to be hidden + Elasticsearch: Fix regression when using datasource version 6.0+ and alerting - Update to version 5.3.4: * minor bug fixes - Fix patch novnc-1.0.0-fix-interpreter.patch * Renamed to patch novnc-1.1.0-fix-interpreter.patch - Update to 1.1.0: Application: * New translations for Russian, Korean, Czech and Chinese (traditional) languages * Fixed an issue where you didn't get scrollbn your browser on Windows if you had a touch screen. * Added the Super/Windows key to the toolbar. * Added an option to show a dot when there otherwise wouldn't be a visible cursor. * View drag is no longer available when in scaling mode. Library: * A large number of coding style changes has been made to make the code easier to read and better to work with. * Many keyboard issues has been fixed. * Local cursor is now available on all platforms. * Fixed a number of crashes related to clipboard. * Fixed issues that occurred if data from the server was being received slowly. * A problem has been fixed where the display module would incorrectly handle high DPI systems causing scrollbars to show when they shouldn't. - require python3-websockify for recent distros (bsc#1119737) - Update to version cinder-13.0.7.dev16: * Dell EMC SC: Handle the mappings of multiattached volume - Update to version cinder-13.0.7.dev14: * 3PAR: Add config for NSP single path attach - Update to version cinder-13.0.7.dev12: * Fix VolumeAttachment is not bound to a Session * Fix ceph: only close rbd image after snapshot iteration is finished - Update to version cinder-13.0.7.dev8: * Fix NFS volume retype with migrate - Update to version cinder-13.0.7.dev7: * Remove experimental openSUSE 42.3 job - Update to version cinder-13.0.7.dev5: * Fixing 404's and broken links - Update to version cinder-13.0.7.dev16: * Dell EMC SC: Handle the mappings of multiattached volume - Update to version cinder-13.0.7.dev14: * 3PAR: Add config for NSP single path attach - Update to version cinder-13.0.7.dev12: * Fix VolumeAttachment is not bound to a Session * Fix ceph: only close rbd image after snapshot iteration is finished - Update to version cinder-13.0.7.dev8: * Fix NFS volume retype with migrate - Update to version cinder-13.0.7.dev7: * Remove experimental openSUSE 42.3 job - Update to version cinder-13.0.7.dev5: * Fixing 404's and broken links - Update to version horizon-14.0.4.dev11: * Fix listing security groups when no rules - Update to version horizon-14.0.4.dev9: * Fix quoting in zuul for tempest plugins * Allow creating ICMPV6 rules - Update to version horizon-14.0.4.dev6: * Ensure to call patch\_middleware\_get\_user() in api.test\_base - Update to version horizon-14.0.4.dev5: * Fixing broken links - Update to version designate-7.0.1.dev22: * Fixing 404 link - Update to version designate-7.0.1.dev22: * Fixing 404 link - Update to version glance-17.0.1.dev30: * Fix manpage building and remove glance-cache-manage - Update to version glance-17.0.1.dev28: * Fix doc build after removal of glance-cache-manage man page - Update to version glance-17.0.1.dev26: * Updating Ceph 404 URLs - Update to version glance-17.0.1.dev24: * Remove experimental openSUSE 42.3 job * OpenDev Migration Patch - Update to version glance-17.0.1.dev22: * Failure in web-dowload kept image in importing state * Replace openstack.org git:// URLs with https:// * Data remains in staging area if 'file' store is not enabled * Removed glancecachemanage.rst and updated header.txt - Update to version glance-17.0.1.dev30: * Fix manpage building and remove glance-cache-manage - Rebased patches: + 0001-Fix-manpage-building-and-remove-glance-cache-manage.patch dropped (merged upstream) - Update to version glance-17.0.1.dev28: * Fix doc build after removal of glance-cache-manage man page - Update to version glance-17.0.v26: * Updating Ceph 404 URLs - Update to version glance-17.0.1.dev24: * Remove experimental openSUSE 42.3 job * OpenDev Migration Patch - Add 0001-Drop-glance-cache-manage-entrypoint-from-setup.cfg.patch (SOC-6366) This removes the broken entrypoint for /usr/bin/glance-cache-manage The code behind the executable was already removed upstream so the executable was not usable - Update to version glance-17.0.1.dev22: * Failure in web-dowload kept image in importing state * Replace openstack.org git:// URLs with https:// * Data remains in staging area if 'file' store is not enabled * Removed glancecachemanage.rst and updated header.txt - Add 0001-Fix-manpage-building-and-remove-glance-cache-manage.patch This fixes the manpage build which is needed after the removal of glancecachemanage.rst by upstream - Update to version openstack-heat-11.0.3.dev23: * Add retries when loading keystone data and fetching endpoints - Update to version openstack-heat-11.0.3.dev22: * Use connect\_retries when creating clients - Update to version openstack-heat-11.0.3.dev20: * Add retry for sync\_point\_update\_input\_data - Update to version openstack-heat-11.0.3.dev23: * Add retries when loading keystone data and fetching endpoints - Update to version openstack-heat-11.0.3.dev22: * Use connect\_retries when creating clients - Update to version openstack-heat-11.0.3.dev20: * Add retry for sync\_point\_update\_input\_data - Include heat_policy.json (bsc#1152032) * Fixed the unexpected error in Horizon when Heat dashboard is enabed - update to version 1.14.1~dev9 - Hide Graph Metric action of alarm when Grafana is not available - OpenDev Migration Patch - Update to version ironic-11.1.4.dev15: * Fix typo in handling of exception FailedToGetIPAddressOnPort - Update to version ironic-11.1.4.dev14: * DRAC: Fix OOB introspection to use pxe\_enabled flag in idrac driver * iLO firmware update fails with 'update\_firmware\_sum' clean step - Update to version ironic-11.1.4.dev10: * CI: remove quotation marks from TEMPEST\_PLUGINS variable - Update to version ironic-11.1.4.dev15: * Fix typo in handling of exception FailedToGetIPAddressOnPort - Update to version ironic-11.1.4.dev14: * DRAC: Fix OOB introspection to use pxe\_enabled flag in idrac driver * iLO firmware update fails with 'update\_firmware\_sum' clean step - Update to version ironic-11.1.4.dev10: * CI: remove quotation marks from TEMPEST\_PLUGINS variable - Update to version ironic-python-agent-3.3.3.dev5: * Fix compatibility with Pint 0.5 - Update to version keystone-14.1.1.dev16: * Fixing 404 URLs for Rocky - Update to version keystone-14.1.1.dev15: * Updating mapping rule link - Update to version keystone-14.1.1.dev13: * Fix python3 compatibility on LDAP search DN from id * Fixing dn\_to\_id function for cases were id is not in the DN - Update to version keystone-14.1.1.dev9: * Remove experimental openSUSE 42.3 job - Update to version keystone-14.1.1.dev16: * Fixing 404 URLs for Rocky - Update to version keystone-14.1.1.dev15: * Updating mapping rule link - Update to version keystone-14.1.1.dev13: * Fix python3 compatibility on LDAP search DN from id * Fixing dn\_to\_id function for cases were id is not in the DN - Update to version keystone-14.1.1.dev9: * Remove experimental openSUSE 42.3 job - Update to version manila-7.3.1.dev6: * Unmount NetApp active share after replica promote - Update to version manila-7.3.1.dev4: * Fixing broken links - Updateon manila-7.3.1.dev6: * Unmount NetApp active share after replica promote - Update to version manila-7.3.1.dev4: * Fixing broken links - Update to version neutron-13.0.5.dev50: * DVR: Cleanup ml2 dvr portbindings on migration - Update to version neutron-13.0.5.dev49: * Avoid unnecessary operation of ovsdb and flows - Update to version neutron-13.0.5.dev48: * Increase timeouts for OVSDB in functional tests - Update to version neutron-13.0.5.dev46: * Fix creation of vlan network with segmentation\_id set to 0 * Add info log about ready DHCP config for ports - Update to version neutron-13.0.5.dev42: * Check the namespace is ready in test\_mtu\_update tests * Create \_mech\_context before delete to avoid race - Update to version neutron-13.0.5.dev39: * ML2 plugin: extract and postpone limit in port query * Increase TestDhcpAgentHA.agent\_down\_time to 30 seconds - Update to version neutron-13.0.5.dev35: * Use created subnet in port generator in "test\_port\_ip\_update\_revises" - Update to version neutron-13.0.5.dev34: * Increase number of retries in \_process\_trunk\_subport\_bindings - Update to version neutron-13.0.5.dev33: * Filter placement API endpoint by type too - Update to version neutron-13.0.5.dev31: * Remove experimental openSUSE 42.3 job * Initialize phys bridges before setup\_rpc * Populate binding levels when concurrent ops fail * Make sure the port still in port map when prepare\_port\_filter * [DVR] Add lock during creation of FIP agent gateway port - Update to version neutron-13.0.5.dev50: * DVR: Cleanup ml2 dvr portbindings on migration - Update to version neutron-13.0.5.dev49: * Avoid unnecessary operation of ovsdb and flows - Update to version neutron-13.0.5.dev48: * Increase timeouts for OVSDB in functional tests - Update to version neutron-13.0.5.dev46: * Fix creation of vlan network with segmentation\_id set to 0 * Add info log about ready DHCP config for ports - Update to version neutron-13.0.5.dev42: * Check the namespace is ready in test\_mtu\_update tests * Create \_mech\_context before delete to avoid race - Update to version neutron-13.0.5.dev39: * ML2 plugin: extract and postpone limit in port query * Increase TestDhcpAgentHA.agent\_down\_time to 30 seconds - Update to version neutron-13.0.5.dev35: * Use created subnet in port generator in "test\_port\_ip\_update\_revises" - Update to version neutron-13.0.5.dev34: * Increase number of retries in \_process\_trunk\_subport\_bindings - Update to version neutron-13.0.5.dev33: * Filter placement API endpoint by type too - Update to version neutron-13.0.5.dev31: * Remove experimental openSUSE 42.3 job * Initialize phys bridges before setup\_rpc * Populate binding levels when concurrent ops fail * Make sure the port still in port map when prepare\_port\_filter * [DVR] Add lock during creation of FIP agent gateway port - Update to version group-based-policy-5.0.1.dev472: * [AIM] Fix HAIP RPC query - Update to version group-based-policy-5.0.1.dev471: * Fix implicit ICMPv6 Security Group Rules - Update to version group-based-policy-5.0.1.dev470: * Fixed snat port status to be ACTIVE and UP - Update to version group-based-policy-5.0.1.dev468: * Revert "Make DHCP provisioning blocks conditional" * Some refactoring regarding merge aim statuses - Update to version group-based-policy-5.0.1.dev464: * Verify aim\_epg exists before proceeding - Update to version group-based-policy-5.0.1.dev462: * Bulk extension support for - Update to version group-based-policy-5.0.1.dev461: * [AIM] Eliminate redundant router extension content - Update to version group-based-policy-5.0.1.dev460: * Fix for Commit 564905e49a0d418bc891f12b560e291a9fdc4acb 1. The method \_track\_connectivity returns nothing, so, self.track\_success is updated in the method itself - Update to version nova-18.2.3.dev22: * lxc: make use of filter python3 compatible * Fix rebuild of baremetal instance when vm\_state is ERROR * Fix wrong assertions in unit tests * Fix 'has\_calls' method calls in unit tests * Fix non-existent method of Mock * Retrun 400 if invalid query parameters are specified - Update to version nova-18.2.3.dev10: * doc: Fix a broken reference link - Update to version nova-18.2.3.dev9: * Restore soft-deleted compute node with same uuid * Add functional regression recreate test for bug 1839560 * rt: only map compute node if we created it - Update to version nova-18.2.3.dev3: * Remove experimental job on openSUSE 42.3 - Update to version nova-18.2.3.dev2: * Fix misuse of nova.objects.base.obj\_equal\_prims 18.2.2 * Don't generate service UUID for deleted services * Add 'path' query parameter to console access url * Replace non-nova server fault message * Avoid logging traceback when detach device not found * Fix python3 compatibility of rbd get\_fsid * Add functional regression test for bug 1778305 * Add functional recreate test for bug 1764556 * Cleanup when hitting MaxRetriesExceeded from no host\_available * Add functional regression test for bug 1837955 * Revert "[libvirt] Filter hypervisor\_type by virt\_type" * Avoid crashing while getting libvirt capabilities with unknown arch names * libvirt: move checking CONF.my\_ip to init\_host() * Revert resize: wait for events according to hybrid plug * docs: Correct issues with 'openstack quota set' commands * doc: Fix a parameter of NotificationPublisher * Perf: Use dicts for ProviderTree roots * Fix type error on call to mount device * Drop source node allocations if finish\_resize fails * Add functional recreate test for regression bug 1825537 * Stabilize unshelve notification sample tests * Ignore hw\_vif\_type for direct, direct-physical vNIC types * Fix double word hacking test * Disable limit if affinity(anti)/same(different)host is requested * Delete resource providers for all nodes when deleting compute service - Update to version nova-18.2.3.dev22: * lxc: make use of filter python3 compatible * Fix rebuild of baremetal instance when vm\_state is ERROR * Fix wrong assertions in unit tests * Fix 'has\_calls' method calls in unit tests * Fix non-existent method of Mock * Retrun 400 if invalid query parameters are specified - Update to version nova-18.2.3.dev10: * doc: Fix a broken reference link - Allow to attach more than 26 volumes (bsc#1118900) * This is a forward port from SOC7 * Add 0001-Add-method-to-generate-device-names-universally.patch * Add 0002-Raise-403-instead-of-500-error-from-attach-volume-AP.patch * Add 0003-Add-configuration-of-maximum-disk-devices-to-attach.patch - Update to version nova-18.2.3.dev9: * Restore soft-deleted compute node with same uuid * Add functional regression recreate test for bug 1839560 * rt: only map compute node if we created it - Update to version nova-18.2.3.dev3: * Remove experimental job on openSUSE 42.3 - Update to version nova-18.2.3.dev2: * Fix misuse of nova.objects.base.obj\_equal\_prims * Don't generate service UUID fed services * Add 'path' query parameter to console access url * Replace non-nova server fault message * Avoid logging traceback when detach device not found * Fix python3 compatibility of rbd get\_fsid * Add functional regression test for bug 1778305 * Add functional recreate test for bug 1764556 * Cleanup when hitting MaxRetriesExceeded from no host\_available * Add functional regression test for bug 1837955 * Revert "[libvirt] Filter hypervisor\_type by virt\_type" * Avoid crashing while getting libvirt capabilities with unknown arch names * libvirt: move checking CONF.my\_ip to init\_host() * Revert resize: wait for events according to hybrid plug * docs: Correct issues with 'openstack quota set' commands * doc: Fix a parameter of NotificationPublisher * Perf: Use dicts for ProviderTree roots * Fix type error on call to mount device * Drop source node allocations if finish\_resize fails * Add functional recreate test for regression bug 1825537 * Stabilize unshelve notification sample tests * Ignore hw\_vif\_type for direct, direct-physical vNIC types * Fix double word hacking test * Disable limit if affinity(anti)/same(different)host is requested * Delete resource providers for all nodes when deleting compute service - remove 0001-Skip-to-remove-resource-provider-if-compute-node-not.patch: was only for an internal problem that we solved otherwise, and didn't go upstream. - Update to version octavia-3.1.2.dev45: * Fix member API handling of None/null updates - Update to version octavia-3.1.2.dev43: * Validate server\_certs\_key\_passphrase is 32 chars * Work around strptime threading issue * Fix base (VRRP) port abandoned on revert - Update to version octavia-3.1.2.dev38: * Do not run non-voting jobs in gate * Fix l7rule API handling of None updates * Fix template that generates vrrp check script * elements: add arch property for \`\`open-vm-tools\`\` - Update to version octavia-3.1.2.dev30: * Prevent UDP LBs to use different IP protocol versions in amphora driver * Fixed down server issue after reloading keepalived * Fixed pool and members status with UDP loadbalancers * Add support for monitor\_{address,port} in UDP members * Fix auto setup Barbican's ACL in the legacy driver - Update to version octavia-3.1.2.dev20: * Fix L7 repository create methods - Update to version octavia-3.1.2.dev18: * Add warning log if auth\_strategy is not keystone - Update to version octavia-3.1.2.dev16: * Add failover logging to show the amphora details - Update to version octavia-3.1.2.dev14: * Revert "Use the infra pypi mirror for DIB" - Update to version octavia-3.1.2.dev12: * Use the infra pypi mirror for DIB - Update to version octavia-3.1.2.dev10: * only rollback DB when we have a connection to the DB - Update to version octavia-3.1.2.dev9: * worker: Re-add FailoverPreparationForAmphora - Update to version sahara-9.0.2.dev12: * Fixing broken links and removing outdated driver * Fix requirements (bandit, sphinx) * OpenDev Migration Patch - Update to version sahara-9.0.2.dev12: * Fixing broken links and removing outdated driver * Fix requirements (bandit, sphinx) * OpenDev Migration Patch - Add 0001-Handle-path-query-parameter-for-test_novnc.patch - update to version 1.12.1~dev19 - fix test failure with ironic client - OpenDev Migration Patch - pass default_config_dirs variable for config initialization. - Update Dependencies. There are number of client packages that are required by watcher ino function correctly. (SOC-4183) - update to version 1.12.1~dev15 - Provide two arguments to exception's message - Replace openstack.org git:// URLs with https:// - set watcherclient no voting - Access to action's uuid by key - make ceilometer client import optional - add the systemd unit files for openstack-watcher-api, openstack-watcher-applier, and openstack-watcher-decision-engine - Update to version 9.0+git.1568955483.5f039e4: * subnet/netmaks OR cidr are acceptable in baremetal input model (SOC-10615) - added 0001-Remove-redundant-cleanups-in-test_volume_backup.patch and 0001-GET-backup-before-asserting-volume_id-and-snapshot_id.patch - Add missing dependency on python-six (bsc#1150895) rubygem-easy_diff: - updated to version 1.0.0 - Unmerge Arrays containing Hashes - Handle duplicate values in arrays correctly - updated to version 0.0.6 - Fix merging arrays of hashes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2562=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2562=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): crowbar-ha-6.0+git.1567673476.1342c3d-3.10.1 crowbar-openstack-6.0+git.1569805311.a94583476-3.10.1 crowbar-ui-1.3.0+git.1568396400.0344a727-11.1 grafana-monasca-ui-drilldown-1.14.1~dev9-3.6.1 novnc-1.1.0-3.3.1 openstack-cinder-13.0.7~dev16-3.10.2 openstack-cinder-api-13.0.7~dev16-3.10.2 openstack-cinder-backup-13.0.7~dev16-3.10.2 openstack-cinder-scheduler-13.0.7~dev16-3.10.2 openstack-cinder-volume-13.0.7~dev16-3.10.2 openstack-dashboard-14.0.4~dev11-3.6.2 openstack-designate-7.0.1~dev22-3.10.2 openstack-designate-agent-7.0.1~dev22-3.10.2 openstack-designate-api-7.0.1~dev22-3.10.2 openstack-designate-central-7.0.1~dev22-3.10.2 openstack-designate-producer-7.0.1~dev22-3.10.2 openstack-designate-sink-7.0.1~dev22-3.10.2 openstack-designate-worker-7.0.1~dev22-3.10.2 openstack-glance-17.0.1~dev30-3.3.2 openstack-glance-api-17.0.1~dev30-3.3.2 openstack-heat-11.0.3~dev23-3.10.2 openstack-heat-api-11.0.3~dev23-3.10.2 openstack-heat-api-cfn-11.0.3~dev23-3.10.2 openstack-heat-engine-11.0.3~dev23-3.10.2 openstack-heat-plugin-heat_docker-11.0.3~dev23-3.10.2 openstack-horizon-plugin-heat-ui-1.4.1~dev4-4.6.1 openstack-horizon-plugin-monasca-ui-1.14.1~dev9-3.6.1 openstack-ironic-11.1.4~dev15-3.10.2 openstack-ironic-api-11.1.4~dev15-3.10.2 openstack-ironic-conductor-11.1.4~dev15-3.10.2 openstack-ironic-python-agent-3.3.3~dev5-3.10.2 openstack-keystone-14.1.1~dev16-3.10.2 openstack-manila-7.3.1~dev6-4.10.2 openstack-manila-api-7.3.1~dev6-4.10.2 openstack-manila-data-7.3.1~dev6-4.10.2 openstack-manila-scheduler-7.3.1~dev6-4.10.2 openstack-manila-share-7.3.1~dev6-4.10.2 openstack-neutron-13.0.5~dev50-3.10.2 openstack-neutron-dhcp-agent-13.0.5~dev50-3.10.2 openstack-neutron-gbp-5.0.1~dev472-3.10.2 openstack-neutron-ha-tool-13.0.5~dev50-3.10.2 openstack-neutron-l3-agent-13.0.5~dev50-3.10.2 openstack-neutron-linuxbridge-agent-13.0.5~dev50-3.10.2 openstack-neutron-macvtap-agent-13.0.5~dev50-3.10.2 openstack-neutron-metadata-agent-13.0.5~dev50-3.10.2 openstack-neutron-metering-agent-13.0.5~dev50-3.10.2 openstack-neutron-openvswitch-agent-13.0.5~dev50-3.10.2 openstack-neutron-server-13.0.5~dev50-3.10.2 openstack-nova-18.2.3~dev22-3.10.2 openstack-nova-api-18.2.3~dev22-3.10.2 openstack-nova-cells-18.2.3~dev22-3.10.2 openstack-nova-compute-18.2.3~dev22-3.10.2 openstack-nova-conductor-18.2.3~dev22-3.10.2 openstack-nova-console-18.2.3~dev22-3.10.2 openstack-nova-novncproxy-18.2.3~dev22-3.10.2 openstack-nova-placement-api-18.2.3~dev22-3.10.2 openstack-nova-scheduler-18.2.3~dev22-3.10.2 openstack-nova-serialproxy-18.2.3~dev22-3.10.2 openstack-nova-vncproxy-18.2.3~dev22-3.10.2 openstack-octavia-3.1.2~dev45-3.10.2 openstack-octavia-amphora-agent-3.1.2~dev45-3.10.2 openstack-octavia-api-3.1.2~dev45-3.10.2 openstack-octavia-health-manager-3.1.2~dev45-3.10.2 openstack-octavia-housekeeping-3.1.2~dev45-3.10.2 openstack-octavia-worker-3.1.2~dev45-3.10.2 openstack-sahara-9.0.2~dev12-3.3.2 openstack-sahara-api-9.0.2~dev12-3.3.2 openstack-sahara-engine-9.0.2~dev12-3.3.2 openstack-tempest-19.0.0-15.2 openstack-tempest-test-19.0.0-15.2 openstack-watcher-1.12.1~dev19-4.3.2 openstack-watcher-doc-1.12.1~dev19-4.3.2 python-cinder-13.0.7~dev16-3.10.2 python-cinder-tempest-plugin-0.1.0-11.1 python-designate-7.0.1~dev22-3.10.2 python-glance-17.0.1~dev30-3.3.2 python-heat-11.0.3~dev23-3.10.2 python-horizon-14.0.4~dev11-3.6.2 python-horizon-plugin-heat-ui-1.4.1~dev4-4.6.1 python-horizon-plugin-monasca-ui-1.14.1~dev9-3.6.1 python-ironic-11.1.4~dev15-3.10.2 python-keystone-14.1.1~dev16-3.10.2 python-manila-7.3.1~dev6-4.10.2 python-neutron-13.0.5~dev50-3.10.2 python-neutron-gbp-5.0.1~dev472-3.10.2 python-nova-18.2.3~dev22-3.10.2 python-octavia-3.1.2~dev45-3.10.2 python-openstack_auth-14.0.4~dev11-3.6.2 python-sahara-9.0.2~dev12-3.3.2 python-tempest-19.0.0-15.2 python-urllib3-1.23-3.9.1 python-watcher-1.12.1~dev19-4.3.2 - SUSE OpenStack Cloud Crowbar 9 (x86_64): crowbar-core-6.0+git.1569587091.3f083d63c-3.10.1 crowbar-core-branding-upstream-6.0+git.1569587091.3f083d63c-3.10.1 grafana-6.2.5-3.6.1 grafana-debuginfo-6.2.5-3.6.1 ruby2.1-rubygem-easy_diff-1.0.0-4.3.2 - SUSE OpenStack Cloud 9 (noarch): ansible1-1.9.6-9.3.1 ardana-ansible-9.0+git.1568385829.54601ac-3.10.1 ardana-cluster-9.0+git.1568150980.027f167-3.10.1 ardana-db-9.0+git.1568382922.6f2cea4-3.10.1 ardana-extensions-nsx-9.0+git.1568830037.2eea267-11.1 ardana-glance-9.0+git.1567000146.4569d10-3.10.1 ardana-input-model-9.0+git.1566409257.eec6360-3.10.1 ardana-installer-ui-9.0+git.1569535129.ca87ef0-3.10.1 ardana-installer-ui-debugsource-9.0+git.1569535129.ca87ef0-3.10.1 ardana-manila-9.0+git.1568835830.10c9689-3.6.1 ardana-monasca-9.0+git.1567695427.5974ab2-3.10.1 ardana-neutron-9.0+git.1568817582.a4813e2-3.10.1 ardana-nova-9.0+git.1567630824.aa6dc2d-3.10.1 ardana-octavia-9.0+git.1568362662.7fba216-3.10.1 ardana-opsconsole-ui-9.0+git.1566593422.813e56c-4.10.1 ardana-osconfig-9.0+git.1567630791.5ca70a6-3.10.1 ardana-service-9.0+git.1569439941.6800991-3.10.1 ardana-tls-9.0+git.1569257240.456c4fc-3.6.1 grafana-monasca-ui-drilldown-1.14.1~dev9-3.6.1 novnc-1.1.0-3.3.1 openstack-cinder-13.0.7~dev16-3.10.2 openstack-cinder-api-13.0.7~dev16-3.10.2 openstack-cinder-backup-13.0.7~dev16-3.10.2 openstack-cinder-scheduler-13.0.7~dev16-3.10.2 openstack-cinder-volume-13.0.7~dev16-3.10.2 openstack-dashboard-14.0.4~dev11-3.6.2 openstack-designate-7.0.1~dev22-3.10.2 openstack-designate-agent-7.0.1~dev22-3.10.2 openstack-designate-api-7.0.1~dev22-3.10.2 openstack-designate-central-7.0.1~dev22-3.10.2 openstack-designate-producer-7.0.1~dev22-3.10.2 openstack-designate-sink-7.0.1~dev22-3.10.2 openstack-designate-worker-7.0.1~dev22-3.10.2 openstack-glance-17.0.1~dev30-3.3.2 openstack-glance-api-17.0.1~dev30-3.3.2 openstack-heat-11.0.3~dev23-3.10.2 openstack-heat-api-11.0.3~dev23-3.10.2 openstack-heat-api-cfn-11.0.3~dev23-3.10.2 openstack-heat-engine-11.0.3~dev23-3.10.2 openstack-heat-plugin-heat_docker-11.0.3~dev23-3.10.2 openstack-horizon-plugin-heat-ui-1.4.1~dev4-4.6.1 openstack-horizon-plugin-monasca-ui-1.14.1~dev9-3.6.1 openstack-ironic-11.1.4~dev15-3.10.2 openstack-ironic-api-11.1.4~dev15-3.10.2 openstack-ironic-conductor-11.1.4~dev15-3.10.2 openstack-ironic-python-agent-3.3.3~dev5-3.10.2 openstack-keystone-14.1.1~dev16-3.10.2 openstack-manila-7.3.1~dev6-4.10.2 openstack-manila-api-7.3.1~dev6-4.10.2 openstack-manila-data-7.3.1~dev6-4.10.2 openstack-manila-scheduler-7.3.1~dev6-4.10.2 openstack-manila-share-7.3.1~dev6-4.10.2 openstack-neutron-13.0.5~dev50-3.10.2 openstack-neutron-dhcp-agent-13.0.5~dev50-3.10.2 openstack-neutron-gbp-5.0.1~dev472-3.10.2 openstack-neutron-ha-tool-13.0.5~dev50-3.10.2 openstack-neutron-l3-agent-13.0.5~dev50-3.10.2 openstack-neutron-linuxbridge-agent-13.0.5~dev50-3.10.2 openstack-neutron-macvtap-agent-13.0.5~dev50-3.10.2 openstack-neutron-metadata-agent-13.0.5~dev50-3.10.2 openstack-neutron-metering-agent-13.0.5~dev50-3.10.2 openstack-neutron-openvswitch-agent-13.0.5~dev50-3.10.2 openstack-neutron-server-13.0.5~dev50-3.10.2 openstack-nova-18.2.3~dev22-3.10.2 openstack-nova-api-18.2.3~dev22-3.10.2 openstack-nova-cells-18.2.3~dev22-3.10.2 openstack-nova-compute-18.2.3~dev22-3.10.2 openstack-nova-conductor-18.2.3~dev22-3.10.2 openstack-nova-console-18.2.3~dev22-3.10.2 openstack-nova-novncproxy-18.2.3~dev22-3.10.2 openstack-nova-placement-api-18.2.3~dev22-3.10.2 openstack-nova-scheduler-18.2.3~dev22-3.10.2 openstack-nova-serialproxy-18.2.3~dev22-3.10.2 openstack-nova-vncproxy-18.2.3~dev22-3.10.2 openstack-octavia-3.1.2~dev45-3.10.2 openstack-octavia-amphora-agent-3.1.2~dev45-3.10.2 openstack-octavia-api-3.1.2~dev45-3.10.2 openstack-octavia-health-manager-3.1.2~dev45-3.10.2 openstack-octavia-housekeeping-3.1.2~dev45-3.10.2 openstack-octavia-worker-3.1.2~dev45-3.10.2 openstack-sahara-9.0.2~dev12-3.3.2 openstack-sahara-api-9.0.2~dev12-3.3.2 openstack-sahara-engine-9.0.2~dev12-3.3.2 openstack-tempest-19.0.0-15.2 openstack-tempest-test-19.0.0-15.2 openstack-watcher-1.12.1~dev19-4.3.2 openstack-watcher-doc-1.12.1~dev19-4.3.2 python-ardana-configurationprocessor-9.0+git.1568955483.5f039e4-3.11.1 python-cinder-13.0.7~dev16-3.10.2 python-cinder-tempest-plugin-0.1.0-11.1 python-designate-7.0.1~dev22-3.10.2 python-glance-17.0.1~dev30-3.3.2 python-heat-11.0.3~dev23-3.10.2 python-horizon-14.0.4~dev11-3.6.2 python-horizon-plugin-heat-ui-1.4.1~dev4-4.6.1 python-horizon-plugin-monasca-ui-1.14.1~dev9-3.6.1 python-ironic-11.1.4~dev15-3.10.2 python-keystone-14.1.1~dev16-3.10.2 python-manila-7.3.1~dev6-4.10.2 python-neutron-13.0.5~dev50-3.10.2 python-neutron-gbp-5.0.1~dev472-3.10.2 python-nova-18.2.3~dev22-3.10.2 python-octavia-3.1.2~dev45-3.10.2 python-openstack_auth-14.0.4~dev11-3.6.2 python-sahara-9.0.2~dev12-3.3.2 python-tempest-19.0.0-15.2 python-urllib3-1.23-3.9.1 python-watcher-1.12.1~dev19-4.3.2 venv-openstack-barbican-x86_64-7.0.1~dev18-3.9.1 venv-openstack-cinder-x86_64-13.0.7~dev16-3.9.1 venv-openstack-designate-x86_64-7.0.1~dev22-3.9.1 venv-openstack-glance-x86_64-17.0.1~dev30-3.9.1 venv-openstack-heat-x86_64-11.0.3~dev23-3.9.1 venv-openstack-horizon-x86_64-14.0.4~dev11-4.9.1 venv-openstack-ironic-x86_64-11.1.4~dev15-4.9.1 venv-openstack-keystone-x86_64-14.1.1~dev16-3.9.1 venv-openstack-magnum-x86_64-7.1.1~dev28-4.9.1 venv-openstack-manila-x86_64-7.3.1~dev6-3.9.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.9.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.9.1 venv-openstack-neutron-x86_64-13.0.5~dev50-6.9.1 venv-openstack-nova-x86_64-18.2.3~dev22-3.9.1 venv-openstack-octavia-x86_64-3.1.2~dev45-4.9.1 venv-openstack-sahara-x86_64-9.0.2~dev12-3.9.1 venv-openstack-swift-x86_64-2.19.2~dev1-2.6.1 - SUSE OpenStack Cloud 9 (x86_64): grafana-6.2.5-3.6.1 grafana-debuginfo-6.2.5-3.6.1 References: https://bugzilla.suse.com/1118900 https://bugzilla.suse.com/1119737 https://bugzilla.suse.com/1120657 https://bugzilla.suse.com/1140267 https://bugzilla.suse.com/1145967 https://bugzilla.suse.com/1147144 https://bugzilla.suse.com/1148158 https://bugzilla.suse.com/1150895 https://bugzilla.suse.com/1152032 From sle-security-updates at lists.suse.com Fri Oct 4 10:21:36 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 4 Oct 2019 18:21:36 +0200 (CEST) Subject: SUSE-SU-2019:2561-1: moderate: Security update for openssl-1_0_0 Message-ID: <20191004162136.D6235F7C7@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2561-1 Rating: moderate References: #1131291 #1150003 #1150250 Cross-References: CVE-2019-1547 CVE-2019-1563 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for openssl-1_0_0 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2561=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2561=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2561=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-2561=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2561=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libopenssl1_0_0-hmac-1.0.2p-3.22.1 libopenssl1_0_0-steam-1.0.2p-3.22.1 libopenssl1_0_0-steam-debuginfo-1.0.2p-3.22.1 openssl-1_0_0-cavs-1.0.2p-3.22.1 openssl-1_0_0-cavs-debuginfo-1.0.2p-3.22.1 openssl-1_0_0-debuginfo-1.0.2p-3.22.1 openssl-1_0_0-debugsource-1.0.2p-3.22.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libopenssl-1_0_0-devel-32bit-1.0.2p-3.22.1 libopenssl1_0_0-32bit-1.0.2p-3.22.1 libopenssl1_0_0-32bit-debuginfo-1.0.2p-3.22.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.22.1 libopenssl1_0_0-steam-32bit-1.0.2p-3.22.1 libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-3.22.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): openssl-1_0_0-doc-1.0.2p-3.22.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libopenssl1_0_0-hmac-1.0.2p-3.22.1 libopenssl1_0_0-steam-1.0.2p-3.22.1 libopenssl1_0_0-steam-debuginfo-1.0.2p-3.22.1 openssl-1_0_0-cavs-1.0.2p-3.22.1 openssl-1_0_0-cavs-debuginfo-1.0.2p-3.22.1 openssl-1_0_0-debuginfo-1.0.2p-3.22.1 openssl-1_0_0-debugsource-1.0.2p-3.22.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): openssl-1_0_0-doc-1.0.2p-3.22.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.22.1 libopenssl1_0_0-1.0.2p-3.22.1 libopenssl1_0_0-debuginfo-1.0.2p-3.22.1 openssl-1_0_0-1.0.2p-3.22.1 openssl-1_0_0-debuginfo-1.0.2p-3.22.1 openssl-1_0_0-debugsource-1.0.2p-3.22.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.22.1 libopenssl1_0_0-1.0.2p-3.22.1 libopenssl1_0_0-debuginfo-1.0.2p-3.22.1 openssl-1_0_0-1.0.2p-3.22.1 openssl-1_0_0-debuginfo-1.0.2p-3.22.1 openssl-1_0_0-debugsource-1.0.2p-3.22.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl1_0_0-1.0.2p-3.22.1 libopenssl1_0_0-debuginfo-1.0.2p-3.22.1 openssl-1_0_0-debuginfo-1.0.2p-3.22.1 openssl-1_0_0-debugsource-1.0.2p-3.22.1 References: https://www.suse.com/security/cve/CVE-2019-1547.html https://www.suse.com/security/cve/CVE-2019-1563.html https://bugzilla.suse.com/1131291 https://bugzilla.suse.com/1150003 https://bugzilla.suse.com/1150250 From sle-security-updates at lists.suse.com Fri Oct 4 10:22:43 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 4 Oct 2019 18:22:43 +0200 (CEST) Subject: SUSE-SU-2019:2559-1: moderate: Security update for nginx Message-ID: <20191004162243.61131F7BE@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2559-1 Rating: moderate References: #1145579 #1145580 #1145582 Cross-References: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579). - CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580). - CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2559=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2559=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): nginx-1.14.2-3.6.1 nginx-debuginfo-1.14.2-3.6.1 nginx-debugsource-1.14.2-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): vim-plugin-nginx-1.14.2-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-9511.html https://www.suse.com/security/cve/CVE-2019-9513.html https://www.suse.com/security/cve/CVE-2019-9516.html https://bugzilla.suse.com/1145579 https://bugzilla.suse.com/1145580 https://bugzilla.suse.com/1145582 From sle-security-updates at lists.suse.com Fri Oct 4 10:25:18 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 4 Oct 2019 18:25:18 +0200 (CEST) Subject: SUSE-SU-2019:2558-1: moderate: Security update for compat-openssl098 Message-ID: <20191004162518.EF30DF7BE@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2558-1 Rating: moderate References: #1150003 #1150250 Cross-References: CVE-2019-1547 CVE-2019-1563 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for compat-openssl098 fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-2558=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2558=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2558=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2558=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2019-2558=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2558=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): compat-openssl098-debugsource-0.9.8j-106.15.1 libopenssl0_9_8-0.9.8j-106.15.1 libopenssl0_9_8-debuginfo-0.9.8j-106.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): compat-openssl098-debugsource-0.9.8j-106.15.1 libopenssl0_9_8-0.9.8j-106.15.1 libopenssl0_9_8-debuginfo-0.9.8j-106.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): compat-openssl098-debugsource-0.9.8j-106.15.1 libopenssl0_9_8-0.9.8j-106.15.1 libopenssl0_9_8-debuginfo-0.9.8j-106.15.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): compat-openssl098-debugsource-0.9.8j-106.15.1 libopenssl0_9_8-0.9.8j-106.15.1 libopenssl0_9_8-debuginfo-0.9.8j-106.15.1 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-106.15.1 libopenssl0_9_8-0.9.8j-106.15.1 libopenssl0_9_8-32bit-0.9.8j-106.15.1 libopenssl0_9_8-debuginfo-0.9.8j-106.15.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): compat-openssl098-debugsource-0.9.8j-106.15.1 libopenssl0_9_8-0.9.8j-106.15.1 libopenssl0_9_8-32bit-0.9.8j-106.15.1 libopenssl0_9_8-debuginfo-0.9.8j-106.15.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.15.1 References: https://www.suse.com/security/cve/CVE-2019-1547.html https://www.suse.com/security/cve/CVE-2019-1563.html https://bugzilla.suse.com/1150003 https://bugzilla.suse.com/1150250 From sle-security-updates at lists.suse.com Tue Oct 8 07:12:32 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Oct 2019 15:12:32 +0200 (CEST) Subject: SUSE-SU-2019:2572-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15) Message-ID: <20191008131232.9BFB0F796@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2572-1 Rating: important References: #1149841 #1151021 Cross-References: CVE-2019-14835 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.12.14-150_17 fixes several issues. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-2573=1 SUSE-SLE-Module-Live-Patching-15-SP1-2019-2574=1 SUSE-SLE-Module-Live-Patching-15-SP1-2019-2575=1 SUSE-SLE-Module-Live-Patching-15-SP1-2019-2576=1 SUSE-SLE-Module-Live-Patching-15-SP1-2019-2587=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-2570=1 SUSE-SLE-Module-Live-Patching-15-2019-2572=1 SUSE-SLE-Module-Live-Patching-15-2019-2577=1 SUSE-SLE-Module-Live-Patching-15-2019-2578=1 SUSE-SLE-Module-Live-Patching-15-2019-2580=1 SUSE-SLE-Module-Live-Patching-15-2019-2581=1 SUSE-SLE-Module-Live-Patching-15-2019-2584=1 SUSE-SLE-Module-Live-Patching-15-2019-2585=1 SUSE-SLE-Module-Live-Patching-15-2019-2586=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-2571=1 SUSE-SLE-Live-Patching-12-SP4-2019-2579=1 SUSE-SLE-Live-Patching-12-SP4-2019-2582=1 SUSE-SLE-Live-Patching-12-SP4-2019-2583=1 SUSE-SLE-Live-Patching-12-SP4-2019-2588=1 SUSE-SLE-Live-Patching-12-SP4-2019-2589=1 SUSE-SLE-Live-Patching-12-SP4-2019-2590=1 SUSE-SLE-Live-Patching-12-SP4-2019-2591=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-195-default-6-16.1 kernel-livepatch-4_12_14-197_10-default-2-2.1 kernel-livepatch-4_12_14-197_15-default-2-2.1 kernel-livepatch-4_12_14-197_4-default-5-2.1 kernel-livepatch-4_12_14-197_7-default-4-2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_14-default-4-2.1 kernel-livepatch-4_12_14-150_14-default-debuginfo-4-2.1 kernel-livepatch-4_12_14-150_17-default-4-2.1 kernel-livepatch-4_12_14-150_17-default-debuginfo-4-2.1 kernel-livepatch-4_12_14-150_22-default-3-2.1 kernel-livepatch-4_12_14-150_22-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-150_27-default-2-2.1 kernel-livepatch-4_12_14-150_27-default-debuginfo-2-2.1 kernel-livepatch-4_12_14-150_32-default-2-2.1 kernel-livepatch-4_12_14-150_32-default-debuginfo-2-2.1 kernel-livepatch-4_12_14-25_19-default-8-2.1 kernel-livepatch-4_12_14-25_19-default-debuginfo-8-2.1 kernel-livepatch-4_12_14-25_22-default-7-2.1 kernel-livepatch-4_12_14-25_22-default-debuginfo-7-2.1 kernel-livepatch-4_12_14-25_25-default-6-2.1 kernel-livepatch-4_12_14-25_25-default-debuginfo-6-2.1 kernel-livepatch-4_12_14-25_28-default-5-2.1 kernel-livepatch-4_12_14-25_28-default-debuginfo-5-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-94_41-default-7-2.19.1 kgraft-patch-4_12_14-94_41-default-debuginfo-7-2.19.1 kgraft-patch-4_12_14-95_13-default-4-2.1 kgraft-patch-4_12_14-95_16-default-4-2.1 kgraft-patch-4_12_14-95_19-default-3-2.1 kgraft-patch-4_12_14-95_24-default-2-2.1 kgraft-patch-4_12_14-95_29-default-2-2.1 kgraft-patch-4_12_14-95_3-default-6-2.1 kgraft-patch-4_12_14-95_6-default-5-2.1 kgraft-patch-SLE12-SP4_Update_0-debugsource-7-2.19.1 References: https://www.suse.com/security/cve/CVE-2019-14835.html https://bugzilla.suse.com/1149841 https://bugzilla.suse.com/1151021 From sle-security-updates at lists.suse.com Tue Oct 8 10:13:20 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Oct 2019 18:13:20 +0200 (CEST) Subject: SUSE-SU-2019:2601-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) Message-ID: <20191008161320.B4E18F796@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2601-1 Rating: important References: #1102682 #1151021 Cross-References: CVE-2018-5390 CVE-2019-14835 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). - CVE-2018-5390: Fixed a denial of service ("SegmentSmack") in tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2601=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2601=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_120-default-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_120-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2019-14835.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1151021 From sle-security-updates at lists.suse.com Tue Oct 8 10:14:16 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Oct 2019 18:14:16 +0200 (CEST) Subject: SUSE-SU-2019:2617-1: moderate: Security update for kubernetes, patchinfo Message-ID: <20191008161416.05549F796@maintenance.suse.de> SUSE Security Update: Security update for kubernetes, patchinfo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2617-1 Rating: moderate References: #1131001 #1147142 Cross-References: CVE-2019-9512 CVE-2019-9514 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for kubernetes, patchinfo fixes the following issues: Security issues fixed: - CVE-2019-9512: Fixed HTTP/2 reset flood vulnerability. (bsc#1147142) - CVE-2019-9514: Fixed HTTP/2 ping frame flood vulnerability. (bsc#1147142) Non-security issue fixed: - Added ipset package dependency for kube-proxy. (bsc#1131001) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): kubernetes-client-1.10.11-4.14.1 kubernetes-common-1.10.11-4.14.1 kubernetes-kubelet-1.10.11-4.14.1 kubernetes-master-1.10.11-4.14.1 kubernetes-node-1.10.11-4.14.1 References: https://www.suse.com/security/cve/CVE-2019-9512.html https://www.suse.com/security/cve/CVE-2019-9514.html https://bugzilla.suse.com/1131001 https://bugzilla.suse.com/1147142 From sle-security-updates at lists.suse.com Tue Oct 8 10:15:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Oct 2019 18:15:19 +0200 (CEST) Subject: SUSE-SU-2019:2613-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP1) Message-ID: <20191008161519.E054CF796@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2613-1 Rating: important References: #1151021 Cross-References: CVE-2019-14835 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.74-60_64_107 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2593=1 SUSE-SLE-SAP-12-SP2-2019-2594=1 SUSE-SLE-SAP-12-SP2-2019-2604=1 SUSE-SLE-SAP-12-SP2-2019-2605=1 SUSE-SLE-SAP-12-SP2-2019-2613=1 SUSE-SLE-SAP-12-SP2-2019-2614=1 SUSE-SLE-SAP-12-SP2-2019-2615=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2592=1 SUSE-SLE-SAP-12-SP1-2019-2595=1 SUSE-SLE-SAP-12-SP1-2019-2596=1 SUSE-SLE-SAP-12-SP1-2019-2597=1 SUSE-SLE-SAP-12-SP1-2019-2598=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2593=1 SUSE-SLE-SERVER-12-SP2-2019-2594=1 SUSE-SLE-SERVER-12-SP2-2019-2604=1 SUSE-SLE-SERVER-12-SP2-2019-2605=1 SUSE-SLE-SERVER-12-SP2-2019-2613=1 SUSE-SLE-SERVER-12-SP2-2019-2614=1 SUSE-SLE-SERVER-12-SP2-2019-2615=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2592=1 SUSE-SLE-SERVER-12-SP1-2019-2595=1 SUSE-SLE-SERVER-12-SP1-2019-2596=1 SUSE-SLE-SERVER-12-SP1-2019-2597=1 SUSE-SLE-SERVER-12-SP1-2019-2598=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_101-default-5-2.1 kgraft-patch-4_4_121-92_104-default-5-2.1 kgraft-patch-4_4_121-92_109-default-5-2.1 kgraft-patch-4_4_121-92_114-default-4-2.1 kgraft-patch-4_4_121-92_117-default-3-2.1 kgraft-patch-4_4_121-92_95-default-8-2.1 kgraft-patch-4_4_121-92_98-default-7-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_107-default-9-2.1 kgraft-patch-3_12_74-60_64_107-xen-9-2.1 kgraft-patch-3_12_74-60_64_110-default-5-2.1 kgraft-patch-3_12_74-60_64_110-xen-5-2.1 kgraft-patch-3_12_74-60_64_115-default-4-2.1 kgraft-patch-3_12_74-60_64_115-xen-4-2.1 kgraft-patch-3_12_74-60_64_118-default-2-2.1 kgraft-patch-3_12_74-60_64_118-xen-2-2.1 kgraft-patch-3_12_74-60_64_121-default-2-2.1 kgraft-patch-3_12_74-60_64_121-xen-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_101-default-5-2.1 kgraft-patch-4_4_121-92_104-default-5-2.1 kgraft-patch-4_4_121-92_109-default-5-2.1 kgraft-patch-4_4_121-92_114-default-4-2.1 kgraft-patch-4_4_121-92_117-default-3-2.1 kgraft-patch-4_4_121-92_95-default-8-2.1 kgraft-patch-4_4_121-92_98-default-7-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_107-default-9-2.1 kgraft-patch-3_12_74-60_64_107-xen-9-2.1 kgraft-patch-3_12_74-60_64_110-default-5-2.1 kgraft-patch-3_12_74-60_64_110-xen-5-2.1 kgraft-patch-3_12_74-60_64_115-default-4-2.1 kgraft-patch-3_12_74-60_64_115-xen-4-2.1 kgraft-patch-3_12_74-60_64_118-default-2-2.1 kgraft-patch-3_12_74-60_64_118-xen-2-2.1 kgraft-patch-3_12_74-60_64_121-default-2-2.1 kgraft-patch-3_12_74-60_64_121-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-14835.html https://bugzilla.suse.com/1151021 From sle-security-updates at lists.suse.com Tue Oct 8 10:16:23 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Oct 2019 18:16:23 +0200 (CEST) Subject: SUSE-SU-2019:2600-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP3) Message-ID: <20191008161623.F04ABF796@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2600-1 Rating: important References: #1145604 #1151021 Cross-References: CVE-2017-18379 CVE-2019-14835 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_100 fixes several issues. The following security issues were fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). - CVE-2017-18379: Fixed an out of boundary access that happened in drivers/nvme/target/fc.c (bsc#1145604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2599=1 SUSE-SLE-SAP-12-SP3-2019-2600=1 SUSE-SLE-SAP-12-SP3-2019-2602=1 SUSE-SLE-SAP-12-SP3-2019-2603=1 SUSE-SLE-SAP-12-SP3-2019-2606=1 SUSE-SLE-SAP-12-SP3-2019-2607=1 SUSE-SLE-SAP-12-SP3-2019-2608=1 SUSE-SLE-SAP-12-SP3-2019-2609=1 SUSE-SLE-SAP-12-SP3-2019-2610=1 SUSE-SLE-SAP-12-SP3-2019-2611=1 SUSE-SLE-SAP-12-SP3-2019-2612=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2599=1 SUSE-SLE-SERVER-12-SP3-2019-2600=1 SUSE-SLE-SERVER-12-SP3-2019-2602=1 SUSE-SLE-SERVER-12-SP3-2019-2603=1 SUSE-SLE-SERVER-12-SP3-2019-2606=1 SUSE-SLE-SERVER-12-SP3-2019-2607=1 SUSE-SLE-SERVER-12-SP3-2019-2608=1 SUSE-SLE-SERVER-12-SP3-2019-2609=1 SUSE-SLE-SERVER-12-SP3-2019-2610=1 SUSE-SLE-SERVER-12-SP3-2019-2611=1 SUSE-SLE-SERVER-12-SP3-2019-2612=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_156-94_57-default-8-2.1 kgraft-patch-4_4_156-94_57-default-debuginfo-8-2.1 kgraft-patch-4_4_156-94_61-default-8-2.1 kgraft-patch-4_4_156-94_61-default-debuginfo-8-2.1 kgraft-patch-4_4_156-94_64-default-7-2.1 kgraft-patch-4_4_156-94_64-default-debuginfo-7-2.1 kgraft-patch-4_4_162-94_69-default-6-2.1 kgraft-patch-4_4_162-94_69-default-debuginfo-6-2.1 kgraft-patch-4_4_162-94_72-default-6-2.1 kgraft-patch-4_4_162-94_72-default-debuginfo-6-2.1 kgraft-patch-4_4_175-94_79-default-5-2.1 kgraft-patch-4_4_175-94_79-default-debuginfo-5-2.1 kgraft-patch-4_4_176-94_88-default-4-2.1 kgraft-patch-4_4_176-94_88-default-debuginfo-4-2.1 kgraft-patch-4_4_178-94_91-default-4-2.1 kgraft-patch-4_4_178-94_91-default-debuginfo-4-2.1 kgraft-patch-4_4_180-94_100-default-2-2.1 kgraft-patch-4_4_180-94_100-default-debuginfo-2-2.1 kgraft-patch-4_4_180-94_103-default-2-2.1 kgraft-patch-4_4_180-94_103-default-debuginfo-2-2.1 kgraft-patch-4_4_180-94_97-default-4-2.1 kgraft-patch-4_4_180-94_97-default-debuginfo-4-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_156-94_57-default-8-2.1 kgraft-patch-4_4_156-94_57-default-debuginfo-8-2.1 kgraft-patch-4_4_156-94_61-default-8-2.1 kgraft-patch-4_4_156-94_61-default-debuginfo-8-2.1 kgraft-patch-4_4_156-94_64-default-7-2.1 kgraft-patch-4_4_156-94_64-default-debuginfo-7-2.1 kgraft-patch-4_4_162-94_69-default-6-2.1 kgraft-patch-4_4_162-94_69-default-debuginfo-6-2.1 kgraft-patch-4_4_162-94_72-default-6-2.1 kgraft-patch-4_4_162-94_72-default-debuginfo-6-2.1 kgraft-patch-4_4_175-94_79-default-5-2.1 kgraft-patch-4_4_175-94_79-default-debuginfo-5-2.1 kgraft-patch-4_4_176-94_88-default-4-2.1 kgraft-patch-4_4_176-94_88-default-debuginfo-4-2.1 kgraft-patch-4_4_178-94_91-default-4-2.1 kgraft-patch-4_4_178-94_91-default-debuginfo-4-2.1 kgraft-patch-4_4_180-94_100-default-2-2.1 kgraft-patch-4_4_180-94_100-default-debuginfo-2-2.1 kgraft-patch-4_4_180-94_103-default-2-2.1 kgraft-patch-4_4_180-94_103-default-debuginfo-2-2.1 kgraft-patch-4_4_180-94_97-default-4-2.1 kgraft-patch-4_4_180-94_97-default-debuginfo-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-18379.html https://www.suse.com/security/cve/CVE-2019-14835.html https://bugzilla.suse.com/1145604 https://bugzilla.suse.com/1151021 From sle-security-updates at lists.suse.com Tue Oct 8 10:17:32 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Oct 2019 18:17:32 +0200 (CEST) Subject: SUSE-SU-2019:14190-1: moderate: Security update for dnsmasq Message-ID: <20191008161732.2C6E8F796@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14190-1 Rating: moderate References: #1076958 #1138743 Cross-References: CVE-2017-15107 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance. (bsc#1076958) Non-security issue fixed: - Removed cache size limit. (bsc#1138743) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-dnsmasq-14190=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dnsmasq-14190=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): dnsmasq-2.78-0.17.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): dnsmasq-debuginfo-2.78-0.17.10.1 dnsmasq-debugsource-2.78-0.17.10.1 References: https://www.suse.com/security/cve/CVE-2017-15107.html https://bugzilla.suse.com/1076958 https://bugzilla.suse.com/1138743 From sle-security-updates at lists.suse.com Wed Oct 9 07:11:07 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 9 Oct 2019 15:11:07 +0200 (CEST) Subject: SUSE-SU-2019:2620-1: important: Security update for MozillaFirefox Message-ID: <20191009131107.EC5A8F796@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2620-1 Rating: important References: #1087200 #1109465 #1117473 #1123482 #1124525 #1133810 #1140868 #1145665 #1149323 Cross-References: CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-9811 CVE-2019-9812 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 38 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Updated to new ESR version 68.1 (bsc#1149323). In addition to the already fixed vulnerabilities released in previous ESR updates, the following were also fixed: CVE-2019-11751, CVE-2019-11736, CVE-2019-9812, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735. Several run-time issues were also resolved (bsc#1117473, bsc#1124525, bsc#1133810). The version displayed in Help > About is now correct (bsc#1087200). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2620=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2620=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2620=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2620=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2620=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2620=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2620=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2620=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2620=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2620=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2620=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2620=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2620=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2620=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2620=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2620=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2620=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2620=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2620=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2620=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-devel-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-devel-68.1.0-109.89.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-devel-68.1.0-109.89.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-devel-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-devel-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-devel-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-devel-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-devel-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-devel-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-68.1.0-109.89.1 MozillaFirefox-branding-SLE-68-32.8.1 MozillaFirefox-debuginfo-68.1.0-109.89.1 MozillaFirefox-debugsource-68.1.0-109.89.1 MozillaFirefox-translations-common-68.1.0-109.89.1 References: https://www.suse.com/security/cve/CVE-2019-11709.html https://www.suse.com/security/cve/CVE-2019-11710.html https://www.suse.com/security/cve/CVE-2019-11711.html https://www.suse.com/security/cve/CVE-2019-11712.html https://www.suse.com/security/cve/CVE-2019-11713.html https://www.suse.com/security/cve/CVE-2019-11714.html https://www.suse.com/security/cve/CVE-2019-11715.html https://www.suse.com/security/cve/CVE-2019-11716.html https://www.suse.com/security/cve/CVE-2019-11717.html https://www.suse.com/security/cve/CVE-2019-11718.html https://www.suse.com/security/cve/CVE-2019-11719.html https://www.suse.com/security/cve/CVE-2019-11720.html https://www.suse.com/security/cve/CVE-2019-11721.html https://www.suse.com/security/cve/CVE-2019-11723.html https://www.suse.com/security/cve/CVE-2019-11724.html https://www.suse.com/security/cve/CVE-2019-11725.html https://www.suse.com/security/cve/CVE-2019-11727.html https://www.suse.com/security/cve/CVE-2019-11728.html https://www.suse.com/security/cve/CVE-2019-11729.html https://www.suse.com/security/cve/CVE-2019-11730.html https://www.suse.com/security/cve/CVE-2019-11733.html https://www.suse.com/security/cve/CVE-2019-11735.html https://www.suse.com/security/cve/CVE-2019-11736.html https://www.suse.com/security/cve/CVE-2019-11738.html https://www.suse.com/security/cve/CVE-2019-11740.html https://www.suse.com/security/cve/CVE-2019-11742.html https://www.suse.com/security/cve/CVE-2019-11743.html https://www.suse.com/security/cve/CVE-2019-11744.html https://www.suse.com/security/cve/CVE-2019-11746.html https://www.suse.com/security/cve/CVE-2019-11747.html https://www.suse.com/security/cve/CVE-2019-11748.html https://www.suse.com/security/cve/CVE-2019-11749.html https://www.suse.com/security/cve/CVE-2019-11750.html https://www.suse.com/security/cve/CVE-2019-11751.html https://www.suse.com/security/cve/CVE-2019-11752.html https://www.suse.com/security/cve/CVE-2019-11753.html https://www.suse.com/security/cve/CVE-2019-9811.html https://www.suse.com/security/cve/CVE-2019-9812.html https://bugzilla.suse.com/1087200 https://bugzilla.suse.com/1109465 https://bugzilla.suse.com/1117473 https://bugzilla.suse.com/1123482 https://bugzilla.suse.com/1124525 https://bugzilla.suse.com/1133810 https://bugzilla.suse.com/1140868 https://bugzilla.suse.com/1145665 https://bugzilla.suse.com/1149323 From sle-security-updates at lists.suse.com Wed Oct 9 13:15:50 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 9 Oct 2019 21:15:50 +0200 (CEST) Subject: SUSE-SU-2019:1487-2: moderate: Security update for python-requests Message-ID: <20191009191550.60D32F796@maintenance.suse.de> SUSE Security Update: Security update for python-requests ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1487-2 Rating: moderate References: #1111622 Cross-References: CVE-2018-18074 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-requests to version 2.20.1 fixes the following issues: Security issue fixed: - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1487=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python2-requests-test-2.20.1-6.3.2 python3-requests-test-2.20.1-6.3.2 References: https://www.suse.com/security/cve/CVE-2018-18074.html https://bugzilla.suse.com/1111622 From sle-security-updates at lists.suse.com Wed Oct 9 13:17:08 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 9 Oct 2019 21:17:08 +0200 (CEST) Subject: SUSE-SU-2019:2622-1: important: Security update for libopenmpt Message-ID: <20191009191708.1E8C4F796@maintenance.suse.de> SUSE Security Update: Security update for libopenmpt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2622-1 Rating: important References: #1153102 Cross-References: CVE-2019-17113 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libopenmpt to version 0.3.19 fixes the following issues: - CVE-2019-17113: Fixed a buffer overflow in ModPlug_InstrumentName and ModPlug_SampleName (bsc#1153102). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2622=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2622=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2622=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2622=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libopenmpt-debugsource-0.3.19-2.10.1 openmpt123-0.3.19-2.10.1 openmpt123-debuginfo-0.3.19-2.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libmodplug1-32bit-0.3.19-2.10.1 libmodplug1-32bit-debuginfo-0.3.19-2.10.1 libopenmpt0-32bit-0.3.19-2.10.1 libopenmpt0-32bit-debuginfo-0.3.19-2.10.1 libopenmpt_modplug1-32bit-0.3.19-2.10.1 libopenmpt_modplug1-32bit-debuginfo-0.3.19-2.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libopenmpt-debugsource-0.3.19-2.10.1 openmpt123-0.3.19-2.10.1 openmpt123-debuginfo-0.3.19-2.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libmodplug-devel-0.3.19-2.10.1 libmodplug1-0.3.19-2.10.1 libmodplug1-debuginfo-0.3.19-2.10.1 libopenmpt-debugsource-0.3.19-2.10.1 libopenmpt-devel-0.3.19-2.10.1 libopenmpt0-0.3.19-2.10.1 libopenmpt0-debuginfo-0.3.19-2.10.1 libopenmpt_modplug1-0.3.19-2.10.1 libopenmpt_modplug1-debuginfo-0.3.19-2.10.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libmodplug-devel-0.3.19-2.10.1 libmodplug1-0.3.19-2.10.1 libmodplug1-debuginfo-0.3.19-2.10.1 libopenmpt-debugsource-0.3.19-2.10.1 libopenmpt-devel-0.3.19-2.10.1 libopenmpt0-0.3.19-2.10.1 libopenmpt0-debuginfo-0.3.19-2.10.1 libopenmpt_modplug1-0.3.19-2.10.1 libopenmpt_modplug1-debuginfo-0.3.19-2.10.1 References: https://www.suse.com/security/cve/CVE-2019-17113.html https://bugzilla.suse.com/1153102 From sle-security-updates at lists.suse.com Fri Oct 11 13:17:22 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 11 Oct 2019 21:17:22 +0200 (CEST) Subject: SUSE-SU-2019:2345-2: important: Security update for webkit2gtk3 Message-ID: <20191011191722.8ED2BF796@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2345-2 Rating: important References: #1135715 #1148931 Cross-References: CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Updated to version 2.24.4 (bsc#1148931). Security issues fixed: - CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690 Non-security issues fixed: - Improved loading of multimedia streams to avoid memory exhaustion due to excessive caching. - Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2345=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2345=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2345=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2345=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2345=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2345=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2345=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2345=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2345=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2345=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2345=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2345=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - SUSE OpenStack Cloud 8 (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - SUSE OpenStack Cloud 8 (x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 webkit2gtk3-devel-2.24.4-2.47.1 - SUSE OpenStack Cloud 7 (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 webkit2gtk3-devel-2.24.4-2.47.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 webkit2gtk3-devel-2.24.4-2.47.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 webkit2gtk3-devel-2.24.4-2.47.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 - SUSE Enterprise Storage 5 (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - SUSE Enterprise Storage 4 (x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 webkit2gtk3-devel-2.24.4-2.47.1 - SUSE Enterprise Storage 4 (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - HPE Helion Openstack 8 (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - HPE Helion Openstack 8 (x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 References: https://www.suse.com/security/cve/CVE-2019-8595.html https://www.suse.com/security/cve/CVE-2019-8607.html https://www.suse.com/security/cve/CVE-2019-8615.html https://www.suse.com/security/cve/CVE-2019-8644.html https://www.suse.com/security/cve/CVE-2019-8649.html https://www.suse.com/security/cve/CVE-2019-8658.html https://www.suse.com/security/cve/CVE-2019-8666.html https://www.suse.com/security/cve/CVE-2019-8669.html https://www.suse.com/security/cve/CVE-2019-8671.html https://www.suse.com/security/cve/CVE-2019-8672.html https://www.suse.com/security/cve/CVE-2019-8673.html https://www.suse.com/security/cve/CVE-2019-8676.html https://www.suse.com/security/cve/CVE-2019-8677.html https://www.suse.com/security/cve/CVE-2019-8678.html https://www.suse.com/security/cve/CVE-2019-8679.html https://www.suse.com/security/cve/CVE-2019-8680.html https://www.suse.com/security/cve/CVE-2019-8681.html https://www.suse.com/security/cve/CVE-2019-8683.html https://www.suse.com/security/cve/CVE-2019-8684.html https://www.suse.com/security/cve/CVE-2019-8686.html https://www.suse.com/security/cve/CVE-2019-8687.html https://www.suse.com/security/cve/CVE-2019-8688.html https://www.suse.com/security/cve/CVE-2019-8689.html https://www.suse.com/security/cve/CVE-2019-8690.html https://bugzilla.suse.com/1135715 https://bugzilla.suse.com/1148931 From sle-security-updates at lists.suse.com Fri Oct 11 13:25:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 11 Oct 2019 21:25:05 +0200 (CEST) Subject: SUSE-SU-2019:1373-2: moderate: Security update for axis Message-ID: <20191011192505.CF6D0F796@maintenance.suse.de> SUSE Security Update: Security update for axis ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1373-2 Rating: moderate References: #1134598 Cross-References: CVE-2012-5784 CVE-2014-3596 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for axis fixes the following issues: Security issue fixed: - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1373=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1373=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): axis-manual-1.4-5.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): axis-1.4-5.8.1 References: https://www.suse.com/security/cve/CVE-2012-5784.html https://www.suse.com/security/cve/CVE-2014-3596.html https://bugzilla.suse.com/1134598 From sle-security-updates at lists.suse.com Fri Oct 11 13:35:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 11 Oct 2019 21:35:05 +0200 (CEST) Subject: SUSE-SU-2019:1212-2: important: Security update for jakarta-commons-fileupload Message-ID: <20191011193505.9BAC1F796@maintenance.suse.de> SUSE Security Update: Security update for jakarta-commons-fileupload ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1212-2 Rating: important References: #1128829 #1128963 Cross-References: CVE-2016-1000031 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-1212=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1212=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): jakarta-commons-fileupload-1.1.1-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): jakarta-commons-fileupload-javadoc-1.1.1-4.3.1 References: https://www.suse.com/security/cve/CVE-2016-1000031.html https://bugzilla.suse.com/1128829 https://bugzilla.suse.com/1128963 From sle-security-updates at lists.suse.com Fri Oct 11 13:32:09 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 11 Oct 2019 21:32:09 +0200 (CEST) Subject: SUSE-SU-2019:1368-2: important: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Message-ID: <20191011193209.6AC16F796@maintenance.suse.de> SUSE Security Update: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1368-2 Rating: important References: #1134524 Cross-References: CVE-2019-5021 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1368=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): system-user-root-20190513-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-5021.html https://bugzilla.suse.com/1134524 From sle-security-updates at lists.suse.com Fri Oct 11 16:10:42 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 12 Oct 2019 00:10:42 +0200 (CEST) Subject: SUSE-SU-2019:2648-1: important: Security update for the Linux Kernel Message-ID: <20191011221042.74EE1F796@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2648-1 Rating: important References: #1047238 #1050911 #1051510 #1054914 #1055117 #1056686 #1060662 #1061840 #1061843 #1064597 #1064701 #1065600 #1065729 #1066369 #1071009 #1071306 #1071995 #1078248 #1082555 #1085030 #1085536 #1085539 #1086103 #1087092 #1090734 #1091171 #1093205 #1102097 #1104902 #1104967 #1106061 #1106284 #1106434 #1108382 #1109158 #1112178 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113722 #1114279 #1114542 #1118689 #1119086 #1120876 #1120902 #1120937 #1123034 #1123105 #1123959 #1124370 #1127988 #1129424 #1129519 #1129664 #1131107 #1131281 #1131304 #1131565 #1133021 #1134291 #1134881 #1134882 #1135219 #1135642 #1135897 #1136261 #1137069 #1137865 #1137884 #1137959 #1138539 #1139020 #1139021 #1139101 #1139500 #1140012 #1140155 #1140426 #1140487 #1141013 #1141450 #1141543 #1141554 #1142019 #1142076 #1142109 #1142117 #1142118 #1142119 #1142496 #1142541 #1142635 #1142685 #1142701 #1142857 #1143300 #1143466 #1143478 #1143765 #1143841 #1143843 #1144123 #1144333 #1144474 #1144518 #1144718 #1144813 #1144880 #1144886 #1144912 #1144920 #1144979 #1145010 #1145024 #1145051 #1145059 #1145134 #1145189 #1145235 #1145300 #1145302 #1145388 #1145389 #1145390 #1145391 #1145392 #1145393 #1145394 #1145395 #1145396 #1145397 #1145408 #1145409 #1145661 #1145678 #1145687 #1145920 #1145922 #1145934 #1145937 #1145940 #1145941 #1145942 #1146042 #1146074 #1146084 #1146163 #1146285 #1146346 #1146351 #1146352 #1146361 #1146376 #1146378 #1146381 #1146391 #1146399 #1146413 #1146425 #1146512 #1146514 #1146516 #1146519 #1146524 #1146526 #1146529 #1146531 #1146540 #1146543 #1146547 #1146550 #1146575 #1146589 #1146664 #1146678 #1146938 #1148031 #1148032 #1148033 #1148034 #1148035 #1148093 #1148133 #1148192 #1148196 #1148198 #1148202 #1148303 #1148363 #1148379 #1148394 #1148527 #1148574 #1148616 #1148617 #1148619 #1148698 #1148712 #1148859 #1148868 #1149053 #1149083 #1149104 #1149105 #1149106 #1149197 #1149214 #1149224 #1149313 #1149325 #1149376 #1149413 #1149418 #1149424 #1149446 #1149522 #1149527 #1149539 #1149552 #1149555 #1149591 #1149602 #1149612 #1149626 #1149651 #1149652 #1149713 #1149940 #1149959 #1149963 #1149976 #1150025 #1150033 #1150112 #1150381 #1150423 #1150562 #1150727 #1150860 #1150861 #1150933 #1151350 #1151610 #1151667 #1151671 #1151891 #1151955 #1152024 #1152025 #1152026 #1152161 #1152325 #1152457 #1152460 #1152466 #1152972 #1152974 #1152975 Cross-References: CVE-2017-18551 CVE-2017-18595 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15291 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 CVE-2019-9506 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that solves 43 vulnerabilities and has 220 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 for Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka "KNOB") that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361). - CVE-2019-15924: fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure (bnc#1149612). - CVE-2019-9456: In the Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have led to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via an interrupt. To exploit the vulnerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE was misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bnc#1149626). - CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602). - CVE-2018-21008: A use-after-free could have been caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552). - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539). - CVE-2019-15926: An out-of-bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527). - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522). - CVE-2019-15902: Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524). - CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14815: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bsc#1146514) - CVE-2019-14816: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516). - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526). - CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093). - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550). - CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529). - CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413). - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425). - CVE-2019-15090: An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the qedi_dbg_* family of functions, there is an out-of-bounds read (bnc#1146399). - CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c. There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion (bnc#1145922). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920). - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). The following non-security bugs were fixed: - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI: fix false-positive -Wuninitialized warning (bsc#1051510). - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - Add 3 not-needeed commits to blacklist.conf from git-fixes. - Add missing structs and defines from recent SMB3.1.1 documentation (bsc#1144333). - Add new flag on SMB3.1.1 read (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - Add some missing debug fields in server and tcon structs (bsc#1144333). - add some missing definitions (bsc#1144333). - Add some qedf commits to blacklist file (bsc#1149976) - Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire: fix a memory leak bug (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add a generic reboot_notify (bsc#1051510). - ALSA: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - ALSA: hda - Do not override global PCM hw info flag (bsc#1051510). - ALSA: hda - Fix a memory leak bug (bsc#1051510). - ALSA: hda - Fix potential endless loop at applying quirks (bsc#1051510). - ALSA: hda: kabi workaround for generic parser flag (bsc#1051510). - ALSA: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - ALSA: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - ALSA: hiface: fix multiple memory leak bugs (bsc#1051510). - ALSA: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - ALSA: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Fail card instantiation if DAI format setup fails (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - Bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - Bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - Bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - Bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata "Needless activation of MRAF irq" (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - Cleanup some minor endian issues in smb3 rdma (bsc#1144333). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm log writes: make sure super sector log updates are written in order (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE") (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm zoned: Silence a static checker warning (git fixes). - Documentation: Add nospectre_v1 parameter (bsc#1051510). - Documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333). - Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm: silence variable 'conn' set but not used (bsc#1051510). - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - Drop an ASoC fix that was reverted in 4.14.y stable - eCryptfs: fix a couple type promotion bugs (bsc#1051510). - EDAC/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - EDAC, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - Fix kABI after KVM fixes - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix match_server check to allow for auto dialect negotiate (bsc#1144333). - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - Fix warning messages when mounting to older servers (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - HID: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - HID: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - HID: hiddev: avoid opening a disconnected device (bsc#1051510). - HID: hiddev: do cleanup in failure of opening a device (bsc#1051510). - HID: holtek: test for sanity of intfdata (bsc#1051510). - HID: sony: Fix race condition between rumble and device remove (bsc#1051510). - HID: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - HID: wacom: correct misreported EKR ring values (bsc#1142635). - HID: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - IB/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - Input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - Input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - Input: iforce - add sanity checks (bsc#1051510). - Input: kbtab - sanity check for endpoint type (bsc#1051510). - Input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - Input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - Input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671). - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024). - iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn/capi: check message length in capi_write() (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kabi/severities: Whitelist a couple of xive functions xive_cleanup_irq_data and xive_native_populate_irq_data are exported by the xive interupt controller driver and used by KVM. I do not expect any out-of-tree driver can sanely use these. - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - kvm: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - kvm: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - kvm: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - kvm: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - kvm: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - lan78xx: Fix memory leaks (bsc#1051510). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert "[media] marvell-ccic: reset ccic phy when stop streaming for stability" (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move irq_data_get_effective_affinity_mask prior the sorted section - Move upstreamed BT fix into sorted section - Move upstreamed nvme fix into sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - Negotiate and save preferred compression algorithms (bsc#1144333). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net/smc: original socket family in inet_sock_diag (bsc#1149959). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - nfc: fix potential illegal memory access (bsc#1051510). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - NFS: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix a double unlock from nfs_match,get_client (bsc#1134291). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Fix the inode request accounting when pages have subrequests (bsc#1140012). - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (git-fixes). - NFS: make nfs_match_client killable (bsc#1134291). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - PCI: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - PCI: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - PCI: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - PCI: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - PM / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - PM / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - pnfs fallback to MDS if no deviceid found (git-fixes). - pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pnfs/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510, bsc#1144333). - Revert "Bluetooth: validate BLE connection interval updates" (bsc#1051510). - Revert "cfg80211: fix processing world regdomain when non modular" (bsc#1051510). - Revert "dm bufio: fix deadlock with loop device" (git fixes). - Revert i915 userptr page lock patch (bsc#1145051) - Revert "mwifiex: fix system hang problem after resume" (bsc#1051510). - Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" (bsc#1139020 bsc#1139021). - Revert "scsi: ncr5380: Increase register polling limit" (git-fixes). - Revert "scsi: ufs: disable vccq if it's not needed by UFS device" (git-fixes). - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: delete sas port if expander discover failed (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "alredy" -> "already" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "initializatin" -> "initialization" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update two source code comments (git-fixes). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - sctp: fix the transport error_count check (networking-stable-19_08_21). - secure boot lockdown: Fix-up backport of /dev/mem access restriction. The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - set CONFIG_FB_HYPERV=m to avoid conflict with efifb (bsc#1145134) - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter "dev_t line" (bsc#1051510). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - Update azure config, enable *NVME* (bsc#1143478) - Update config files. (bsc#1145687) Add the following kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y CONFIG_HOTPLUG_PCI_ACPI=y - Update config files. - cifs: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys (bsc#1144333). - Update config files. - cifs: allow disabling insecure dialects in the config (bsc#1144333). - Update config files. - cifs: SMBD: Introduce kernel config option CONFIG_CIFS_SMB_DIRECT (bsc#1144333). - update internal version number for cifs.ko (bsc#1144333). - Update session and share information displayed for debugging SMB2/SMB3 (bsc#1144333). - Update version of cifs module (bsc#1144333). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear "suspended" on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - VMCI: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2648=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-azure-4.12.14-6.26.1 kernel-azure-base-4.12.14-6.26.1 kernel-azure-base-debuginfo-4.12.14-6.26.1 kernel-azure-debuginfo-4.12.14-6.26.1 kernel-azure-debugsource-4.12.14-6.26.1 kernel-azure-devel-4.12.14-6.26.1 kernel-syms-azure-4.12.14-6.26.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-azure-4.12.14-6.26.1 kernel-source-azure-4.12.14-6.26.1 References: https://www.suse.com/security/cve/CVE-2017-18551.html https://www.suse.com/security/cve/CVE-2017-18595.html https://www.suse.com/security/cve/CVE-2018-20976.html https://www.suse.com/security/cve/CVE-2018-21008.html https://www.suse.com/security/cve/CVE-2019-10207.html https://www.suse.com/security/cve/CVE-2019-14814.html https://www.suse.com/security/cve/CVE-2019-14815.html https://www.suse.com/security/cve/CVE-2019-14816.html https://www.suse.com/security/cve/CVE-2019-14821.html https://www.suse.com/security/cve/CVE-2019-14835.html https://www.suse.com/security/cve/CVE-2019-15030.html https://www.suse.com/security/cve/CVE-2019-15031.html https://www.suse.com/security/cve/CVE-2019-15090.html https://www.suse.com/security/cve/CVE-2019-15098.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-15118.html https://www.suse.com/security/cve/CVE-2019-15211.html https://www.suse.com/security/cve/CVE-2019-15212.html https://www.suse.com/security/cve/CVE-2019-15214.html https://www.suse.com/security/cve/CVE-2019-15215.html https://www.suse.com/security/cve/CVE-2019-15216.html https://www.suse.com/security/cve/CVE-2019-15217.html https://www.suse.com/security/cve/CVE-2019-15218.html https://www.suse.com/security/cve/CVE-2019-15219.html https://www.suse.com/security/cve/CVE-2019-15220.html https://www.suse.com/security/cve/CVE-2019-15221.html https://www.suse.com/security/cve/CVE-2019-15222.html https://www.suse.com/security/cve/CVE-2019-15239.html https://www.suse.com/security/cve/CVE-2019-15290.html https://www.suse.com/security/cve/CVE-2019-15291.html https://www.suse.com/security/cve/CVE-2019-15292.html https://www.suse.com/security/cve/CVE-2019-15538.html https://www.suse.com/security/cve/CVE-2019-15666.html https://www.suse.com/security/cve/CVE-2019-15902.html https://www.suse.com/security/cve/CVE-2019-15917.html https://www.suse.com/security/cve/CVE-2019-15919.html https://www.suse.com/security/cve/CVE-2019-15920.html https://www.suse.com/security/cve/CVE-2019-15921.html https://www.suse.com/security/cve/CVE-2019-15924.html https://www.suse.com/security/cve/CVE-2019-15926.html https://www.suse.com/security/cve/CVE-2019-15927.html https://www.suse.com/security/cve/CVE-2019-9456.html https://www.suse.com/security/cve/CVE-2019-9506.html https://bugzilla.suse.com/1047238 https://bugzilla.suse.com/1050911 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1060662 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1061843 https://bugzilla.suse.com/1064597 https://bugzilla.suse.com/1064701 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066369 https://bugzilla.suse.com/1071009 https://bugzilla.suse.com/1071306 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086103 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1102097 https://bugzilla.suse.com/1104902 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1118689 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120876 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1120937 https://bugzilla.suse.com/1123034 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1123959 https://bugzilla.suse.com/1124370 https://bugzilla.suse.com/1127988 https://bugzilla.suse.com/1129424 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131281 https://bugzilla.suse.com/1131304 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134291 https://bugzilla.suse.com/1134881 https://bugzilla.suse.com/1134882 https://bugzilla.suse.com/1135219 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1136261 https://bugzilla.suse.com/1137069 https://bugzilla.suse.com/1137865 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137959 https://bugzilla.suse.com/1138539 https://bugzilla.suse.com/1139020 https://bugzilla.suse.com/1139021 https://bugzilla.suse.com/1139101 https://bugzilla.suse.com/1139500 https://bugzilla.suse.com/1140012 https://bugzilla.suse.com/1140155 https://bugzilla.suse.com/1140426 https://bugzilla.suse.com/1140487 https://bugzilla.suse.com/1141013 https://bugzilla.suse.com/1141450 https://bugzilla.suse.com/1141543 https://bugzilla.suse.com/1141554 https://bugzilla.suse.com/1142019 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142109 https://bugzilla.suse.com/1142117 https://bugzilla.suse.com/1142118 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142496 https://bugzilla.suse.com/1142541 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142857 https://bugzilla.suse.com/1143300 https://bugzilla.suse.com/1143466 https://bugzilla.suse.com/1143478 https://bugzilla.suse.com/1143765 https://bugzilla.suse.com/1143841 https://bugzilla.suse.com/1143843 https://bugzilla.suse.com/1144123 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1144474 https://bugzilla.suse.com/1144518 https://bugzilla.suse.com/1144718 https://bugzilla.suse.com/1144813 https://bugzilla.suse.com/1144880 https://bugzilla.suse.com/1144886 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1144920 https://bugzilla.suse.com/1144979 https://bugzilla.suse.com/1145010 https://bugzilla.suse.com/1145024 https://bugzilla.suse.com/1145051 https://bugzilla.suse.com/1145059 https://bugzilla.suse.com/1145134 https://bugzilla.suse.com/1145189 https://bugzilla.suse.com/1145235 https://bugzilla.suse.com/1145300 https://bugzilla.suse.com/1145302 https://bugzilla.suse.com/1145388 https://bugzilla.suse.com/1145389 https://bugzilla.suse.com/1145390 https://bugzilla.suse.com/1145391 https://bugzilla.suse.com/1145392 https://bugzilla.suse.com/1145393 https://bugzilla.suse.com/1145394 https://bugzilla.suse.com/1145395 https://bugzilla.suse.com/1145396 https://bugzilla.suse.com/1145397 https://bugzilla.suse.com/1145408 https://bugzilla.suse.com/1145409 https://bugzilla.suse.com/1145661 https://bugzilla.suse.com/1145678 https://bugzilla.suse.com/1145687 https://bugzilla.suse.com/1145920 https://bugzilla.suse.com/1145922 https://bugzilla.suse.com/1145934 https://bugzilla.suse.com/1145937 https://bugzilla.suse.com/1145940 https://bugzilla.suse.com/1145941 https://bugzilla.suse.com/1145942 https://bugzilla.suse.com/1146042 https://bugzilla.suse.com/1146074 https://bugzilla.suse.com/1146084 https://bugzilla.suse.com/1146163 https://bugzilla.suse.com/1146285 https://bugzilla.suse.com/1146346 https://bugzilla.suse.com/1146351 https://bugzilla.suse.com/1146352 https://bugzilla.suse.com/1146361 https://bugzilla.suse.com/1146376 https://bugzilla.suse.com/1146378 https://bugzilla.suse.com/1146381 https://bugzilla.suse.com/1146391 https://bugzilla.suse.com/1146399 https://bugzilla.suse.com/1146413 https://bugzilla.suse.com/1146425 https://bugzilla.suse.com/1146512 https://bugzilla.suse.com/1146514 https://bugzilla.suse.com/1146516 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146524 https://bugzilla.suse.com/1146526 https://bugzilla.suse.com/1146529 https://bugzilla.suse.com/1146531 https://bugzilla.suse.com/1146540 https://bugzilla.suse.com/1146543 https://bugzilla.suse.com/1146547 https://bugzilla.suse.com/1146550 https://bugzilla.suse.com/1146575 https://bugzilla.suse.com/1146589 https://bugzilla.suse.com/1146664 https://bugzilla.suse.com/1146678 https://bugzilla.suse.com/1146938 https://bugzilla.suse.com/1148031 https://bugzilla.suse.com/1148032 https://bugzilla.suse.com/1148033 https://bugzilla.suse.com/1148034 https://bugzilla.suse.com/1148035 https://bugzilla.suse.com/1148093 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148192 https://bugzilla.suse.com/1148196 https://bugzilla.suse.com/1148198 https://bugzilla.suse.com/1148202 https://bugzilla.suse.com/1148303 https://bugzilla.suse.com/1148363 https://bugzilla.suse.com/1148379 https://bugzilla.suse.com/1148394 https://bugzilla.suse.com/1148527 https://bugzilla.suse.com/1148574 https://bugzilla.suse.com/1148616 https://bugzilla.suse.com/1148617 https://bugzilla.suse.com/1148619 https://bugzilla.suse.com/1148698 https://bugzilla.suse.com/1148712 https://bugzilla.suse.com/1148859 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149053 https://bugzilla.suse.com/1149083 https://bugzilla.suse.com/1149104 https://bugzilla.suse.com/1149105 https://bugzilla.suse.com/1149106 https://bugzilla.suse.com/1149197 https://bugzilla.suse.com/1149214 https://bugzilla.suse.com/1149224 https://bugzilla.suse.com/1149313 https://bugzilla.suse.com/1149325 https://bugzilla.suse.com/1149376 https://bugzilla.suse.com/1149413 https://bugzilla.suse.com/1149418 https://bugzilla.suse.com/1149424 https://bugzilla.suse.com/1149446 https://bugzilla.suse.com/1149522 https://bugzilla.suse.com/1149527 https://bugzilla.suse.com/1149539 https://bugzilla.suse.com/1149552 https://bugzilla.suse.com/1149555 https://bugzilla.suse.com/1149591 https://bugzilla.suse.com/1149602 https://bugzilla.suse.com/1149612 https://bugzilla.suse.com/1149626 https://bugzilla.suse.com/1149651 https://bugzilla.suse.com/1149652 https://bugzilla.suse.com/1149713 https://bugzilla.suse.com/1149940 https://bugzilla.suse.com/1149959 https://bugzilla.suse.com/1149963 https://bugzilla.suse.com/1149976 https://bugzilla.suse.com/1150025 https://bugzilla.suse.com/1150033 https://bugzilla.suse.com/1150112 https://bugzilla.suse.com/1150381 https://bugzilla.suse.com/1150423 https://bugzilla.suse.com/1150562 https://bugzilla.suse.com/1150727 https://bugzilla.suse.com/1150860 https://bugzilla.suse.com/1150861 https://bugzilla.suse.com/1150933 https://bugzilla.suse.com/1151350 https://bugzilla.suse.com/1151610 https://bugzilla.suse.com/1151667 https://bugzilla.suse.com/1151671 https://bugzilla.suse.com/1151891 https://bugzilla.suse.com/1151955 https://bugzilla.suse.com/1152024 https://bugzilla.suse.com/1152025 https://bugzilla.suse.com/1152026 https://bugzilla.suse.com/1152161 https://bugzilla.suse.com/1152325 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152460 https://bugzilla.suse.com/1152466 https://bugzilla.suse.com/1152972 https://bugzilla.suse.com/1152974 https://bugzilla.suse.com/1152975 From sle-security-updates at lists.suse.com Mon Oct 14 07:11:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 14 Oct 2019 15:11:05 +0200 (CEST) Subject: SUSE-SU-2019:2650-1: moderate: Security update for binutils Message-ID: <20191014131105.1B21EF796@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2650-1 Rating: moderate References: #1109412 #1109413 #1109414 #1111996 #1112534 #1112535 #1113247 #1113252 #1113255 #1116827 #1118830 #1118831 #1120640 #1121034 #1121035 #1121056 #1133131 #1133232 #1141913 #1142772 Cross-References: CVE-2018-1000876 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2019-1010180 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has three fixes is now available. Description: This update for binutils fixes the following issues: binutils was updated to current 2.32 branch @7b468db3 [jsc#ECO-368]: Includes the following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - Enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO problems (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Handle ELF compressed header alignment correctly. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2650=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2650=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2650=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2650=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2650=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2650=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2650=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2650=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2650=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2650=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2650=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2650=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2650=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2650=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2650=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2650=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2650=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2650=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2650=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2650=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 - SUSE OpenStack Cloud 8 (x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 - SUSE OpenStack Cloud 7 (s390x x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 binutils-devel-2.32-9.33.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 binutils-devel-2.32-9.33.1 binutils-gold-2.32-9.33.1 binutils-gold-debuginfo-2.32-9.33.1 cross-ppc-binutils-2.32-9.33.1 cross-ppc-binutils-debuginfo-2.32-9.33.1 cross-ppc-binutils-debugsource-2.32-9.33.1 cross-spu-binutils-2.32-9.33.1 cross-spu-binutils-debuginfo-2.32-9.33.1 cross-spu-binutils-debugsource-2.32-9.33.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 binutils-devel-2.32-9.33.1 binutils-gold-2.32-9.33.1 binutils-gold-debuginfo-2.32-9.33.1 cross-ppc-binutils-2.32-9.33.1 cross-ppc-binutils-debuginfo-2.32-9.33.1 cross-ppc-binutils-debugsource-2.32-9.33.1 cross-spu-binutils-2.32-9.33.1 cross-spu-binutils-debuginfo-2.32-9.33.1 cross-spu-binutils-debugsource-2.32-9.33.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 binutils-devel-2.32-9.33.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 binutils-devel-2.32-9.33.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 binutils-devel-2.32-9.33.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 binutils-devel-2.32-9.33.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 - SUSE Enterprise Storage 4 (x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 binutils-devel-2.32-9.33.1 - HPE Helion Openstack 8 (x86_64): binutils-2.32-9.33.1 binutils-debuginfo-2.32-9.33.1 binutils-debugsource-2.32-9.33.1 References: https://www.suse.com/security/cve/CVE-2018-1000876.html https://www.suse.com/security/cve/CVE-2018-17358.html https://www.suse.com/security/cve/CVE-2018-17359.html https://www.suse.com/security/cve/CVE-2018-17360.html https://www.suse.com/security/cve/CVE-2018-17985.html https://www.suse.com/security/cve/CVE-2018-18309.html https://www.suse.com/security/cve/CVE-2018-18483.html https://www.suse.com/security/cve/CVE-2018-18484.html https://www.suse.com/security/cve/CVE-2018-18605.html https://www.suse.com/security/cve/CVE-2018-18606.html https://www.suse.com/security/cve/CVE-2018-18607.html https://www.suse.com/security/cve/CVE-2018-19931.html https://www.suse.com/security/cve/CVE-2018-19932.html https://www.suse.com/security/cve/CVE-2018-20623.html https://www.suse.com/security/cve/CVE-2018-20651.html https://www.suse.com/security/cve/CVE-2018-20671.html https://www.suse.com/security/cve/CVE-2019-1010180.html https://bugzilla.suse.com/1109412 https://bugzilla.suse.com/1109413 https://bugzilla.suse.com/1109414 https://bugzilla.suse.com/1111996 https://bugzilla.suse.com/1112534 https://bugzilla.suse.com/1112535 https://bugzilla.suse.com/1113247 https://bugzilla.suse.com/1113252 https://bugzilla.suse.com/1113255 https://bugzilla.suse.com/1116827 https://bugzilla.suse.com/1118830 https://bugzilla.suse.com/1118831 https://bugzilla.suse.com/1120640 https://bugzilla.suse.com/1121034 https://bugzilla.suse.com/1121035 https://bugzilla.suse.com/1121056 https://bugzilla.suse.com/1133131 https://bugzilla.suse.com/1133232 https://bugzilla.suse.com/1141913 https://bugzilla.suse.com/1142772 From sle-security-updates at lists.suse.com Mon Oct 14 07:14:13 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 14 Oct 2019 15:14:13 +0200 (CEST) Subject: SUSE-SU-2019:2651-1: important: Security update for the Linux Kernel Message-ID: <20191014131413.BC43CF796@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2651-1 Rating: important References: #1047238 #1050911 #1051510 #1054914 #1055117 #1056686 #1060662 #1061840 #1061843 #1064597 #1064701 #1065600 #1065729 #1066369 #1071009 #1071306 #1071995 #1078248 #1082555 #1085030 #1085536 #1085539 #1087092 #1090734 #1091171 #1093205 #1102097 #1104902 #1104967 #1106061 #1106284 #1106434 #1108382 #1109158 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113722 #1114279 #1114542 #1118689 #1119086 #1120876 #1120902 #1120937 #1123034 #1123105 #1124370 #1127988 #1129424 #1129519 #1129664 #1131107 #1131304 #1131565 #1134291 #1134881 #1134882 #1135219 #1135642 #1135897 #1136261 #1137069 #1137865 #1137884 #1137959 #1138539 #1139020 #1139021 #1139101 #1139500 #1140012 #1140155 #1140426 #1140487 #1141013 #1141450 #1141543 #1141554 #1142019 #1142076 #1142109 #1142117 #1142118 #1142119 #1142496 #1142541 #1142635 #1142685 #1142701 #1143300 #1143466 #1143765 #1143841 #1143843 #1144123 #1144333 #1144474 #1144518 #1144718 #1144813 #1144880 #1144886 #1144912 #1144920 #1144979 #1145010 #1145051 #1145059 #1145134 #1145189 #1145235 #1145300 #1145302 #1145388 #1145389 #1145390 #1145391 #1145392 #1145393 #1145394 #1145395 #1145396 #1145397 #1145408 #1145409 #1145661 #1145678 #1145687 #1145920 #1145922 #1145934 #1145937 #1145940 #1145941 #1145942 #1146042 #1146074 #1146084 #1146163 #1146285 #1146346 #1146351 #1146352 #1146361 #1146376 #1146378 #1146381 #1146391 #1146399 #1146413 #1146425 #1146512 #1146514 #1146516 #1146519 #1146524 #1146526 #1146529 #1146531 #1146540 #1146543 #1146547 #1146550 #1146575 #1146589 #1146664 #1146678 #1146938 #1148031 #1148032 #1148033 #1148034 #1148035 #1148093 #1148133 #1148192 #1148196 #1148198 #1148202 #1148303 #1148363 #1148379 #1148394 #1148527 #1148574 #1148616 #1148617 #1148619 #1148712 #1148859 #1148868 #1149053 #1149083 #1149104 #1149105 #1149106 #1149197 #1149214 #1149224 #1149313 #1149325 #1149376 #1149413 #1149418 #1149424 #1149446 #1149522 #1149527 #1149539 #1149552 #1149555 #1149591 #1149602 #1149612 #1149626 #1149651 #1149652 #1149713 #1149940 #1149976 #1150025 #1150033 #1150112 #1150381 #1150423 #1150562 #1150727 #1150860 #1150861 #1150933 #1151350 #1151610 #1151667 #1151680 #1151891 #1151955 #1152024 #1152025 #1152026 #1152161 #1152325 #1152457 #1152460 #1152466 #1152972 #1152974 #1152975 Cross-References: CVE-2017-18551 CVE-2017-18595 CVE-2018-20976 CVE-2018-21008 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15291 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 CVE-2019-9506 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that solves 42 vulnerabilities and has 210 fixes is now available. Description: The SUSE Linux Enterprise 15 for Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c. There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free could have been caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-9456: In the Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have led to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka "KNOB") that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14816: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via an interrupt. To exploit the vulnerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE was misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15090: An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the qedi_dbg_* family of functions, there is an out-of-bounds read (bnc#1146399). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion (bnc#1145922). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519). - CVE-2019-15212: An issue was discovered in the Linux kernel There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391 1146519). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550). - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425). - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524). - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526). - CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529). - CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678). - CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093). - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394). - CVE-2019-15902: Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552). - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bnc#1149626). - CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602). - CVE-2019-15924: fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure (bnc#1149612). - CVE-2019-15926: An out-of-bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527). - CVE-2019-15927: An issue was discovered in the Linux kernel An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522). The following non-security bugs were fixed: - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - ACPI: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI: fix false-positive -Wuninitialized warning (bsc#1051510). - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: firewire: fix a memory leak bug (bsc#1051510). - ALSA: hda - Add a generic reboot_notify (bsc#1051510). - ALSA: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - ALSA: hda - Do not override global PCM hw info flag (bsc#1051510). - ALSA: hda - Fix a memory leak bug (bsc#1051510). - ALSA: hda - Fix potential endless loop at applying quirks (bsc#1051510). - ALSA: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - ALSA: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - ALSA: hda: kabi workaround for generic parser flag (bsc#1051510). - ALSA: hiface: fix multiple memory leak bugs (bsc#1051510). - ALSA: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - ALSA: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - ASoC: Fail card instantiation if DAI format setup fails (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - Add 3 not-needeed commits to blacklist.conf from git-fixes. - Add missing structs and defines from recent SMB3.1.1 documentation (bsc#1144333). - Add new flag on SMB3.1.1 read (bsc#1144333). - Add some missing debug fields in server and tcon structs (bsc#1144333). - Add some qedf commits to blacklist file (bsc#1149976) - Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333). - Bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - Btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - Btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - Btrfs: add one more sanity check for shared ref type (bsc#1149325). - Btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - Btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - Btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - Btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - Btrfs: fix incremental send failure after deduplication (bsc#1145940). - Btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - Btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - Btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - Btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - Btrfs: remove BUG() in add_data_reference (bsc#1149325). - Btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - Btrfs: remove BUG() in print_extent_item (bsc#1149325). - Btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - CIFS: Add direct I/O functions to file_operations (bsc#1144333). - CIFS: Add support for direct I/O read (bsc#1144333). - CIFS: Add support for direct I/O write (bsc#1144333). - CIFS: Add support for direct pages in rdata (bsc#1144333). - CIFS: Add support for direct pages in wdata (bsc#1144333). - CIFS: Adds information-level logging function (bsc#1144333). - CIFS: Adjust MTU credits before reopening a file (bsc#1144333). - CIFS: Always reset read error to -EIO if no response (bsc#1144333). - CIFS: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - CIFS: Calculate the correct request length based on page offset and tail size (bsc#1144333). - CIFS: Check for reconnects before sending async requests (bsc#1144333). - CIFS: Check for reconnects before sending compound requests (bsc#1144333). - CIFS: Count SMB3 credits for malformed pending responses (bsc#1144333). - CIFS: Display SMB2 error codes in the hex format (bsc#1144333). - CIFS: Do not assume one credit for async responses (bsc#1144333). - CIFS: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - CIFS: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - CIFS: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - CIFS: Do not log credits when unmounting a share (bsc#1144333). - CIFS: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - CIFS: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - CIFS: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - CIFS: Do not skip SMB2 message IDs on send failures (bsc#1144333). - CIFS: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - CIFS: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - CIFS: Fix NULL ptr deref (bsc#1144333). - CIFS: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - CIFS: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - CIFS: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - CIFS: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - CIFS: Fix credit calculations in compound mid callback (bsc#1144333). - CIFS: Fix credit computation for compounded requests (bsc#1144333). - CIFS: Fix credits calculation for cancelled requests (bsc#1144333). - CIFS: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - CIFS: Fix error paths in writeback code (bsc#1144333). - CIFS: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - CIFS: Fix module dependency (bsc#1144333). - CIFS: Fix mounts if the client is low on credits (bsc#1144333). - CIFS: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - CIFS: Fix possible oops and memory leaks in async IO (bsc#1144333). - CIFS: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - CIFS: Fix signing for SMB2/3 (bsc#1144333). - CIFS: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - CIFS: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - CIFS: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - CIFS: Mask off signals when sending SMB packets (bsc#1144333). - CIFS: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - CIFS: Move open file handling to writepages (bsc#1144333). - CIFS: Move unlocking pages from wdata_send_pages() (bsc#1144333). - CIFS: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - CIFS: Pass page offset for calculating signature (bsc#1144333). - CIFS: Pass page offset for encrypting (bsc#1144333). - CIFS: Print message when attempting a mount (bsc#1144333). - CIFS: Reconnect expired SMB sessions (bnc#1060662). - CIFS: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - CIFS: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - CIFS: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - CIFS: Respect reconnect in MTU credits calculations (bsc#1144333). - CIFS: Respect reconnect in non-MTU credits calculations (bsc#1144333). - CIFS: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - CIFS: Return error code when getting file handle for writeback (bsc#1144333). - CIFS: SMBD: Add SMB Direct debug counters (bsc#1144333). - CIFS: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - CIFS: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - CIFS: SMBD: Add rdma mount option (bsc#1144333). - CIFS: SMBD: Disable signing on SMB direct transport (bsc#1144333). - CIFS: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - CIFS: SMBD: Establish SMB Direct connection (bsc#1144333). - CIFS: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - CIFS: SMBD: Implement RDMA memory registration (bsc#1144333). - CIFS: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - CIFS: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - CIFS: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - CIFS: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - CIFS: SMBD: Implement function to send data via RDMA send (bsc#1144333). - CIFS: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - CIFS: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - CIFS: SMBD: Support page offset in RDMA recv (bsc#1144333). - CIFS: SMBD: Support page offset in RDMA send (bsc#1144333). - CIFS: SMBD: Support page offset in memory registration (bsc#1144333). - CIFS: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - CIFS: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - CIFS: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - CIFS: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - CIFS: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - CIFS: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - CIFS: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - CIFS: SMBD: _smbd_get_connection() can be static (bsc#1144333). - CIFS: SMBD: export protocol initial values (bsc#1144333). - CIFS: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - CIFS: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - CIFS: Set reconnect instance to one initially (bsc#1144333). - CIFS: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - CIFS: Try to acquire credits at once for compound requests (bsc#1144333). - CIFS: Use offset when reading pages (bsc#1144333). - CIFS: When sending data on socket, pass the correct page offset (bsc#1144333). - CIFS: add ONCE flag for cifs_dbg type (bsc#1144333). - CIFS: add SFM mapping for 0x01-0x1F (bsc#1144333). - CIFS: add iface info to struct cifs_ses (bsc#1144333). - CIFS: add sha512 secmech (bsc#1051510, bsc#1144333). - CIFS: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - CIFS: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - CIFS: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - CIFS: complete PDU definitions for interface queries (bsc#1144333). - CIFS: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - CIFS: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - CIFS: document tcon/ses/server refcount dance (bsc#1144333). - CIFS: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - CIFS: dump every session iface info (bsc#1144333). - CIFS: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - CIFS: fix circular locking dependency (bsc#1064701, bsc#1144333). - CIFS: fix deadlock in cached root handling (bsc#1144333). - CIFS: fix encryption in SMB3.1.1 (bsc#1144333). - CIFS: fix memory leak and remove dead code (bsc#1144333). - CIFS: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - CIFS: fix typo in cifs_dbg (bsc#1144333). - CIFS: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - CIFS: fix use-after-free of the lease keys (bsc#1144333). - CIFS: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - CIFS: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - CIFS: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - CIFS: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - CIFS: make IPC a regular tcon (bsc#1071306, bsc#1144333). - CIFS: make arrays static const, reduces object code size (bsc#1144333). - CIFS: make mknod() an smb_version_op (bsc#1144333). - CIFS: move default port definitions to cifsglob.h (bsc#1144333). - CIFS: parse and store info on iface queries (bsc#1144333). - CIFS: pass page offsets on SMB1 read/write (bsc#1144333). - CIFS: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - CIFS: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - CIFS: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - CIFS: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - CIFS: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - Cleanup some minor endian issues in smb3 rdma (bsc#1144333). - Delete for bsc#1144979: bcache: kernel oops on reading sysfs cache_mode file patches.suse/0031-bcache-use-sysfs_match_string-instead-of-__sysfs_mat.patc h. - Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333). - Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333). - Drop an ASoC fix that was reverted in 4.14.y stable - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333). - Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333). - Fix kABI after KVM fixes - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix match_server check to allow for auto dialect negotiate (bsc#1144333). - Fix warning messages when mounting to older servers (bsc#1144333). - Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - HID: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - HID: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - HID: hiddev: avoid opening a disconnected device (bsc#1051510). - HID: hiddev: do cleanup in failure of opening a device (bsc#1051510). - HID: holtek: test for sanity of intfdata (bsc#1051510). - HID: sony: Fix race condition between rumble and device remove (bsc#1051510). - HID: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - HID: wacom: correct misreported EKR ring values (bsc#1142635). - HID: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - IB/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ISDN: hfcsusb: checking idx of ep configuration (bsc#1051510). - Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - Input: iforce - add sanity checks (bsc#1051510). - Input: kbtab - sanity check for endpoint type (bsc#1051510). - Input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - KVM: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - KVM: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - KVM: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - KVM: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - KVM: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - KVM: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - KVM: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - KVM: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - KVM: x86: Unconditionally enable irqs in guest context (bsc#1145396). - KVM: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - KVM: x86: fix backward migration with async_PF (bsc#1146074). - Move upstreamed nvme fix into sorted section - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - NFS: Cleanup if nfs_match_client is interrupted (bsc#1134291). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix a double unlock from nfs_match,get_client (bsc#1134291). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Fix the inode request accounting when pages have subrequests (bsc#1140012). - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFS: make nfs_match_client killable (bsc#1134291). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - Negotiate and save preferred compression algorithms (bsc#1144333). - PCI: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - PCI: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - PM / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - PM / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - PM / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - PNFS fallback to MDS if no deviceid found (git-fixes). - Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510, bsc#1144333). - Revert "Bluetooth: validate BLE connection interval updates" (bsc#1051510). - Revert "cfg80211: fix processing world regdomain when non modular" (bsc#1051510). - Revert "dm bufio: fix deadlock with loop device" (git fixes). - Revert "mwifiex: fix system hang problem after resume" (bsc#1051510). - Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" (bsc#1139020 bsc#1139021). - Revert "scsi: ncr5380: Increase register polling limit" (git-fixes). - Revert "scsi: ufs: disable vccq if it's not needed by UFS device" (git-fixes). - Revert i915 userptr page lock patch (bsc#1145051) - Revert patches.suse/0001-blk-wbt-Avoid-lock-contention-and-thundering-herd-is.patc h (bsc#1141543) As we see stalls / crashes recently with the relevant code path, revert this patch tentatively. - SMB3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - SMB3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - SMB311: Fix reconnect (bsc#1051510, bsc#1144333). - SMB311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - SMB3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - SMB3: Add defines for new negotiate contexts (bsc#1144333). - SMB3: Add handling for different FSCTL access flags (bsc#1144333). - SMB3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - SMB3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - SMB3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - SMB3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - SMB3: Backup intent flag missing from compounded ops (bsc#1144333). - SMB3: Clean up query symlink when reparse point (bsc#1144333). - SMB3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - SMB3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - SMB3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - SMB3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - SMB3: Fix endian warning (bsc#1144333, bsc#1137884). - SMB3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - SMB3: Fix potential memory leak when processing compound chain (bsc#1144333). - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - SMB3: Log at least once if tree connect fails during reconnect (bsc#1144333). - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - SMB3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - SMB3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - SMB3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - SMB3: handle new statx fields (bsc#1085536, bsc#1144333). - SMB3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - SMB3: query inode number on open via create context (bsc#1144333). - SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - SMB3: update comment to clarify enumerating snapshots (bsc#1144333). - SMB: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - SMB: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - SMB: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333). - USB: CDC: fix sanity checks in CDC union parser (bsc#1142635). - USB: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - USB: core: Fix races in character device registration and deregistraion (bsc#1051510). - USB: serial: option: Add Motorola modem UARTs (bsc#1051510). - USB: serial: option: Add support for ZTE MF871A (bsc#1051510). - USB: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - USB: serial: option: add the BroadMobi BM818 card (bsc#1051510). - USB: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - USB: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - USB: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - Update config files. (bsc#1145687) Add the following kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y CONFIG_HOTPLUG_PCI_ACPI=y - Update config files. - CIFS: SMBD: Introduce kernel config option CONFIG_CIFS_SMB_DIRECT (bsc#1144333). - Update config files. - CIFS: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys (bsc#1144333). - Update config files. - cifs: allow disabling insecure dialects in the config (bsc#1144333). - Update session and share information displayed for debugging SMB2/SMB3 (bsc#1144333). - Update version of cifs module (bsc#1144333). - VMCI: Release resource if the work is already queued (bsc#1051510). - add some missing definitions (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata "Needless activation of MRAF irq" (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm log writes: make sure super sector log updates are written in order (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE") (git fixes). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - eeprom: at24: make spd world-readable again (git-fixes). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/dma: Handle SG length overflow better (bsc#1146084). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn/capi: check message length in capi_write() (bsc#1051510). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kabi/severities: Whitelist a couple of xive functions xive_cleanup_irq_data and xive_native_populate_irq_data are exported by the xive interupt controller driver and used by KVM. I do not expect any out-of-tree driver can sanely use these. - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - lan78xx: Fix memory leaks (bsc#1051510). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - media: Revert "[media] marvell-ccic: reset ccic phy when stop streaming for stability" (bsc#1051510). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: au0828: fix null dereference in error path (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - ppp: Fix memory leak in ppp_write (git-fixes). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: libsas: delete sas port if expander discover failed (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update two source code comments (git-fixes). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "alredy" -> "already" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "initializatin" -> "initialization" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - sctp: fix the transport error_count check (networking-stable-19_08_21). - secure boot lockdown: Fix-up backport of /dev/mem access restriction. The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - set CONFIG_FB_HYPERV=m to avoid conflict with efifb (bsc#1145134) - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter "dev_t line" (bsc#1051510). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: gadget: composite: Clear "suspended" on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-2651=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): kernel-azure-4.12.14-5.41.1 kernel-azure-base-4.12.14-5.41.1 kernel-azure-base-debuginfo-4.12.14-5.41.1 kernel-azure-debuginfo-4.12.14-5.41.1 kernel-azure-devel-4.12.14-5.41.1 kernel-syms-azure-4.12.14-5.41.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): kernel-devel-azure-4.12.14-5.41.1 kernel-source-azure-4.12.14-5.41.1 References: https://www.suse.com/security/cve/CVE-2017-18551.html https://www.suse.com/security/cve/CVE-2017-18595.html https://www.suse.com/security/cve/CVE-2018-20976.html https://www.suse.com/security/cve/CVE-2018-21008.html https://www.suse.com/security/cve/CVE-2019-14814.html https://www.suse.com/security/cve/CVE-2019-14815.html https://www.suse.com/security/cve/CVE-2019-14816.html https://www.suse.com/security/cve/CVE-2019-14821.html https://www.suse.com/security/cve/CVE-2019-14835.html https://www.suse.com/security/cve/CVE-2019-15030.html https://www.suse.com/security/cve/CVE-2019-15031.html https://www.suse.com/security/cve/CVE-2019-15090.html https://www.suse.com/security/cve/CVE-2019-15098.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-15118.html https://www.suse.com/security/cve/CVE-2019-15211.html https://www.suse.com/security/cve/CVE-2019-15212.html https://www.suse.com/security/cve/CVE-2019-15214.html https://www.suse.com/security/cve/CVE-2019-15215.html https://www.suse.com/security/cve/CVE-2019-15216.html https://www.suse.com/security/cve/CVE-2019-15217.html https://www.suse.com/security/cve/CVE-2019-15218.html https://www.suse.com/security/cve/CVE-2019-15219.html https://www.suse.com/security/cve/CVE-2019-15220.html https://www.suse.com/security/cve/CVE-2019-15221.html https://www.suse.com/security/cve/CVE-2019-15222.html https://www.suse.com/security/cve/CVE-2019-15239.html https://www.suse.com/security/cve/CVE-2019-15290.html https://www.suse.com/security/cve/CVE-2019-15291.html https://www.suse.com/security/cve/CVE-2019-15292.html https://www.suse.com/security/cve/CVE-2019-15538.html https://www.suse.com/security/cve/CVE-2019-15666.html https://www.suse.com/security/cve/CVE-2019-15902.html https://www.suse.com/security/cve/CVE-2019-15917.html https://www.suse.com/security/cve/CVE-2019-15919.html https://www.suse.com/security/cve/CVE-2019-15920.html https://www.suse.com/security/cve/CVE-2019-15921.html https://www.suse.com/security/cve/CVE-2019-15924.html https://www.suse.com/security/cve/CVE-2019-15926.html https://www.suse.com/security/cve/CVE-2019-15927.html https://www.suse.com/security/cve/CVE-2019-9456.html https://www.suse.com/security/cve/CVE-2019-9506.html https://bugzilla.suse.com/1047238 https://bugzilla.suse.com/1050911 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1060662 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1061843 https://bugzilla.suse.com/1064597 https://bugzilla.suse.com/1064701 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066369 https://bugzilla.suse.com/1071009 https://bugzilla.suse.com/1071306 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1102097 https://bugzilla.suse.com/1104902 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1118689 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120876 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1120937 https://bugzilla.suse.com/1123034 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1124370 https://bugzilla.suse.com/1127988 https://bugzilla.suse.com/1129424 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131304 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1134291 https://bugzilla.suse.com/1134881 https://bugzilla.suse.com/1134882 https://bugzilla.suse.com/1135219 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1136261 https://bugzilla.suse.com/1137069 https://bugzilla.suse.com/1137865 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137959 https://bugzilla.suse.com/1138539 https://bugzilla.suse.com/1139020 https://bugzilla.suse.com/1139021 https://bugzilla.suse.com/1139101 https://bugzilla.suse.com/1139500 https://bugzilla.suse.com/1140012 https://bugzilla.suse.com/1140155 https://bugzilla.suse.com/1140426 https://bugzilla.suse.com/1140487 https://bugzilla.suse.com/1141013 https://bugzilla.suse.com/1141450 https://bugzilla.suse.com/1141543 https://bugzilla.suse.com/1141554 https://bugzilla.suse.com/1142019 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142109 https://bugzilla.suse.com/1142117 https://bugzilla.suse.com/1142118 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142496 https://bugzilla.suse.com/1142541 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1143300 https://bugzilla.suse.com/1143466 https://bugzilla.suse.com/1143765 https://bugzilla.suse.com/1143841 https://bugzilla.suse.com/1143843 https://bugzilla.suse.com/1144123 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1144474 https://bugzilla.suse.com/1144518 https://bugzilla.suse.com/1144718 https://bugzilla.suse.com/1144813 https://bugzilla.suse.com/1144880 https://bugzilla.suse.com/1144886 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1144920 https://bugzilla.suse.com/1144979 https://bugzilla.suse.com/1145010 https://bugzilla.suse.com/1145051 https://bugzilla.suse.com/1145059 https://bugzilla.suse.com/1145134 https://bugzilla.suse.com/1145189 https://bugzilla.suse.com/1145235 https://bugzilla.suse.com/1145300 https://bugzilla.suse.com/1145302 https://bugzilla.suse.com/1145388 https://bugzilla.suse.com/1145389 https://bugzilla.suse.com/1145390 https://bugzilla.suse.com/1145391 https://bugzilla.suse.com/1145392 https://bugzilla.suse.com/1145393 https://bugzilla.suse.com/1145394 https://bugzilla.suse.com/1145395 https://bugzilla.suse.com/1145396 https://bugzilla.suse.com/1145397 https://bugzilla.suse.com/1145408 https://bugzilla.suse.com/1145409 https://bugzilla.suse.com/1145661 https://bugzilla.suse.com/1145678 https://bugzilla.suse.com/1145687 https://bugzilla.suse.com/1145920 https://bugzilla.suse.com/1145922 https://bugzilla.suse.com/1145934 https://bugzilla.suse.com/1145937 https://bugzilla.suse.com/1145940 https://bugzilla.suse.com/1145941 https://bugzilla.suse.com/1145942 https://bugzilla.suse.com/1146042 https://bugzilla.suse.com/1146074 https://bugzilla.suse.com/1146084 https://bugzilla.suse.com/1146163 https://bugzilla.suse.com/1146285 https://bugzilla.suse.com/1146346 https://bugzilla.suse.com/1146351 https://bugzilla.suse.com/1146352 https://bugzilla.suse.com/1146361 https://bugzilla.suse.com/1146376 https://bugzilla.suse.com/1146378 https://bugzilla.suse.com/1146381 https://bugzilla.suse.com/1146391 https://bugzilla.suse.com/1146399 https://bugzilla.suse.com/1146413 https://bugzilla.suse.com/1146425 https://bugzilla.suse.com/1146512 https://bugzilla.suse.com/1146514 https://bugzilla.suse.com/1146516 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146524 https://bugzilla.suse.com/1146526 https://bugzilla.suse.com/1146529 https://bugzilla.suse.com/1146531 https://bugzilla.suse.com/1146540 https://bugzilla.suse.com/1146543 https://bugzilla.suse.com/1146547 https://bugzilla.suse.com/1146550 https://bugzilla.suse.com/1146575 https://bugzilla.suse.com/1146589 https://bugzilla.suse.com/1146664 https://bugzilla.suse.com/1146678 https://bugzilla.suse.com/1146938 https://bugzilla.suse.com/1148031 https://bugzilla.suse.com/1148032 https://bugzilla.suse.com/1148033 https://bugzilla.suse.com/1148034 https://bugzilla.suse.com/1148035 https://bugzilla.suse.com/1148093 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148192 https://bugzilla.suse.com/1148196 https://bugzilla.suse.com/1148198 https://bugzilla.suse.com/1148202 https://bugzilla.suse.com/1148303 https://bugzilla.suse.com/1148363 https://bugzilla.suse.com/1148379 https://bugzilla.suse.com/1148394 https://bugzilla.suse.com/1148527 https://bugzilla.suse.com/1148574 https://bugzilla.suse.com/1148616 https://bugzilla.suse.com/1148617 https://bugzilla.suse.com/1148619 https://bugzilla.suse.com/1148712 https://bugzilla.suse.com/1148859 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149053 https://bugzilla.suse.com/1149083 https://bugzilla.suse.com/1149104 https://bugzilla.suse.com/1149105 https://bugzilla.suse.com/1149106 https://bugzilla.suse.com/1149197 https://bugzilla.suse.com/1149214 https://bugzilla.suse.com/1149224 https://bugzilla.suse.com/1149313 https://bugzilla.suse.com/1149325 https://bugzilla.suse.com/1149376 https://bugzilla.suse.com/1149413 https://bugzilla.suse.com/1149418 https://bugzilla.suse.com/1149424 https://bugzilla.suse.com/1149446 https://bugzilla.suse.com/1149522 https://bugzilla.suse.com/1149527 https://bugzilla.suse.com/1149539 https://bugzilla.suse.com/1149552 https://bugzilla.suse.com/1149555 https://bugzilla.suse.com/1149591 https://bugzilla.suse.com/1149602 https://bugzilla.suse.com/1149612 https://bugzilla.suse.com/1149626 https://bugzilla.suse.com/1149651 https://bugzilla.suse.com/1149652 https://bugzilla.suse.com/1149713 https://bugzilla.suse.com/1149940 https://bugzilla.suse.com/1149976 https://bugzilla.suse.com/1150025 https://bugzilla.suse.com/1150033 https://bugzilla.suse.com/1150112 https://bugzilla.suse.com/1150381 https://bugzilla.suse.com/1150423 https://bugzilla.suse.com/1150562 https://bugzilla.suse.com/1150727 https://bugzilla.suse.com/1150860 https://bugzilla.suse.com/1150861 https://bugzilla.suse.com/1150933 https://bugzilla.suse.com/1151350 https://bugzilla.suse.com/1151610 https://bugzilla.suse.com/1151667 https://bugzilla.suse.com/1151680 https://bugzilla.suse.com/1151891 https://bugzilla.suse.com/1151955 https://bugzilla.suse.com/1152024 https://bugzilla.suse.com/1152025 https://bugzilla.suse.com/1152026 https://bugzilla.suse.com/1152161 https://bugzilla.suse.com/1152325 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152460 https://bugzilla.suse.com/1152466 https://bugzilla.suse.com/1152972 https://bugzilla.suse.com/1152974 https://bugzilla.suse.com/1152975 From sle-security-updates at lists.suse.com Mon Oct 14 13:10:54 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 14 Oct 2019 21:10:54 +0200 (CEST) Subject: SUSE-SU-2019:1299-2: Security update for ffmpeg Message-ID: <20191014191054.784ECF796@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1299-2 Rating: low References: #1101888 #1101889 Cross-References: CVE-2018-14394 CVE-2018-14395 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ffmpeg fixes the following issues: Security issue fixed: - CVE-2018-14395: Fixed a divide-by-zero error in libavformat/movenc.c that allowed attackers to cause a DoS (bsc#1101889) - CVE-2018-14394: Fixed a divide-by-zero error in libavformat/movenc.c that allowed attackers to cause a DoS (bsc#1101888). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1299=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1299=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1299=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): ffmpeg-debuginfo-3.4.2-4.17.26 ffmpeg-debugsource-3.4.2-4.17.26 libavcodec-devel-3.4.2-4.17.26 libavformat-devel-3.4.2-4.17.26 libavformat57-3.4.2-4.17.26 libavformat57-debuginfo-3.4.2-4.17.26 libavresample-devel-3.4.2-4.17.26 libavresample3-3.4.2-4.17.26 libavresample3-debuginfo-3.4.2-4.17.26 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-4.17.26 ffmpeg-debuginfo-3.4.2-4.17.26 ffmpeg-debugsource-3.4.2-4.17.26 ffmpeg-private-devel-3.4.2-4.17.26 libavdevice-devel-3.4.2-4.17.26 libavdevice57-3.4.2-4.17.26 libavdevice57-debuginfo-3.4.2-4.17.26 libavfilter-devel-3.4.2-4.17.26 libavfilter6-3.4.2-4.17.26 libavfilter6-debuginfo-3.4.2-4.17.26 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libavcodec57-32bit-3.4.2-4.17.26 libavcodec57-32bit-debuginfo-3.4.2-4.17.26 libavdevice57-32bit-3.4.2-4.17.26 libavdevice57-32bit-debuginfo-3.4.2-4.17.26 libavfilter6-32bit-3.4.2-4.17.26 libavfilter6-32bit-debuginfo-3.4.2-4.17.26 libavformat57-32bit-3.4.2-4.17.26 libavformat57-32bit-debuginfo-3.4.2-4.17.26 libavresample3-32bit-3.4.2-4.17.26 libavresample3-32bit-debuginfo-3.4.2-4.17.26 libavutil55-32bit-3.4.2-4.17.26 libavutil55-32bit-debuginfo-3.4.2-4.17.26 libpostproc54-32bit-3.4.2-4.17.26 libpostproc54-32bit-debuginfo-3.4.2-4.17.26 libswresample2-32bit-3.4.2-4.17.26 libswresample2-32bit-debuginfo-3.4.2-4.17.26 libswscale4-32bit-3.4.2-4.17.26 libswscale4-32bit-debuginfo-3.4.2-4.17.26 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): ffmpeg-debuginfo-3.4.2-4.17.26 ffmpeg-debugsource-3.4.2-4.17.26 libavcodec57-3.4.2-4.17.26 libavcodec57-debuginfo-3.4.2-4.17.26 libavutil-devel-3.4.2-4.17.26 libavutil55-3.4.2-4.17.26 libavutil55-debuginfo-3.4.2-4.17.26 libpostproc-devel-3.4.2-4.17.26 libpostproc54-3.4.2-4.17.26 libpostproc54-debuginfo-3.4.2-4.17.26 libswresample-devel-3.4.2-4.17.26 libswresample2-3.4.2-4.17.26 libswresample2-debuginfo-3.4.2-4.17.26 libswscale-devel-3.4.2-4.17.26 libswscale4-3.4.2-4.17.26 libswscale4-debuginfo-3.4.2-4.17.26 References: https://www.suse.com/security/cve/CVE-2018-14394.html https://www.suse.com/security/cve/CVE-2018-14395.html https://bugzilla.suse.com/1101888 https://bugzilla.suse.com/1101889 From sle-security-updates at lists.suse.com Mon Oct 14 13:11:56 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 14 Oct 2019 21:11:56 +0200 (CEST) Subject: SUSE-SU-2019:2658-1: important: Security update for the Linux Kernel Message-ID: <20191014191156.9E218F796@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2658-1 Rating: important References: #1047238 #1050911 #1051510 #1054914 #1055117 #1056686 #1060662 #1061840 #1061843 #1064597 #1064701 #1065600 #1065729 #1066369 #1071009 #1071306 #1071995 #1078248 #1082555 #1082635 #1085030 #1085536 #1085539 #1086103 #1087092 #1090734 #1091171 #1093205 #1102097 #1103990 #1104353 #1104427 #1104745 #1104902 #1104967 #1106061 #1106284 #1106434 #1108382 #1109158 #1109837 #1111666 #1112178 #1112374 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113722 #1113994 #1114279 #1114542 #1118689 #1119086 #1119113 #1120046 #1120876 #1120902 #1123034 #1123105 #1123959 #1124370 #1127988 #1129424 #1129519 #1129664 #1131107 #1131281 #1131304 #1131489 #1131565 #1132686 #1133021 #1134291 #1134476 #1134881 #1134882 #1135219 #1135642 #1135897 #1135990 #1136039 #1136261 #1136346 #1136349 #1136352 #1136496 #1136498 #1136502 #1136682 #1137069 #1137322 #1137323 #1137586 #1137865 #1137884 #1137959 #1137982 #1138099 #1138100 #1138539 #1139020 #1139021 #1139101 #1139500 #1140012 #1140155 #1140426 #1140487 #1141013 #1141340 #1141450 #1141543 #1141554 #1142019 #1142076 #1142109 #1142117 #1142118 #1142119 #1142496 #1142541 #1142635 #1142685 #1142701 #1142857 #1143300 #1143331 #1143466 #1143706 #1143738 #1143765 #1143841 #1143843 #1143962 #1144123 #1144333 #1144375 #1144474 #1144518 #1144582 #1144718 #1144813 #1144880 #1144886 #1144912 #1144920 #1144979 #1145010 #1145018 #1145051 #1145059 #1145134 #1145189 #1145235 #1145256 #1145300 #1145302 #1145357 #1145388 #1145389 #1145390 #1145391 #1145392 #1145393 #1145394 #1145395 #1145396 #1145397 #1145408 #1145409 #1145446 #1145661 #1145678 #1145687 #1145920 #1145922 #1145934 #1145937 #1145940 #1145941 #1145942 #1145946 #1146042 #1146074 #1146084 #1146141 #1146163 #1146215 #1146285 #1146346 #1146351 #1146352 #1146361 #1146368 #1146376 #1146378 #1146381 #1146391 #1146399 #1146413 #1146425 #1146512 #1146514 #1146516 #1146519 #1146524 #1146526 #1146529 #1146531 #1146540 #1146543 #1146547 #1146550 #1146575 #1146589 #1146664 #1146678 #1146938 #1148031 #1148032 #1148033 #1148034 #1148035 #1148093 #1148133 #1148192 #1148196 #1148198 #1148202 #1148219 #1148297 #1148303 #1148308 #1148363 #1148379 #1148394 #1148527 #1148570 #1148574 #1148616 #1148617 #1148619 #1148698 #1148712 #1148859 #1148868 #1149053 #1149083 #1149104 #1149105 #1149106 #1149197 #1149214 #1149224 #1149313 #1149325 #1149376 #1149413 #1149418 #1149424 #1149446 #1149522 #1149527 #1149539 #1149552 #1149555 #1149591 #1149602 #1149612 #1149626 #1149651 #1149652 #1149713 #1149940 #1149976 #1150025 #1150033 #1150112 #1150305 #1150381 #1150423 #1150562 #1150727 #1150846 #1150860 #1150861 #1150933 #1151067 #1151192 #1151350 #1151610 #1151661 #1151662 #1151667 #1151680 #1151891 #1151955 #1152024 #1152025 #1152026 #1152161 #1152187 #1152243 #1152325 #1152457 #1152460 #1152466 #1152525 #1152972 #1152974 #1152975 Cross-References: CVE-2017-18551 CVE-2017-18595 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-11477 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15099 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15291 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 CVE-2019-9506 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that solves 45 vulnerabilities and has 270 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c. There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free could have been caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-10207: A local denial of service using HCIUARTSETPROTO/HCI_UART_MRVL was fixed (bnc#1123959 bnc#1142857). - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bnc#1132686 bnc#1137586). - CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14816: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via an interrupt. To exploit the vulnerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE was misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15090: An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the qedi_dbg_* family of functions, there is an out-of-bounds read (bnc#1146399). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378). - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146368). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion (bnc#1145922). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550). - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425). - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524). - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526). - CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529). - CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678). - CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093). - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394). - CVE-2019-15902: Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552). - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bnc#1149626). - CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602). - CVE-2019-15924: fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure (bnc#1149612). - CVE-2019-15926: An out-of-bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527). - CVE-2019-15927: An issue was discovered in the Linux kernel An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522). - CVE-2019-9456: In the Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have led to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka "KNOB") that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). The following non-security bugs were fixed: - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI: fix false-positive -Wuninitialized warning (bsc#1051510). - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - Add missing structs and defines from recent SMB3.1.1 documentation (bsc#1144333). - Add new flag on SMB3.1.1 read (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - Add some missing debug fields in server and tcon structs (bsc#1144333). - add some missing definitions (bsc#1144333). - Add some qedf commits to blacklist file (bsc#1149976) - Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire: fix a memory leak bug (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add a generic reboot_notify (bsc#1051510). - ALSA: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - ALSA: hda/ca0132 - Add new SBZ quirk (bsc#1051510). - ALSA: hda - Do not override global PCM hw info flag (bsc#1051510). - ALSA: hda: Fix 1-minute detection delay when i915 module is not available (bsc#1111666). - ALSA: hda - Fix a memory leak bug (bsc#1051510). - ALSA: hda - Fixes inverted Conexant GPIO mic mute led (bsc#1051510). - ALSA: hda - Fix potential endless loop at applying quirks (bsc#1051510). - ALSA: hda: kabi workaround for generic parser flag (bsc#1051510). - ALSA: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - ALSA: hda/realtek - Add quirk for HP Envy x360 (bsc#1051510). - ALSA: hda/realtek - Add quirk for HP Pavilion 15 (bsc#1051510). - ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL (bsc#1051510). - ALSA: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - ALSA: hiface: fix multiple memory leak bugs (bsc#1051510). - ALSA: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - ALSA: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - ALSA: usb-audio: Add implicit fb quirk for Behringer UFX1604 (bsc#1051510). - ALSA: usb-audio: Check mixer unit bitmap yet more strictly (bsc#1051510). - ALSA: usb-audio: fix a memory leak bug (bsc#1111666). - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate() (bsc#1051510). - arm64: fix undefined reference to 'printk' (bsc#1148219). - arm64/kernel: enable A53 erratum #8434319 handling at runtime (bsc#1148219). - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1148219). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1148219). - arm64: PCI: Preserve firmware configuration when desired (SLE-9332). - ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Fail card instantiation if DAI format setup fails (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet (bsc#1111666). - ath10k: Change the warning message string (bsc#1051510). - ath10k: Drop WARN_ON()s that always trigger during system resume (bsc#1111666). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bcache: Revert "bcache: use sysfs_match_string() instead of __sysfs_match_string()" (git fixes). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_request_completed() (bsc#1149446). - blk-mq: introduce blk_mq_tagset_wait_completed_request() (bsc#1149446). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - Bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - Bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - Bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - Bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2fc_fcoe: Use skb_queue_walk_safe() (bsc#1136502 jsc#SLE-4703). - bnx2x: Disable multi-cos feature (bsc#1136498 jsc#SLE-4699). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bnxt_en: Fix to include flow direction in L2 key (bsc#1104745 ). - bnxt_en: Fix VNIC clearing logic for 57500 chips (bsc#1104745 ). - bnxt_en: Improve RX doorbell sequence (bsc#1104745). - bnxt_en: Use correct src_fid to determine direction of the flow (bsc#1104745). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - bpf: sockmap, only create entry if ulp is not already enabled (bsc#1109837). - bpf: sockmap, sock_map_delete needs to use xchg (bsc#1109837). - bpf: sockmap, synchronize_rcu before free'ing map (bsc#1109837). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata "Needless activation of MRAF irq" (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: add btime field to ceph_inode_info (bsc#1148133 bsc#1136682). - ceph: add ceph.snap.btime vxattr (bsc#1148133 bsc#1148570). - ceph: add change_attr field to ceph_inode_info (bsc#1148133 bsc#1136682). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: carry snapshot creation time with inodes (bsc#1148133 bsc#1148570). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: clear page dirty before invalidate page (bsc#1148133). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix decode_locker to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix infinite loop in get_quota_realm() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: fix listxattr vxattr buffer length calculation (bsc#1148133 bsc#1148570). - ceph: handle btime in cap messages (bsc#1148133 bsc#1136682). - ceph: handle change_attr in cap messages (bsc#1148133 bsc#1136682). - ceph: have MDS map decoding use entity_addr_t decoder (bsc#1148133 bsc#1136682). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: increment change_attribute on local changes (bsc#1148133 bsc#1136682). - ceph: initialize superblock s_time_gran to 1 (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: remove unused vxattr length helpers (bsc#1148133 bsc#1148570). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling insecure dialects in the config (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: smbd: Add rdma mount option (bsc#1144333). - cifs: smbd: Add SMB Direct debug counters (bsc#1144333). - cifs: smbd: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: Disable signing on SMB direct transport (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Establish SMB Direct connection (bsc#1144333). - cifs: smbd: export protocol initial values (bsc#1144333). - cifs: smbd: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: smbd: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: smbd: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: smbd: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: smbd: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: smbd: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: smbd: Implement function to send data via RDMA send (bsc#1144333). - cifs: smbd: Implement RDMA memory registration (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Introduce kernel config option CONFIG_CIFS_SMB_DIRECT (bsc#1144333). - cifs: smbd: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: smbd: _smbd_get_connection() can be static (bsc#1144333). - cifs: smbd: Support page offset in memory registration (bsc#1144333). - cifs: smbd: Support page offset in RDMA recv (bsc#1144333). - cifs: smbd: Support page offset in RDMA send (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: smbd: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: smbd: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: smbd: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: smbd: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: smbd: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: smbd: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: smbd: Upper layer sends data via RDMA send (bsc#1144333). - cifs: smbd: Use the correct DMA direction when sending data (bsc#1144333). - cifs: smbd: When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs: smbd: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: Cleanup some minor endian issues in smb3 rdma (bsc#1144333). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: qoriq: add support for lx2160a (). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - Compile nvme.ko as module (bsc#1150846) - config: arm64: Remove CONFIG_ARM64_MODULE_CMODEL_LARGE Option removed by patches in bsc#1148219 - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: caam/qi - fix error handling in ERN handler (bsc#1111666). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - crypto: virtio - Read crypto services and algorithm masks (jsc#SLE-5844 jsc#SLE-6331 bsc#1145446 LTC#175307). - crypto: virtio - Register an algo only if it's supported (jsc#SLE-5844 jsc#SLE-6331 bsc#1145446 LTC#175307). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dma-buf: balance refcount inbalance (bsc#1051510). - dma-buf/sw_sync: Synchronize signal vs syncpt free (bsc#1111666). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: correctly calculate the size of metadata area (git fixes). - dm integrity: fix a crash due to BUG_ON in __journal_read_write() (git fixes). - dm integrity: fix deadlock with overlapping I/O (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm log writes: make sure super sector log updates are written in order (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE") (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm zoned: Silence a static checker warning (git fixes). - Documentation: Add nospectre_v1 parameter (bsc#1051510). - Documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - Documentation: Update Documentation for iommu.passthrough (bsc#1136039). - Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333). - Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amd/display: Always allocate initial connector state state (bsc#1111666). - drm/amd/display: Disable ABM before destroy ABM struct (bsc#1111666). - drm/amd/display: Fill prescale_params->scale for RGB565 (bsc#1111666). - drm/amd/display: fix compilation error (bsc#1111666). - drm/amd/display: Fix dc_create failure handling and 666 color depths (bsc#1111666). - drm/amd/display: Increase size of audios array (bsc#1111666). - drm/amd/display: num of sw i2c/aux engines less than num of connectors (bsc#1145946). - drm/amd/display: Only enable audio if speaker allocation exists (bsc#1111666). - drm/amd/display: Remove redundant non-zero and overflow check (bsc#1145946). - drm/amd/display: use encoder's engine id to find matched free audio device (bsc#1111666). - drm/amd/display: Wait for backlight programming completion in set backlight level (bsc#1111666). - drm/amdgpu: Add APTX quirk for Dell Latitude 5495 (bsc#1142635) - drm/amdgpu: added support 2nd UVD instance (bsc#1143331). - drm/amdgpu:change VEGA booting with firmware loaded by PSP (bsc#1143331). - drm/amdgpu: fix a potential information leaking bug (bsc#1111666). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE (bsc#1111666). - drm/amdkfd: Fix a potential memory leak (bsc#1111666). - drm/amdkfd: Fix sdma queue map issue (bsc#1111666). - drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m (bsc#1111666). - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: Also sprinkle irqrestore over early exits (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/edid: parse CEA blocks embedded in DisplayID (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/exynos: fix missing decrement of retry counter (bsc#1111666). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix GEN8_MCR_SELECTOR programming (bsc#1111666). - drm/i915: Fix HW readout for crtc_clock in HDMI mode (bsc#1111666). - drm/i915: Fix the TBT AUX power well enabling (bsc#1111666). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1051510). - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915/gvt: fix incorrect cache entry for guest page mapping (bsc#1111666). - drm/i915/perf: ensure we keep a reference on the driver (bsc#1051510). - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/perf: fix ICL perf register offsets (bsc#1111666). - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1111666). - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1111666). - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm: silence variable 'conn' set but not used (bsc#1051510). - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - Drop an ASoC fix that was reverted in 4.14.y stable - eCryptfs: fix a couple type promotion bugs (bsc#1051510). - EDAC/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - EDAC, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - EDAC/amd64: Adjust printed chip select sizes when interleaved (bsc#1131489). - EDAC/amd64: Cache secondary Chip Select registers (bsc#1131489). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - EDAC/amd64: Decode syndrome before translating address (bsc#1131489). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1131489). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1131489). - EDAC/amd64: Recognize DRAM device type ECC capability (bsc#1131489). - EDAC/amd64: Recognize x16 symbol size (bsc#1131489). - EDAC/amd64: Set maximum channel layer size depending on family (bsc#1131489). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1131489). - EDAC/amd64: Support more than two controllers for chip selects handling (bsc#1131489). - EDAC/amd64: Support more than two Unified Memory Controllers (bsc#1131489). - EDAC/amd64: Use a macro for iterating over Unified Memory Controllers (bsc#1131489). - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix match_server check to allow for auto dialect negotiate (bsc#1144333). - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - Fix warning messages when mounting to older servers (bsc#1144333). - floppy: fix invalid pointer dereference in drive_name (bsc#1111666). - floppy: fix out-of-bounds read in next_valid_format (bsc#1111666). - floppy: fix usercopy direction (bsc#1111666). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: Kconfig: pedantic formatting (bsc#1144333). - fs/cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs/xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - HID: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - HID: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - HID: hiddev: avoid opening a disconnected device (bsc#1051510). - HID: hiddev: do cleanup in failure of opening a device (bsc#1051510). - HID: holtek: test for sanity of intfdata (bsc#1051510). - HID: sony: Fix race condition between rumble and device remove (bsc#1051510). - HID: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - HID: wacom: correct misreported EKR ring values (bsc#1142635). - HID: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - i2c: designware: Synchronize IRQs when unregistering slave client (bsc#1111666). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - i40e: Add support for X710 device (bsc#1151067). - ia64: Get rid of iommu_pass_through (bsc#1136039). - IB/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - Input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - Input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - Input: iforce - add sanity checks (bsc#1051510). - Input: kbtab - sanity check for endpoint type (bsc#1051510). - Input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - Input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - Input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - iommu: Add helpers to set/get default domain type (bsc#1136039). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/amd: Request passthrough mode from IOMMU core (bsc#1136039). - iommu: Disable passthrough mode when SME is active (bsc#1136039). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu: Do not use sme_active() in generic code (bsc#1151661). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151662). - iommu/iova: Remove stale cached32_node (bsc#1145018). - iommu: Print default domain type on boot (bsc#1136039). - iommu: Remember when default domain type was set on kernel command line (bsc#1136039). - iommu: Set default domain type at runtime (bsc#1136039). - iommu: Use Functions to set default domain type in iommu_set_def_domain_type() (bsc#1136039). - iommu/vt-d: Request passthrough mode from IOMMU core (bsc#1136039). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - irqchip/gic-v2m: Add support for Amazon Graviton variant of GICv3+GICv2m (SLE-9332). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn/capi: check message length in capi_write() (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iversion: add a routine to update a raw value with a larger one (bsc#1148133). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - ixgbe: fix possible deadlock in ixgbe_service_task() (bsc#1113994). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kABI: Fix kABI for x86 pci-dma code (bsc#1136039). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - KABI protect struct vmem_altmap (bsc#1150305). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - kvm: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - kvm: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - kvm: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - kvm: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - kvm: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: s390: add debug logging for cpu model subfunctions (jsc#SLE-6240). - kvm: s390: add deflate conversion facilty to cpu model (jsc#SLE-6240). - kvm: s390: add enhanced sort facilty to cpu model (jsc#SLE-6240 ). - kvm: s390: add MSA9 to cpumodel (jsc#SLE-6240). - kvm: s390: add vector BCD enhancements facility to cpumodel (jsc#SLE-6240). - kvm: s390: add vector enhancements facility 2 to cpumodel (jsc#SLE-6240). - kvm: s390: enable MSA9 keywrapping functions depending on cpu model (jsc#SLE-6240). - kvm: s390: implement subfunction processor calls (jsc#SLE-6240 ). - kvm: s390: provide query function for instructions returning 32 byte (jsc#SLE-6240). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - lan78xx: Fix memory leaks (bsc#1051510). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph: add ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: ADDR2 support for monmap (bsc#1148133 bsc#1136682). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: correctly decode ADDR2 addresses in incremental OSD maps (bsc#1148133 bsc#1136682). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: fix sa_family just after reading address (bsc#1148133 bsc#1136682). - libceph: fix unaligned accesses in ceph_entity_addr handling (bsc#1136682). - libceph: fix watch_item_t decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: make ceph_pr_addr take an struct ceph_entity_addr pointer (bsc#1136682). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: rename ceph_encode_addr to ceph_encode_banner_addr (bsc#1148133 bsc#1136682). - libceph: switch osdmap decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: turn on CEPH_FEATURE_MSG_ADDR2 (bsc#1148133 bsc#1136682). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libceph: use TYPE_LEGACY for entity addrs instead of TYPE_NONE (bsc#1148133 bsc#1136682). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - libnvdimm/altmap: Track namespace boundaries in altmap (bsc#1150305). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - libnvdimm: prevent nvdimm from requesting key when security is disabled (bsc#1137982). - lightnvm: remove dependencies on BLK_DEV_NVME and PCI (bsc#1150846). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - lpfc: fix 12.4.0.0 GPF at boot (bsc#1148308). - mac80211: Correctly set noencrypt for PAE frames (bsc#1111666). - mac80211: Do not memset RXCB prior to PAE intercept (bsc#1111666). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - mac80211_hwsim: Fix possible null-pointer dereferences in hwsim_dump_radio_nl() (bsc#1111666). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert "[media] marvell-ccic: reset ccic phy when stop streaming for stability" (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mlxsw: spectrum: Fix error path in mlxsw_sp_module_init() (bsc#1112374). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - mmc: sdhci-pci: Fix BYT OCP setting (bsc#1051510). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm: move MAP_SYNC to asm-generic/mman-common.h (bsc#1148297). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm, vmscan: do not special-case slab reclaim when watermarks are boosted (git fixes (mm/vmscan)). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move core networking kabi patches to the end of the section - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - Negotiate and save preferred compression algorithms (bsc#1144333). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: fix bpf_xdp_adjust_head regression for generic-XDP (bsc#1109837). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: hns3: add a check to pointer in error_detected and slot_reset (bsc#1104353). - net: hns3: add all IMP return code (bsc#1104353). - net: hns3: add aRFS support for PF (bsc#1104353). - net: hns3: add Asym Pause support to fix autoneg problem (bsc#1104353). - net: hns3: add check to number of buffer descriptors (bsc#1104353). - net: hns3: add default value for tc_size and tc_offset (bsc#1104353). - net: hns3: add exception handling when enable NIC HW error interrupts (bsc#1104353). - net: hns3: add handling of two bits in MAC tunnel interrupts (bsc#1104353). - net: hns3: add handshake with hardware while doing reset (bsc#1104353). - net: hns3: Add missing newline at end of file (bsc#1104353 ). - net: hns3: add opcode about query and clear RAS & MSI-X to special opcode (bsc#1104353). - net: hns3: add recovery for the H/W errors occurred before the HNS dev initialization (bsc#1104353). - net: hns3: add some error checking in hclge_tm module (bsc#1104353). - net: hns3: add support for dump firmware statistics by debugfs (bsc#1104353). - net: hns3: adjust hns3_uninit_phy()'s location in the hns3_client_uninit() (bsc#1104353). - net: hns3: bitwise operator should use unsigned type (bsc#1104353). - net: hns3: change SSU's buffer allocation according to UM (bsc#1104353). - net: hns3: check msg_data before memcpy in hclgevf_send_mbx_msg (bsc#1104353). - net: hns3: clear restting state when initializing HW device (bsc#1104353). - net: hns3: code optimizaition of hclge_handle_hw_ras_error() (bsc#1104353). - net: hns3: delay and separate enabling of NIC and ROCE HW errors (bsc#1104353). - net: hns3: delay ring buffer clearing during reset (bsc#1104353 ). - net: hns3: delay setting of reset level for hw errors until slot_reset is called (bsc#1104353). - net: hns3: delete the redundant user NIC codes (bsc#1104353 ). - net: hns3: do not configure new VLAN ID into VF VLAN table when it's full (bsc#1104353). - net: hns3: enable broadcast promisc mode when initializing VF (bsc#1104353). - net: hns3: enable DCB when TC num is one and pfc_en is non-zero (bsc#1104353). - net: hns3: extract handling of mpf/pf msi-x errors into functions (bsc#1104353). - net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector (bsc#1104353). - net: hns3: fix a statistics issue about l3l4 checksum error (bsc#1104353). - net: hns3: fix avoid unnecessary resetting for the H/W errors which do not require reset (bsc#1104353). - net: hns3: fix a -Wformat-nonliteral compile warning (bsc#1104353). - net: hns3: fix compile warning without CONFIG_RFS_ACCEL (bsc#1104353). - net: hns3: fix dereference of ae_dev before it is null checked (bsc#1104353). - net: hns3: fixes wrong place enabling ROCE HW error when loading (bsc#1104353). - net: hns3: fix flow control configure issue for fibre port (bsc#1104353). - net: hns3: fix for dereferencing before null checking (bsc#1104353). - net: hns3: fix for skb leak when doing selftest (bsc#1104353 ). - net: hns3: fix __QUEUE_STATE_STACK_XOFF not cleared issue (bsc#1104353). - net: hns3: fix race conditions between reset and module loading & unloading (bsc#1104353). - net: hns3: fix some coding style issues (bsc#1104353 ). - net: hns3: fix VLAN filter restore issue after reset (bsc#1104353). - net: hns3: fix wrong size of mailbox responding data (bsc#1104353). - net: hns3: free irq when exit from abnormal branch (bsc#1104353 ). - net: hns3: handle empty unknown interrupt (bsc#1104353 ). - net: hns3: initialize CPU reverse mapping (bsc#1104353 ). - net: hns3: log detail error info of ROCEE ECC and AXI errors (bsc#1104353). - net: hns3: make HW GRO handling compliant with SW GRO (bsc#1104353). - net: hns3: modify handling of out of memory in hclge_err.c (bsc#1104353). - net: hns3: modify hclge_init_client_instance() (bsc#1104353 ). - net: hns3: modify hclgevf_init_client_instance() (bsc#1104353 ). - net: hns3: optimize the CSQ cmd error handling (bsc#1104353 ). - net: hns3: process H/W errors occurred before HNS dev initialization (bsc#1104353). - net: hns3: refactor hns3_get_new_int_gl function (bsc#1104353 ). - net: hns3: refactor PF/VF RSS hash key configuration (bsc#1104353). - net: hns3: refine the flow director handle (bsc#1104353 ). - net: hns3: remove override_pci_need_reset (bsc#1104353 ). - net: hns3: remove redundant core reset (bsc#1104353 ). - net: hns3: remove RXD_VLD check in hns3_handle_bdinfo (bsc#1104353). - net: hns3: remove setting bit of reset_requests when handling mac tunnel interrupts (bsc#1104353). - net: hns3: remove unused linkmode definition (bsc#1104353 ). - net: hns3: remove VF VLAN filter entry inexistent warning print (bsc#1104353). - net: hns3: replace numa_node_id with numa_mem_id for buffer reusing (bsc#1104353). - net: hns3: re-schedule reset task while VF reset fail (bsc#1104353). - net: hns3: set default value for param "type" in hclgevf_bind_ring_to_vector (bsc#1104353). - net: hns3: set maximum length to resp_data_len for exceptional case (bsc#1104353). - net: hns3: set ops to null when unregister ad_dev (bsc#1104353 ). - net: hns3: set the port shaper according to MAC speed (bsc#1104353). - net: hns3: small changes for magic numbers (bsc#1104353 ). - net: hns3: some changes of MSI-X bits in PPU(RCB) (bsc#1104353 ). - net: hns3: some modifications to simplify and optimize code (bsc#1104353). - net: hns3: some variable modification (bsc#1104353). - net: hns3: stop schedule reset service while unloading driver (bsc#1104353). - net: hns3: sync VLAN filter entries when kill VLAN ID failed (bsc#1104353). - net: hns3: trigger VF reset if a VF had an over_8bd_nfe_err (bsc#1104353). - net: hns3: typo in the name of a constant (bsc#1104353 ). - net: hns3: use HCLGE_STATE_NIC_REGISTERED to indicate PF NIC client has registered (bsc#1104353). - net: hns3: use HCLGE_STATE_ROCE_REGISTERED to indicate PF ROCE client has registered (bsc#1104353). - net: hns3: use HCLGEVF_STATE_NIC_REGISTERED to indicate VF NIC client has registered (bsc#1104353). - net: hns3: use macros instead of magic numbers (bsc#1104353 ). - net: hns: add support for vlan TSO (bsc#1104353). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: always initialize frag->last_in_page (bsc#1103990 ). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Fix modify_cq_in alignment (bsc#1103990). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net: mvpp2: Do not check for 3 consecutive Idle frames for 10G links (bsc#1119113). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: phylink: Fix flow control for fixed-link (bsc#1119113 ). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - nfc: fix potential illegal memory access (bsc#1051510). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - NFS: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix a double unlock from nfs_match,get_client (bsc#1134291). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Fix the inode request accounting when pages have subrequests (bsc#1140012). - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (git-fixes). - NFS: make nfs_match_client killable (bsc#1134291). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme: do not abort completed request in nvme_cancel_request (bsc#1149446). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvme: fix possible use-after-free in connect error flow (bsc#1139500) - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: remove redundant reference between ib_device and tagset (bsc#149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme-rdma: use dynamic dma mapping per command (bsc#1149446). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme-tcp: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-tcp: fix timeout handler (bsc#1149446). - nvme: wait until all completed request's complete fn is called (bsc#1149446). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - PCI: Add ACS quirk for Amazon Annapurna Labs root ports (bsc#1152187,bsc#1152525). - PCI: Add Amazon's Annapurna Labs vendor ID (bsc#1152187,bsc#1152525). - PCI: Add quirk to disable MSI-X support for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525). - PCI: al: Add Amazon Annapurna Labs PCIe host controller driver (SLE-9332). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - PCI: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - PCI: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - PCI: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - PCI/VPD: Prevent VPD access for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525). - PCI: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - PM / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - PM / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - PNFS fallback to MDS if no deviceid found (git-fixes). - pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/nvdimm: Add an informative message if we fail to allocate altmap block (bsc#1142685 LTC#179509). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/nvdimm: Add support for multibyte read/write for metadata (bsc#1142685 LTC#179509). - powerpc/nvdimm: Pick nearby online node if the device node is not online (bsc#1142685 ltc#179509). - powerpc/papr_scm: Fix an off-by-one check in papr_scm_meta_{get, set} (bsc#1152243 ltc#181472). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/pseries/scm: Mark the region volatile if cache flush not required (bsc#1142685 LTC#179509). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qla2xxx: kABI fixes for v10.01.00.18-k (bcs#1082635 bcs#1141340 bcs#1143706). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - raid5-cache: Need to do start() part job after adding journal device (git fixes). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - RDMA/hns: Add mtr support for mixed multihop addressing (bsc#1104427). - RDMA/hns: Bugfix for calculating qp buffer size (bsc#1104427 ). - RDMA/hns: Bugfix for filling the sge of srq (bsc#1104427 ). - RDMa/hns: Do not stuck in endless timeout loop (bsc#1104427 ). - RDMA/hns: Fix an error code in hns_roce_set_user_sq_size() (bsc#1104427). - RDMA/hns: fix inverted logic of readl read and shift (bsc#1104427). - RDMA/hns: Fixs hw access invalid dma memory error (bsc#1104427 ). - RDMA/hns: Fixup qp release bug (bsc#1104427). - RDMA/hns: Modify ba page size for cqe (bsc#1104427). - RDMA/hns: Remove set but not used variable 'fclr_write_fail_flag' (bsc#1104427). - RDMA/hns: Remove unnecessary print message in aeq (bsc#1104427 ). - RDMA/hns: Replace magic numbers with #defines (bsc#1104427 ). - RDMA/hns: reset function when removing module (bsc#1104427 ). - RDMA/hns: Set reset flag when hw resetting (bsc#1104427 ). - RDMA/hns: Use %pK format pointer print (bsc#1104427 ). - refresh: soc: fsl: guts: Add definition for LX2160A (). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510, bsc#1144333). - Revert "Bluetooth: validate BLE connection interval updates" (bsc#1051510). - Revert "cfg80211: fix processing world regdomain when non modular" (bsc#1051510). - Revert "dm bufio: fix deadlock with loop device" (git fixes). - Revert i915 userptr page lock patch (bsc#1145051) This patch potentially causes a deadlock between kcompactd, as reported on 5.3-rc3. Revert it until a proper fix is found. - Revert "mwifiex: fix system hang problem after resume" (bsc#1051510). - Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" (bsc#1139020 bsc#1139021). - Revert patches.suse/0001-blk-wbt-Avoid-lock-contention-and-thundering-herd-is.patc h (bsc#1141543) As we see stalls / crashes recently with the relevant code path, revert this patch tentatively. - Revert "scsi: ncr5380: Increase register polling limit" (git-fixes). - Revert "scsi: prefix header search paths with $(srctree)/ (bsc#1136346" This reverts commit 5f679430713da59f5367aa9499e544e6187ac17c. Reverting this commit fixes build for me. - Revert "scsi: ufs: disable vccq if it's not needed by UFS device" (git-fixes). - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rtc: pcf8563: Clear event flags and disable interrupts before requesting irq (bsc#1051510). - rtc: pcf8563: Fix interrupt trigger method (bsc#1051510). - rtlwifi: Fix file release memory leak (bsc#1111666). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: Avoid implicit enum conversion in bfad_im_post_vendor_event (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_fcs_lport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_fcs_rport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_ioc: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: clean up a couple of indentation issues (bsc#1136496 jsc#SLE-4698). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bfa: fix calls to dma_set_mask_and_coherent() (bsc#1136496 jsc#SLE-4698). - scsi: bfa: no need to check return value of debugfs_create functions (bsc#1136496 jsc#SLE-4698). - scsi: bfa: remove ScsiResult macro (bsc#1136496 jsc#SLE-4698). - scsi: bfa: Remove unused functions (bsc#1136496 jsc#SLE-4698). - scsi: bfa: use dma_set_mask_and_coherent (bsc#1136496 jsc#SLE-4698). - scsi: bnx2fc: Do not allow both a cleanup completion and abort completion for the same request (bsc#1144582). - scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_rec (bsc#1144582). - scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_srr (bsc#1144582). - scsi: bnx2fc: Fix error handling in probe() (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: Limit the IO size according to the FW capability (bsc#1144582). - scsi: bnx2fc: Only put reference to io_req in bnx2fc_abts_cleanup if cleanup times out (bsc#1144582). - scsi: bnx2fc: Redo setting source FCoE MAC (bsc#1144582). - scsi: bnx2fc: Remove set but not used variable 'oxid' (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: remove unneeded variable (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Separate out completion flags and variables for abort and cleanup (bsc#1144582). - scsi: bnx2fc: Update the driver version to 2.12.10 (bsc#1144582). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: cxgb4i: fix incorrect spelling "reveive" -> "receive" (bsc#1136346 jsc#SLE-4682). - scsi: cxgb4i: get pf number from lldi->pf (bsc#1136346 jsc#SLE-4682). - scsi: cxgb4i: validate tcp sequence number only if chip version <= T5 (bsc#1136346 jsc#SLE-4682). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: hisi_sas: Add support for DIX feature for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: change queue depth from 512 to 4096 (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Change SERDES_CFG init value to increase reliability of HiLink (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Disable stash for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Fix losing directly attached disk when hot-plug (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Ignore the error code between phy down to phy up (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Issue internal abort on all relevant queues (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: kabi fixes (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: print PHY RX errors count for later revision of v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Reduce HISI_SAS_SGE_PAGE_CNT in size (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Reject setting programmed minimum linkrate > 1.5G (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: send primitive NOTIFY to SSP situation only (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: shutdown axi bus to avoid exception CQ returned (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Use pci_irq_get_affinity() for v3 hw as experimental (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libcxgbi: find cxgbi device by MAC address (bsc#1136352 jsc#SLE-4687). - scsi: libcxgbi: remove uninitialized variable len (bsc#1136352 jsc#SLE-4687). - scsi: libcxgbi: update route finding logic (bsc#1136352 jsc#SLE-4687) - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: delete sas port if expander discover failed (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: libsas: kABI protect struct sas_task_slow (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: libsas: only clear phy->in_shutdown after shutdown event done (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: lpfc: add check for loss of ndlp when sending RRQ (bsc#1148308). - scsi: lpfc: Add first and second level hardware revisions to sysfs (bsc#1146215). - scsi: lpfc: Add MDS driver loopback diagnostics support (bsc#1146215). - scsi: lpfc: Add NVMe sequence level error recovery support (bsc#1146215). - scsi: lpfc: Add simple unlikely optimizations to reduce NVME latency (bsc#1146215). - scsi: lpfc: Avoid unused function warnings (bsc#1148308). - scsi: lpfc: change snprintf to scnprintf for possible overflow (bsc#1146215). - scsi: lpfc: Convert timers to use timer_setup() (bsc#1148308). - scsi: lpfc: correct rcu unlock issue in lpfc_nvme_info_show (bsc#1148308). - scsi: lpfc: Default fdmi_on to on (bsc#1148308). - scsi: lpfc: Fix ADISC reception terminating login state if a NVME (bsc#1146215). - scsi: lpfc: Fix BlockGuard enablement on FCoE adapters (bsc#1146215). - scsi: lpfc: Fix coverity warnings (bsc#1146215). - scsi: lpfc: Fix crash due to port reset racing vs adapter error (bsc#1146215). - scsi: lpfc: Fix crash on driver unload in wq free (bsc#1146215). - scsi: lpfc: Fix crash when cpu count is 1 and null irq affinity mask (bsc#1146215). - scsi: lpfc: Fix deadlock on host_lock during cable pulls (bsc#1146215). - scsi: lpfc: Fix devices that do not return after devloss followed by (bsc#1146215). - scsi: lpfc: Fix discovery when target has no GID_FT information (bsc#1146215). - scsi: lpfc: Fix ELS field alignments (bsc#1146215). - scsi: lpfc: Fix error in remote port address change (bsc#1146215). - scsi: lpfc: Fix failure to clear non-zero eq_delay after io rate (bsc#1146215). - scsi: lpfc: Fix FLOGI handling across multiple link up/down (bsc#1146215). - scsi: lpfc: Fix hang when downloading fw on port enabled for nvme (bsc#1146215). - scsi: lpfc: Fix irq raising in lpfc_sli_hba_down (bsc#1146215). - scsi: lpfc: Fix issuing init_vpi mbox on SLI-3 card (bsc#1146215). - scsi: lpfc: Fix leak of ELS completions on adapter reset (bsc#1146215). - scsi: lpfc: Fix loss of remote port after devloss due to lack of RPIs (bsc#1146215). - scsi: lpfc: Fix Max Frame Size value shown in fdmishow output (bsc#1146215). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs (bsc#1146215). - scsi: lpfc: Fix nvme first burst module parameter description (bsc#1146215). - scsi: lpfc: Fix nvme sg_seg_cnt display if HBA does not support NVME (bsc#1146215). - scsi: lpfc: Fix nvme target mode ABTSing a received ABTS (bsc#1146215). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1146215). - scsi: lpfc: Fix oops when fewer hdwqs than cpus (bsc#1146215). - scsi: lpfc: Fix PLOGI failure with high remoteport count (bsc#1146215). - scsi: lpfc: Fix port relogin failure due to GID_FT interaction (bsc#1146215). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1146215). - scsi: lpfc: Fix reported physical link speed on a disabled trunked (bsc#1146215). - scsi: lpfc: Fix reset recovery paths that are not recovering (bsc#1144375). - scsi: lpfc: Fix sg_seg_cnt for HBAs that do not support NVME (bsc#1146215). - scsi: lpfc: Fix sli4 adapter initialization with MSI (bsc#1146215). - scsi: lpfc: Fix too many sg segments spamming in kernel log (bsc#1146215). - scsi: lpfc: Fix upcall to bsg done in non-success cases (bsc#1146215). - scsi: lpfc: Limit xri count for kdump environment (bsc#1146215). - scsi: lpfc: lpfc_sli: Mark expected switch fall-throughs (bsc#1148308). - scsi: lpfc: Make some symbols static (bsc#1148308). - scsi: lpfc: Merge per-protocol WQ/CQ pairs into single per-cpu pair (bsc#1146215). - scsi: lpfc: Migrate to %px and %pf in kernel print calls (bsc#1146215). - scsi: lpfc: no need to check return value of debugfs_create functions (bsc#1148308). - scsi: lpfc: nvme: avoid hang / use-after-free when destroying localport (bsc#1148308). - scsi: lpfc: nvmet: avoid hang / use-after-free when destroying targetport (bsc#1148308). - scsi: lpfc: remove a bogus pci_dma_sync_single_for_device call (bsc#1148308). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: lpfc: remove NULL check before some freeing functions (bsc#1146215). - scsi: lpfc: remove null check on nvmebuf (bsc#1148308). - scsi: lpfc: remove ScsiResult macro (bsc#1148308). - scsi: lpfc: Remove set but not used variable 'psli' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'fc_hdr' and 'hw_page_size' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'qp' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'tgtp' (bsc#1148308). - scsi: lpfc: Resolve checker warning for lpfc_new_io_buf() (bsc#1144375). - scsi: lpfc: resolve lockdep warnings (bsc#1148308). - scsi: lpfc: Support dynamic unbounded SGL lists on G7 hardware (bsc#1146215). - scsi: lpfc: Update lpfc version to 12.4.0.0 (bsc#1146215). - scsi: lpfc: Use dma_zalloc_coherent (bsc#1148308). - scsi: lpfc: use sg helper to iterate over scatterlist (bsc#1148308). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: megaraid_sas: IRQ poll to avoid CPU hard lockups (bsc#1143962). - scsi: megaraid_sas: Release Mutex lock before OCR in case of DCMD timeout (bsc#1143962). - scsi: mpt3sas: Determine smp affinity on per HBA basis (bsc#1143738). - scsi: mpt3sas: Fix msix load balance on and off settings (bsc#1143738). - scsi: mpt3sas: make driver options visible in sys (bsc#1143738). - scsi: mpt3sas: Mark expected switch fall-through (bsc#1143738). - scsi: mpt3sas: Remove CPU arch check to determine perf_mode (bsc#1143738). - scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA (bsc#1143738). - scsi: mpt3sas: Use configured PCIe link speed, not max (bsc#1143738). - scsi: mpt3sas: use DEVICE_ATTR_{RO, RW} (bsc#1143738). - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: pmcraid: do not allocate a dma coherent buffer for sense data (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: simplify pmcraid_cancel_all a bit (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: use generic DMA API (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: use sg helper to iterate over scatterlist (bsc#1135990 jsc#SLE-4709). - scsi: prefix header search paths with $(srctree)/ (bsc#1136346 jsc#SLE-4682). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1143706). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change a stack variable into a static const variable (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1143706). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1143706). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1143706). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1143706). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1143706). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1134476). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1143706). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1143706). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1143706). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1143706). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1143706). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1143706). - scsi: qla2xxx: Declare local symbols static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1143706). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1143706). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1143706). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1143706). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a format specifier (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1143706). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1143706). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix device staying in blocked state (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1143706). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1143706). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1143706). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1143706). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1143706). - scsi: qla2xxx: fix spelling mistake "alredy" -> "already" (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: fix spelling mistake "alredy" -> "already" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "initializatin" -> "initialization" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1143706). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1143706). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1143706). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1143706). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1143706). - scsi: qla2xxx: Insert spaces where required (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1143706). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1143706). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1143706). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1143706). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1143706). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1143706). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1143706). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1143706). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1143706). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1143706). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1134476). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1143706). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1143706). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1143706). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1143706). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1143706). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1143706). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1143706). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1143706). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1143706). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1143706). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1143706). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1143706). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1143706). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1143706). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1143706). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1143706). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1143706). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1143706). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1143706). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1143706). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1143706). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister chrdev if module initialization fails (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update two source code comments (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update two source code comments (git-fixes). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t[2] for sending DMA addresses to firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1143706). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1143706). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1143706). - scsi: qla2xxx: Use tabs to indent code (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1143706). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: sas: Convert timers to use timer_setup() (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: target: iscsi: cxgbit: add missing spin_lock_init() (bsc#1136349 jsc#SLE-4685). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - sctp: fix the transport error_count check (networking-stable-19_08_21). - sdhci-fujitsu: add support for setting the CMD_DAT_DELAY attribute (bsc#1145256). - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - set CONFIG_FB_HYPERV=m to avoid conflict with efifb (bsc#1145134) - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter "dev_t line" (bsc#1051510). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - SMB3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - SMB3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - SMB311: Fix reconnect (bsc#1051510, bsc#1144333). - SMB311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - SMB: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - SMB: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - SMB: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1111666). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - staging: fsl-dpaa2/ethsw: fix memory leak of switchdev_work (bsc#1111666). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add vfio_ccw (bsc#1151192 jsc#SLE-6138). - supported.conf: Mark vfio_ccw supported by SUSE, because bugs can be routed to IBM via SUSE support (jsc#SLE-6138, bsc#1151192). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - team: Add vlan tx offload to hw_enc_features (bsc#1051510). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tools: bpftool: close prog FD before exit on showing a single program (bsc#1109837). - tools: bpftool: fix error message (prog -> object) (bsc#1109837). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs (bsc#1111666). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: fix use-after-free when register netdev failed (bsc#1111666). - tun: mark small packets as owned by the tap sock (bsc#1109837). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - Update config files. (bsc#1145687) Add the following kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y CONFIG_HOTPLUG_PCI_ACPI=y - update internal version number for cifs.ko (bsc#1144333). - Update patches.arch/powerpc-pseries-Fix-xive-off-command-line.patch (bsc#1085030, bsc#1144518, LTC#178833). - Update patches.fixes/0001-docs-Fix-conf.py-for-Sphinx-2.0.patch (bsc#1135642). Fix patch header. - Update patches.fixes/MD-fix-invalid-stored-role-for-a-disk-try2.patch (bsc#1143765). - Update patches.fixes/tracing-Fix-bad-use-of-igrab-in-trace_uprobe.c.patch (bsc#1120046, bsc#1146141). - Update patches.suse/ceph-remove-request-from-waiting-list-before-unregister.patch (bsc#1148133 bsc#1138539). - Update patches.suse/ext4-unsupported-features.patch (SLE-8615, bsc#1149651, SLE-9243). - Update patches.suse/powerpc-powernv-Return-for-invalid-IMC-domain.patch (bsc#1054914, git-fixes). - Update s390 config files (bsc#1151192). - VFIO_CCW=m - S390_CCW_IOMMU=y - Update session and share information displayed for debugging SMB2/SMB3 (bsc#1144333). - Update version of cifs module (bsc#1144333). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear "suspended" on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: typec: tcpm: free log buf memory when remove debug file (bsc#1111666). - usb: typec: tcpm: Ignore unsupported/unknown alternate mode requests (bsc#1111666). - usb: typec: tcpm: remove tcpm dir if no children (bsc#1111666). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - vhost/test: fix build for vhost test (bsc#1111666). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - virtio/s390: fix race on airq_areas (bsc#1145357). - VMCI: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wcn36xx: use dynamic allocation for large variables (bsc#1111666). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/asm: Remove dead __GNUC__ conditionals (bsc#1112178). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/dma: Get rid of iommu_pass_through (bsc#1136039). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/resctrl: Prevent NULL pointer dereference when local MBM is disabled (bsc#1112178). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xdp: unpin xdp umem pages in error path (bsc#1109837). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). - xsk: avoid store-tearing when assigning queues (bsc#1111666). - xsk: avoid store-tearing when assigning umem (bsc#1111666). - {nl,mac}80211: fix interface combinations on crypto controlled devices (bsc#1111666). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2658=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): kernel-devel-azure-4.12.14-8.16.1 kernel-source-azure-4.12.14-8.16.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): kernel-azure-4.12.14-8.16.1 kernel-azure-base-4.12.14-8.16.1 kernel-azure-base-debuginfo-4.12.14-8.16.1 kernel-azure-debuginfo-4.12.14-8.16.1 kernel-azure-devel-4.12.14-8.16.1 kernel-syms-azure-4.12.14-8.16.1 References: https://www.suse.com/security/cve/CVE-2017-18551.html https://www.suse.com/security/cve/CVE-2017-18595.html https://www.suse.com/security/cve/CVE-2018-20976.html https://www.suse.com/security/cve/CVE-2018-21008.html https://www.suse.com/security/cve/CVE-2019-10207.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-14814.html https://www.suse.com/security/cve/CVE-2019-14815.html https://www.suse.com/security/cve/CVE-2019-14816.html https://www.suse.com/security/cve/CVE-2019-14821.html https://www.suse.com/security/cve/CVE-2019-14835.html https://www.suse.com/security/cve/CVE-2019-15030.html https://www.suse.com/security/cve/CVE-2019-15031.html https://www.suse.com/security/cve/CVE-2019-15090.html https://www.suse.com/security/cve/CVE-2019-15098.html https://www.suse.com/security/cve/CVE-2019-15099.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-15118.html https://www.suse.com/security/cve/CVE-2019-15211.html https://www.suse.com/security/cve/CVE-2019-15212.html https://www.suse.com/security/cve/CVE-2019-15214.html https://www.suse.com/security/cve/CVE-2019-15215.html https://www.suse.com/security/cve/CVE-2019-15216.html https://www.suse.com/security/cve/CVE-2019-15217.html https://www.suse.com/security/cve/CVE-2019-15218.html https://www.suse.com/security/cve/CVE-2019-15219.html https://www.suse.com/security/cve/CVE-2019-15220.html https://www.suse.com/security/cve/CVE-2019-15221.html https://www.suse.com/security/cve/CVE-2019-15222.html https://www.suse.com/security/cve/CVE-2019-15239.html https://www.suse.com/security/cve/CVE-2019-15290.html https://www.suse.com/security/cve/CVE-2019-15291.html https://www.suse.com/security/cve/CVE-2019-15292.html https://www.suse.com/security/cve/CVE-2019-15538.html https://www.suse.com/security/cve/CVE-2019-15666.html https://www.suse.com/security/cve/CVE-2019-15902.html https://www.suse.com/security/cve/CVE-2019-15917.html https://www.suse.com/security/cve/CVE-2019-15919.html https://www.suse.com/security/cve/CVE-2019-15920.html https://www.suse.com/security/cve/CVE-2019-15921.html https://www.suse.com/security/cve/CVE-2019-15924.html https://www.suse.com/security/cve/CVE-2019-15926.html https://www.suse.com/security/cve/CVE-2019-15927.html https://www.suse.com/security/cve/CVE-2019-9456.html https://www.suse.com/security/cve/CVE-2019-9506.html https://bugzilla.suse.com/1047238 https://bugzilla.suse.com/1050911 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1060662 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1061843 https://bugzilla.suse.com/1064597 https://bugzilla.suse.com/1064701 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066369 https://bugzilla.suse.com/1071009 https://bugzilla.suse.com/1071306 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1082635 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086103 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1102097 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1104902 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113994 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1118689 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120876 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1123034 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1123959 https://bugzilla.suse.com/1124370 https://bugzilla.suse.com/1127988 https://bugzilla.suse.com/1129424 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131281 https://bugzilla.suse.com/1131304 https://bugzilla.suse.com/1131489 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1132686 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134291 https://bugzilla.suse.com/1134476 https://bugzilla.suse.com/1134881 https://bugzilla.suse.com/1134882 https://bugzilla.suse.com/1135219 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1135990 https://bugzilla.suse.com/1136039 https://bugzilla.suse.com/1136261 https://bugzilla.suse.com/1136346 https://bugzilla.suse.com/1136349 https://bugzilla.suse.com/1136352 https://bugzilla.suse.com/1136496 https://bugzilla.suse.com/1136498 https://bugzilla.suse.com/1136502 https://bugzilla.suse.com/1136682 https://bugzilla.suse.com/1137069 https://bugzilla.suse.com/1137322 https://bugzilla.suse.com/1137323 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137865 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137959 https://bugzilla.suse.com/1137982 https://bugzilla.suse.com/1138099 https://bugzilla.suse.com/1138100 https://bugzilla.suse.com/1138539 https://bugzilla.suse.com/1139020 https://bugzilla.suse.com/1139021 https://bugzilla.suse.com/1139101 https://bugzilla.suse.com/1139500 https://bugzilla.suse.com/1140012 https://bugzilla.suse.com/1140155 https://bugzilla.suse.com/1140426 https://bugzilla.suse.com/1140487 https://bugzilla.suse.com/1141013 https://bugzilla.suse.com/1141340 https://bugzilla.suse.com/1141450 https://bugzilla.suse.com/1141543 https://bugzilla.suse.com/1141554 https://bugzilla.suse.com/1142019 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142109 https://bugzilla.suse.com/1142117 https://bugzilla.suse.com/1142118 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142496 https://bugzilla.suse.com/1142541 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142857 https://bugzilla.suse.com/1143300 https://bugzilla.suse.com/1143331 https://bugzilla.suse.com/1143466 https://bugzilla.suse.com/1143706 https://bugzilla.suse.com/1143738 https://bugzilla.suse.com/1143765 https://bugzilla.suse.com/1143841 https://bugzilla.suse.com/1143843 https://bugzilla.suse.com/1143962 https://bugzilla.suse.com/1144123 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1144375 https://bugzilla.suse.com/1144474 https://bugzilla.suse.com/1144518 https://bugzilla.suse.com/1144582 https://bugzilla.suse.com/1144718 https://bugzilla.suse.com/1144813 https://bugzilla.suse.com/1144880 https://bugzilla.suse.com/1144886 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1144920 https://bugzilla.suse.com/1144979 https://bugzilla.suse.com/1145010 https://bugzilla.suse.com/1145018 https://bugzilla.suse.com/1145051 https://bugzilla.suse.com/1145059 https://bugzilla.suse.com/1145134 https://bugzilla.suse.com/1145189 https://bugzilla.suse.com/1145235 https://bugzilla.suse.com/1145256 https://bugzilla.suse.com/1145300 https://bugzilla.suse.com/1145302 https://bugzilla.suse.com/1145357 https://bugzilla.suse.com/1145388 https://bugzilla.suse.com/1145389 https://bugzilla.suse.com/1145390 https://bugzilla.suse.com/1145391 https://bugzilla.suse.com/1145392 https://bugzilla.suse.com/1145393 https://bugzilla.suse.com/1145394 https://bugzilla.suse.com/1145395 https://bugzilla.suse.com/1145396 https://bugzilla.suse.com/1145397 https://bugzilla.suse.com/1145408 https://bugzilla.suse.com/1145409 https://bugzilla.suse.com/1145446 https://bugzilla.suse.com/1145661 https://bugzilla.suse.com/1145678 https://bugzilla.suse.com/1145687 https://bugzilla.suse.com/1145920 https://bugzilla.suse.com/1145922 https://bugzilla.suse.com/1145934 https://bugzilla.suse.com/1145937 https://bugzilla.suse.com/1145940 https://bugzilla.suse.com/1145941 https://bugzilla.suse.com/1145942 https://bugzilla.suse.com/1145946 https://bugzilla.suse.com/1146042 https://bugzilla.suse.com/1146074 https://bugzilla.suse.com/1146084 https://bugzilla.suse.com/1146141 https://bugzilla.suse.com/1146163 https://bugzilla.suse.com/1146215 https://bugzilla.suse.com/1146285 https://bugzilla.suse.com/1146346 https://bugzilla.suse.com/1146351 https://bugzilla.suse.com/1146352 https://bugzilla.suse.com/1146361 https://bugzilla.suse.com/1146368 https://bugzilla.suse.com/1146376 https://bugzilla.suse.com/1146378 https://bugzilla.suse.com/1146381 https://bugzilla.suse.com/1146391 https://bugzilla.suse.com/1146399 https://bugzilla.suse.com/1146413 https://bugzilla.suse.com/1146425 https://bugzilla.suse.com/1146512 https://bugzilla.suse.com/1146514 https://bugzilla.suse.com/1146516 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146524 https://bugzilla.suse.com/1146526 https://bugzilla.suse.com/1146529 https://bugzilla.suse.com/1146531 https://bugzilla.suse.com/1146540 https://bugzilla.suse.com/1146543 https://bugzilla.suse.com/1146547 https://bugzilla.suse.com/1146550 https://bugzilla.suse.com/1146575 https://bugzilla.suse.com/1146589 https://bugzilla.suse.com/1146664 https://bugzilla.suse.com/1146678 https://bugzilla.suse.com/1146938 https://bugzilla.suse.com/1148031 https://bugzilla.suse.com/1148032 https://bugzilla.suse.com/1148033 https://bugzilla.suse.com/1148034 https://bugzilla.suse.com/1148035 https://bugzilla.suse.com/1148093 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148192 https://bugzilla.suse.com/1148196 https://bugzilla.suse.com/1148198 https://bugzilla.suse.com/1148202 https://bugzilla.suse.com/1148219 https://bugzilla.suse.com/1148297 https://bugzilla.suse.com/1148303 https://bugzilla.suse.com/1148308 https://bugzilla.suse.com/1148363 https://bugzilla.suse.com/1148379 https://bugzilla.suse.com/1148394 https://bugzilla.suse.com/1148527 https://bugzilla.suse.com/1148570 https://bugzilla.suse.com/1148574 https://bugzilla.suse.com/1148616 https://bugzilla.suse.com/1148617 https://bugzilla.suse.com/1148619 https://bugzilla.suse.com/1148698 https://bugzilla.suse.com/1148712 https://bugzilla.suse.com/1148859 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149053 https://bugzilla.suse.com/1149083 https://bugzilla.suse.com/1149104 https://bugzilla.suse.com/1149105 https://bugzilla.suse.com/1149106 https://bugzilla.suse.com/1149197 https://bugzilla.suse.com/1149214 https://bugzilla.suse.com/1149224 https://bugzilla.suse.com/1149313 https://bugzilla.suse.com/1149325 https://bugzilla.suse.com/1149376 https://bugzilla.suse.com/1149413 https://bugzilla.suse.com/1149418 https://bugzilla.suse.com/1149424 https://bugzilla.suse.com/1149446 https://bugzilla.suse.com/1149522 https://bugzilla.suse.com/1149527 https://bugzilla.suse.com/1149539 https://bugzilla.suse.com/1149552 https://bugzilla.suse.com/1149555 https://bugzilla.suse.com/1149591 https://bugzilla.suse.com/1149602 https://bugzilla.suse.com/1149612 https://bugzilla.suse.com/1149626 https://bugzilla.suse.com/1149651 https://bugzilla.suse.com/1149652 https://bugzilla.suse.com/1149713 https://bugzilla.suse.com/1149940 https://bugzilla.suse.com/1149976 https://bugzilla.suse.com/1150025 https://bugzilla.suse.com/1150033 https://bugzilla.suse.com/1150112 https://bugzilla.suse.com/1150305 https://bugzilla.suse.com/1150381 https://bugzilla.suse.com/1150423 https://bugzilla.suse.com/1150562 https://bugzilla.suse.com/1150727 https://bugzilla.suse.com/1150846 https://bugzilla.suse.com/1150860 https://bugzilla.suse.com/1150861 https://bugzilla.suse.com/1150933 https://bugzilla.suse.com/1151067 https://bugzilla.suse.com/1151192 https://bugzilla.suse.com/1151350 https://bugzilla.suse.com/1151610 https://bugzilla.suse.com/1151661 https://bugzilla.suse.com/1151662 https://bugzilla.suse.com/1151667 https://bugzilla.suse.com/1151680 https://bugzilla.suse.com/1151891 https://bugzilla.suse.com/1151955 https://bugzilla.suse.com/1152024 https://bugzilla.suse.com/1152025 https://bugzilla.suse.com/1152026 https://bugzilla.suse.com/1152161 https://bugzilla.suse.com/1152187 https://bugzilla.suse.com/1152243 https://bugzilla.suse.com/1152325 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152460 https://bugzilla.suse.com/1152466 https://bugzilla.suse.com/1152525 https://bugzilla.suse.com/1152972 https://bugzilla.suse.com/1152974 https://bugzilla.suse.com/1152975 From sle-security-updates at lists.suse.com Mon Oct 14 13:52:51 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 14 Oct 2019 21:52:51 +0200 (CEST) Subject: SUSE-SU-2019:2657-1: moderate: Security update for dhcp Message-ID: <20191014195251.C53E6F796@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2657-1 Rating: moderate References: #1089524 #1134078 #1136572 Cross-References: CVE-2019-6470 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078). Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524). - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2657=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2657=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2657=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2657=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2657=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2657=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.5-6.3.1 dhcp-debugsource-4.3.5-6.3.1 dhcp-relay-4.3.5-6.3.1 dhcp-relay-debuginfo-4.3.5-6.3.1 dhcp-server-4.3.5-6.3.1 dhcp-server-debuginfo-4.3.5-6.3.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.5-6.3.1 dhcp-debugsource-4.3.5-6.3.1 dhcp-relay-4.3.5-6.3.1 dhcp-relay-debuginfo-4.3.5-6.3.1 dhcp-server-4.3.5-6.3.1 dhcp-server-debuginfo-4.3.5-6.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.5-6.3.1 dhcp-debugsource-4.3.5-6.3.1 dhcp-doc-4.3.5-6.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.5-6.3.1 dhcp-debugsource-4.3.5-6.3.1 dhcp-doc-4.3.5-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): dhcp-4.3.5-6.3.1 dhcp-client-4.3.5-6.3.1 dhcp-client-debuginfo-4.3.5-6.3.1 dhcp-debuginfo-4.3.5-6.3.1 dhcp-debugsource-4.3.5-6.3.1 dhcp-devel-4.3.5-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): dhcp-4.3.5-6.3.1 dhcp-client-4.3.5-6.3.1 dhcp-client-debuginfo-4.3.5-6.3.1 dhcp-debuginfo-4.3.5-6.3.1 dhcp-debugsource-4.3.5-6.3.1 dhcp-devel-4.3.5-6.3.1 References: https://www.suse.com/security/cve/CVE-2019-6470.html https://bugzilla.suse.com/1089524 https://bugzilla.suse.com/1134078 https://bugzilla.suse.com/1136572 From sle-security-updates at lists.suse.com Mon Oct 14 13:53:51 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 14 Oct 2019 21:53:51 +0200 (CEST) Subject: SUSE-SU-2019:2656-1: important: Security update for sudo Message-ID: <20191014195351.CF775F796@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2656-1 Rating: important References: #1153674 Cross-References: CVE-2019-14287 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2656=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2656=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2656=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2656=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.22-4.6.1 sudo-debugsource-1.8.22-4.6.1 sudo-test-1.8.22-4.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.22-4.6.1 sudo-debugsource-1.8.22-4.6.1 sudo-test-1.8.22-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): sudo-1.8.22-4.6.1 sudo-debuginfo-1.8.22-4.6.1 sudo-debugsource-1.8.22-4.6.1 sudo-devel-1.8.22-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): sudo-1.8.22-4.6.1 sudo-debuginfo-1.8.22-4.6.1 sudo-debugsource-1.8.22-4.6.1 sudo-devel-1.8.22-4.6.1 References: https://www.suse.com/security/cve/CVE-2019-14287.html https://bugzilla.suse.com/1153674 From sle-security-updates at lists.suse.com Mon Oct 14 13:54:32 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 14 Oct 2019 21:54:32 +0200 (CEST) Subject: SUSE-SU-2019:2655-1: important: Security update for kubernetes-salt Message-ID: <20191014195432.BBF96F796@maintenance.suse.de> SUSE Security Update: Security update for kubernetes-salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2655-1 Rating: important References: #1121153 #1121154 #1141675 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update fixes the following issues: * Flannel container ran with excess privileges (bsc#1121153 bsc#1121154) * Velum doesn't list available updates (due to failed transactional update timer restart) (bsc#1141675) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (noarch): kubernetes-salt-3.0.0+git_r999_f540bd3-3.77.1 References: https://bugzilla.suse.com/1121153 https://bugzilla.suse.com/1121154 https://bugzilla.suse.com/1141675 From sle-security-updates at lists.suse.com Tue Oct 15 07:11:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 15 Oct 2019 15:11:19 +0200 (CEST) Subject: SUSE-SU-2019:14191-1: important: Security update for tcpdump Message-ID: <20191015131119.3E541F796@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14191-1 Rating: important References: #1057247 #1153098 #1153332 Cross-References: CVE-2017-12893 CVE-2017-12894 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12995 CVE-2017-12996 CVE-2017-12998 CVE-2017-12999 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13041 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13051 CVE-2017-13053 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13725 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14881 CVE-2018-14882 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 83 vulnerabilities is now available. Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2017-12995: Fixed an infinite loop in the DNS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12893: Fixed a buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12894: Fixed a buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247). - CVE-2017-12896: Fixed a buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12897: Fixed a buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12898: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12899: Fixed a buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247). - CVE-2017-12900: Fixed a buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247). - CVE-2017-12901: Fixed a buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12902: Fixed a buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247). - CVE-2017-12985: Fixed a buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12986: Fixed a buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247). - CVE-2017-12987: Fixed a buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12988: Fixed a buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247). - CVE-2017-12991: Fixed a buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247). - CVE-2017-12992: Fixed a buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247). - CVE-2017-12993: Fixed a buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247). - CVE-2017-12996: Fixed a buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247). - CVE-2017-12998: Fixed a buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-12999: Fixed a buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13001: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13002: Fixed a buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247). - CVE-2017-13003: Fixed a buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13004: Fixed a buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247). - CVE-2017-13005: Fixed a buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13006: Fixed a buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13008: Fixed a buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13009: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13010: Fixed a buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13012: Fixed a buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13013: Fixed a buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13014: Fixed a buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247). - CVE-2017-13016: Fixed a buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13017: Fixed a buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13018: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13019: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13021: Fixed a buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13022: Fixed a buffer over-read in the IP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13023: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13024: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13025: Fixed a buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247). - CVE-2017-13027: Fixed a buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13028: Fixed a buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13029: Fixed a buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13030: Fixed a buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13031: Fixed a buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247). - CVE-2017-13032: Fixed a buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13034: Fixed a buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247). - CVE-2017-13035: Fixed a buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13036: Fixed a buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13037: Fixed a buffer over-read in the IP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13038: Fixed a buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13041: Fixed a buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13047: Fixed a buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13048: Fixed a buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13049: Fixed a buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247). - CVE-2017-13051: Fixed a buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13053: Fixed a buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247). - CVE-2017-13055: Fixed a buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247). - CVE-2017-13687: Fixed a buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247). - CVE-2017-13688: Fixed a buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247). - CVE-2017-13689: Fixed a buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247). - CVE-2017-13725: Fixed a buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-tcpdump-14191=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-tcpdump-14191=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tcpdump-14191=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-tcpdump-14191=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): tcpdump-3.9.8-1.30.13.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): tcpdump-3.9.8-1.30.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): tcpdump-debuginfo-3.9.8-1.30.13.1 tcpdump-debugsource-3.9.8-1.30.13.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): tcpdump-debuginfo-3.9.8-1.30.13.1 tcpdump-debugsource-3.9.8-1.30.13.1 References: https://www.suse.com/security/cve/CVE-2017-12893.html https://www.suse.com/security/cve/CVE-2017-12894.html https://www.suse.com/security/cve/CVE-2017-12896.html https://www.suse.com/security/cve/CVE-2017-12897.html https://www.suse.com/security/cve/CVE-2017-12898.html https://www.suse.com/security/cve/CVE-2017-12899.html https://www.suse.com/security/cve/CVE-2017-12900.html https://www.suse.com/security/cve/CVE-2017-12901.html https://www.suse.com/security/cve/CVE-2017-12902.html https://www.suse.com/security/cve/CVE-2017-12985.html https://www.suse.com/security/cve/CVE-2017-12986.html https://www.suse.com/security/cve/CVE-2017-12987.html https://www.suse.com/security/cve/CVE-2017-12988.html https://www.suse.com/security/cve/CVE-2017-12991.html https://www.suse.com/security/cve/CVE-2017-12992.html https://www.suse.com/security/cve/CVE-2017-12993.html https://www.suse.com/security/cve/CVE-2017-12995.html https://www.suse.com/security/cve/CVE-2017-12996.html https://www.suse.com/security/cve/CVE-2017-12998.html https://www.suse.com/security/cve/CVE-2017-12999.html https://www.suse.com/security/cve/CVE-2017-13001.html https://www.suse.com/security/cve/CVE-2017-13002.html https://www.suse.com/security/cve/CVE-2017-13003.html https://www.suse.com/security/cve/CVE-2017-13004.html https://www.suse.com/security/cve/CVE-2017-13005.html https://www.suse.com/security/cve/CVE-2017-13006.html https://www.suse.com/security/cve/CVE-2017-13008.html https://www.suse.com/security/cve/CVE-2017-13009.html https://www.suse.com/security/cve/CVE-2017-13010.html https://www.suse.com/security/cve/CVE-2017-13012.html https://www.suse.com/security/cve/CVE-2017-13013.html https://www.suse.com/security/cve/CVE-2017-13014.html https://www.suse.com/security/cve/CVE-2017-13016.html https://www.suse.com/security/cve/CVE-2017-13017.html https://www.suse.com/security/cve/CVE-2017-13018.html https://www.suse.com/security/cve/CVE-2017-13019.html https://www.suse.com/security/cve/CVE-2017-13021.html https://www.suse.com/security/cve/CVE-2017-13022.html https://www.suse.com/security/cve/CVE-2017-13023.html https://www.suse.com/security/cve/CVE-2017-13024.html https://www.suse.com/security/cve/CVE-2017-13025.html https://www.suse.com/security/cve/CVE-2017-13027.html https://www.suse.com/security/cve/CVE-2017-13028.html https://www.suse.com/security/cve/CVE-2017-13029.html https://www.suse.com/security/cve/CVE-2017-13030.html https://www.suse.com/security/cve/CVE-2017-13031.html https://www.suse.com/security/cve/CVE-2017-13032.html https://www.suse.com/security/cve/CVE-2017-13034.html https://www.suse.com/security/cve/CVE-2017-13035.html https://www.suse.com/security/cve/CVE-2017-13036.html https://www.suse.com/security/cve/CVE-2017-13037.html https://www.suse.com/security/cve/CVE-2017-13038.html https://www.suse.com/security/cve/CVE-2017-13041.html https://www.suse.com/security/cve/CVE-2017-13047.html https://www.suse.com/security/cve/CVE-2017-13048.html https://www.suse.com/security/cve/CVE-2017-13049.html https://www.suse.com/security/cve/CVE-2017-13051.html https://www.suse.com/security/cve/CVE-2017-13053.html https://www.suse.com/security/cve/CVE-2017-13055.html https://www.suse.com/security/cve/CVE-2017-13687.html https://www.suse.com/security/cve/CVE-2017-13688.html https://www.suse.com/security/cve/CVE-2017-13689.html https://www.suse.com/security/cve/CVE-2017-13725.html https://www.suse.com/security/cve/CVE-2018-10103.html https://www.suse.com/security/cve/CVE-2018-10105.html https://www.suse.com/security/cve/CVE-2018-14461.html https://www.suse.com/security/cve/CVE-2018-14462.html https://www.suse.com/security/cve/CVE-2018-14463.html https://www.suse.com/security/cve/CVE-2018-14464.html https://www.suse.com/security/cve/CVE-2018-14465.html https://www.suse.com/security/cve/CVE-2018-14466.html https://www.suse.com/security/cve/CVE-2018-14467.html https://www.suse.com/security/cve/CVE-2018-14468.html https://www.suse.com/security/cve/CVE-2018-14469.html https://www.suse.com/security/cve/CVE-2018-14881.html https://www.suse.com/security/cve/CVE-2018-14882.html https://www.suse.com/security/cve/CVE-2018-16229.html https://www.suse.com/security/cve/CVE-2018-16230.html https://www.suse.com/security/cve/CVE-2018-16300.html https://www.suse.com/security/cve/CVE-2018-16301.html https://www.suse.com/security/cve/CVE-2018-16451.html https://www.suse.com/security/cve/CVE-2018-16452.html https://www.suse.com/security/cve/CVE-2019-15166.html https://bugzilla.suse.com/1057247 https://bugzilla.suse.com/1153098 https://bugzilla.suse.com/1153332 From sle-security-updates at lists.suse.com Tue Oct 15 10:13:46 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 15 Oct 2019 18:13:46 +0200 (CEST) Subject: SUSE-SU-2019:2666-1: important: Security update for sudo Message-ID: <20191015161346.E3279F796@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2666-1 Rating: important References: #1153674 Cross-References: CVE-2019-14287 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2666=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2666=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2666=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2666=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2666=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2666=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2666=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2666=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2666=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2666=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): sudo-1.8.20p2-3.14.1 sudo-debuginfo-1.8.20p2-3.14.1 sudo-debugsource-1.8.20p2-3.14.1 - SUSE OpenStack Cloud 8 (x86_64): sudo-1.8.20p2-3.14.1 sudo-debuginfo-1.8.20p2-3.14.1 sudo-debugsource-1.8.20p2-3.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.20p2-3.14.1 sudo-debugsource-1.8.20p2-3.14.1 sudo-devel-1.8.20p2-3.14.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): sudo-1.8.20p2-3.14.1 sudo-debuginfo-1.8.20p2-3.14.1 sudo-debugsource-1.8.20p2-3.14.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): sudo-1.8.20p2-3.14.1 sudo-debuginfo-1.8.20p2-3.14.1 sudo-debugsource-1.8.20p2-3.14.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.20p2-3.14.1 sudo-debuginfo-1.8.20p2-3.14.1 sudo-debugsource-1.8.20p2-3.14.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): sudo-1.8.20p2-3.14.1 sudo-debuginfo-1.8.20p2-3.14.1 sudo-debugsource-1.8.20p2-3.14.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): sudo-1.8.20p2-3.14.1 sudo-debuginfo-1.8.20p2-3.14.1 sudo-debugsource-1.8.20p2-3.14.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): sudo-1.8.20p2-3.14.1 sudo-debuginfo-1.8.20p2-3.14.1 sudo-debugsource-1.8.20p2-3.14.1 - SUSE CaaS Platform 3.0 (x86_64): sudo-1.8.20p2-3.14.1 sudo-debuginfo-1.8.20p2-3.14.1 sudo-debugsource-1.8.20p2-3.14.1 - HPE Helion Openstack 8 (x86_64): sudo-1.8.20p2-3.14.1 sudo-debuginfo-1.8.20p2-3.14.1 sudo-debugsource-1.8.20p2-3.14.1 References: https://www.suse.com/security/cve/CVE-2019-14287.html https://bugzilla.suse.com/1153674 From sle-security-updates at lists.suse.com Tue Oct 15 10:14:40 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 15 Oct 2019 18:14:40 +0200 (CEST) Subject: SUSE-SU-2019:2669-1: important: Security update for libpcap Message-ID: <20191015161440.E8156F796@maintenance.suse.de> SUSE Security Update: Security update for libpcap ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2669-1 Rating: important References: #1153332 Cross-References: CVE-2018-16301 CVE-2019-15165 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2669=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2669=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2669=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2019-2669=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2669=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2669=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2669=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2669=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2669=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2669=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2669=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2669=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2669=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2669=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2669=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2669=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2669=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2669=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2669=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2669=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2669=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2669=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE OpenStack Cloud 8 (x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-32bit-1.8.1-10.3.1 libpcap1-debuginfo-32bit-1.8.1-10.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-32bit-1.8.1-10.3.1 libpcap1-debuginfo-32bit-1.8.1-10.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap-devel-1.8.1-10.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap-devel-1.8.1-10.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-32bit-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 libpcap1-debuginfo-32bit-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-32bit-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 libpcap1-debuginfo-32bit-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - SUSE Enterprise Storage 4 (x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 - HPE Helion Openstack 8 (x86_64): libpcap-debugsource-1.8.1-10.3.1 libpcap1-1.8.1-10.3.1 libpcap1-debuginfo-1.8.1-10.3.1 tcpdump-4.9.2-14.14.1 tcpdump-debuginfo-4.9.2-14.14.1 tcpdump-debugsource-4.9.2-14.14.1 References: https://www.suse.com/security/cve/CVE-2018-16301.html https://www.suse.com/security/cve/CVE-2019-15165.html https://bugzilla.suse.com/1153332 From sle-security-updates at lists.suse.com Tue Oct 15 10:16:23 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 15 Oct 2019 18:16:23 +0200 (CEST) Subject: SUSE-SU-2019:2671-1: moderate: Security update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer Message-ID: <20191015161623.ADB0FF796@maintenance.suse.de> SUSE Security Update: Security update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2671-1 Rating: moderate References: #1019074 #1052286 #1106515 #1108033 #1115960 #1118159 #1118900 #1120657 #1127558 #1128954 #1128987 #1131053 #1131961 #1132860 #1133719 #1133722 #1136784 #1143475 #1145796 #1145867 #1148383 #1150895 #1152916 Cross-References: CVE-2016-10127 CVE-2018-15727 CVE-2018-19039 CVE-2018-558213 CVE-2019-15043 CVE-2019-5477 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 17 fixes is now available. Description: This update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer fixes the following issues: In python-pysaml2 the following security issue was fixed: - CVE-2016-10127: Fixed an XML external entity attack. (bsc#1019074) crowbar-core was updated to version 4.0+git.1570463621.40b11cd48: * network: Don't set datapath-ids on ovs-bridges anymore (bsc#1152916) * barclamp_lib: Sync timeout with other barclamps (SOC-10513, SOC-10011) * gems: Update easy_diff to 1.0.0 (SOC-10505) * crowbar: Do not read /etc/crowbar.install.key in non-SUSE init script * transition.sh: Do not read /etc/crowbar.install.key * gather_logs: Make it a bit useful again * gather_logs: Do not read /etc/crowbar.install.key * network: Allow locking down the network config for nodes (bsc#1120657) * network: Check existing upper layers before bond setup (bsc#1120657) * network: never plug two interface into the same ovs bridge (bsc#1120657) * network: Avoid plugging the same interface to two ovs bridges (bsc#1120657) * nic library: some helper for identifying base interface (bsc#1120657) * network: Rework the vlan port replugging code (bsc#1120657) * network: DRY out "kill_nic_files" (noref) * Add CVE-2019-5477 the to travis ignore list (SOC-9635) crowbar-openstack was updated to version 4.0+git.1569429513.e7016b2b6: * tempest: don't rely on service catalogue (SOC-10633) * nova: set default attribute for max_threads_per_process * database: Hardcode ruby version for package installation (SOC-10010) * neutron: restore dhcp_domain in stable/4.0 (bsc#1145867) * nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719) grafana was updated to: - CVE-2019-15043: Adds authentication to a few rest endpoints that could be used to access grafana snapshot apis to cause denial of service (SOC-10357 bsc#1148383) Also see https://github.com/grafana/grafana/compare/v5.4.4...v5.4.5 grafana was updated to version 4.6.5: - CVE-2018-19039: Users with Editor or Admin permissions could exfiltrate files (jsc#SOC-9976 bsc#1115960) grafana was updated version to 4.6.4: - CVE-2018-15727 / CVE-2018-558213: Fixed an authentication bypass because an attacker can generate a valid "remember me"cookie knowing only a username of an LDAP or OAuth user (jsc#SOC-9980 bsc#1106515) Other fixes: * sql: added code migration type * release 4.6.3 * fix default alias * fixes broken alert eval when first condition is using OR * fix: alert list panel now works correctly after adding manual annotation on dashboard, fixes #9951 * fix: fix for avatar images when gzip is turned on, fixes #5952 * sets version to 4.6.2 * prom: add support for default step param (#9866) * build: fixed jshint error * fix: Html escaping caused issue in InfluxDB query editor, could not pick greater than or less then operators, fixes #9871 * heatmap: fix tooltip in "Time series bucket" mode, #9332 (#9867) * fix cloudwatch ec2_instance_attribute (#9718) * colorpicker: fix color string change #9769 (#9780) * changes version to 4.6.1 * fix: panel view now wraps, no scrolling required, fixes #9746 * plugins: fix for loading external plugins behind auth proxy, fixes #9509 * fix: color picker bug at series overrides page, #9715 (#9738) * tech: switch to golang 1.9.2 * tech: add missing include * save as should only delete threshold for panels with alerts * fix: graphite annotation tooltip included undefined, fixes #9707 * build: updated version to v4.6.0 * plugins: added backward compatible path for rxjs * ux: updated singlestat default colors * prometheus: fixed unsaved changes warning when changing time range due to step option on query model was changed in datasource.query code, fixes #9675 * fix: firefox can now create region annotations, fixes #9638 * alerting: only editors can pause rules * fix: another fix for playlist view state, #9639 * fix: fixed playlist controls and view state, fixes #9639 * prom: adds pre built grafana dashboard * bump version for publish_testing.sh * update version to 4.6.0-beta3 * plugins: expose dashboard impression store * modify $__timeGroup macro so it can be used in select clause (#9527) * plugins: fixes path issue on Windows * prometheus: enable gzip for /metrics endpoint * fix: fixed save to file button in export modal, fixes #9586 * mysql: add usage stats for mysql * pluginloader: esModule true for systemjs config * Fix heatmap Y axis rendering (#9580) * fix vector range * prometheus: add builtin template variable as range vectors * fix: fixed prometheus step issue that caused browser crash, fixes #9575 * fix: getting started panel and mark adding data source as done, fixes #9568 * Fixes for annotations API (#9577) * bump packagecloud script * build: added imports of rxjs utility functions * prepare for v4.6.0-beta2 release * fix template variable expanding * annotations: quote reserved fields (#9550) * ux: align alert and btn colors * fix: fixed color pickers that were broken in minified builds, fixes #9549 * textpanel: fixes #9491 * csv: fix import for saveAs shim * plugins: expose more util and flot dependencies * alert_tab: clear test result when testing rules * (cloudwatch) fix cloudwatch query error over 24h (#9536) * show error message when cloudwatch datasource can't add * update packagecloud script for 4.6.0-beta1 * changelog: adds note about closing #9516 * alerting: add count_non_null reducer * Update rpm.md * fix: can now remove annotation tags without popover closing * tech: add backward compatibility for directive (#9510) * fix: fixed links on new 404 page, fixes #9493 * logging: dont use cli logger in http_server * oauth: raise error if session state is missing * oauth: provide more logging for failed oauth requests * prepare for 4.6.0-beta1 release * docs: updated whats new article * docs: initial draft release v46 * graph: fix y-axis decimalTick check. Fixes #9405 * minor docs update * docs: annotation docs update * changelog: adds note about closing #7104 * changelog: adds note about closing #9373 * metrics: disable gzip for /metrics endpoint (#9468) * Annotation docs (#9506) * Update CHANGELOG.md * Update PLUGIN_DEV.md * Update PLUGIN_DEV.md * Update README.md * Fixed link issue in CHANGELOG * Create PLUGIN_DEV.md * changelog: adds note about closing #9371,#5334,#8812 * ds_edit: placeholder should only be cert header * fixed minor styling issus (#9497) * fix: alert api limit param did not work and caused SQL syntax error, fixes #9492 * annotations: add endpoint for writing graphite-like events (#9495) * Update unsaved_changes_modal.ts * fix: set lastSeenAt date when creating users to then years in past insteasd of empty date, fixes #9260 * ux: minor ux fix * Retain old name for TLS client auth * Return error if datasource TLS CA not parsed * Datasource settings: Make HTTP all caps * Datasource HTTP settings: Add TLS skip verify * Make URL capitalisation consistent in UI * Alias macron package in app_routes.go * Verify datasource TLS and split client auth and CA * Tidy spacing in datasource TLS settings * Tests: Clarify what InsecureSkipVerify does * postgres: add missing ngInject decorator * docs: initial docs for new annotation features, #9483 * Adds note for #9209 to changelog * Postgres Data Source (#9475) * tech: expose more to plugins, closes #9456 * Fix NaN handling (#9469) * snapshots: improve snapshot listing performance, #9314 (#9477) * mysql: fix interpolation for numbers in temp vars * Added docs for Kafka alerting * Fixed failing go tests * gofmt fixes * Added tests * Kafka REST Proxy works with Grafana * added insrtuctions for oauth2 okta bitbucket (#9471) * Unified Color picker fixes (#9466) * Show min interval query option for mixed datasource (#9467) * gzip: plugin readme content set explicitly * ignore pattern for vendored libs * fix: escape metric segment auto complete, fixes #9423 * Corrected a PostgreSQL SELECT statement. (#9460) * tests: found the unhandled promise issue in the dash import tests * testing: fixing tests * annotations: minor change to default/edit annotation color * Create annotations (#8197) * OAuth: Rename sslcli * OAuth: Separate TLS client auth and CA config * OAuth: Check both TLS client cert and key * Always verify TLS unless explicitly told otherwise * fix: threshold's colors in table panels (#9445) (#9453) * singlestat: fix sizing bug #9337 (#9448) * Revert "Fix coloring in singlestat if null value (#9438)" (#9443) * Fix coloring in singlestat if null value (#9438) * fix: missing semicolon * changed jsontree to use jsonexplorer (#9416) * docs page for authproxy (#9420) * Update codebox (#9430) * Series color picker fix (#9442) * fix type in readme * removed commented line * changelog: adds note about closing #9110 * Fixed typo * Change empty string checks and improve logging * changelog: adds note about closing #9208 * Fix spelling on 404 page. * Lint fix * Update kbn.js * Add Norwegian Krone denominator for currency * fixed layout for column options, changed dropdown for date format kept old code * build: add noUnusedLocals to tsc parameters * build: install go based on env variable * changes go version to 1.9.1 * changelog: adds note about closing #9226 * changelog: add note about closing #9429 * changelog: adds note about closing #9399 * Fix formatting issue * Add milliseconds format in table panel's config * support for s3 path (#9151) * Remove apparently unnecessary .flush() calls. * Fix empty message and toolong attribute names Use default state message if no message is provided by the user Slice attribute name to maximum of 50 chars * Address review comments. * changelog: add note about closing #7175 * plugin_loader: expose app_events to plugins * Add the missing comma * colorpicker: refactoring the new unififed colorpicker, #9347 * Unified colorpicker (#9347) * fix missing column headers in excel export (#9413) * build: remove clean plugin from dev build * build: fixed broken elastic unit test * shore: cleanup unused stuff in common.d.ts * Build URL for close alert request differently * some restyling (#9409) * Docs text fixes (#9408) * Checkbox fixes (#9400) * fix: ensure panel.datasource is null as default * plugibs: expose more to plugins * properly parse & pass upload image bool from config * break out slack upload into separate function * tech: minor npm scripts update * build: fixed build * refactoring: minor refactoring of PR #8916 * Update script to make it use OpsGenie's REST API * docs: minor docs fix * Merge branch 'master' of github.com:grafana/grafana * build: minor webpack fix * docs: updated building from source docs * playlist: play and edit should use same width * shore: fixed html indentation, #9368 * tech: updated yarn.lock * shore: minor cleanup * Webpack (#9391) * fixing json for CI * adding support for token-based slack file.upload API call for posting images to slack * changelog: adds note about closing #8479 * changelog: adds note about closing #8050 * changelog: adds note about closing #9386 * change pdiff to percent_diff for conditions * panel: rename label on csv export modal * add diff and pdiff for conditions * fix, add targetContainsTemplate() * fix cloudwatch alert bug * add debug log * move extend statistics handling code to backend * fix assume role * improve cloudwatch tsdb * refactor cloudwatch code * remove obsolete code * move cloudwatch crendential related code * remove old handler * fix annotation query * fix time * fix dimension convertion * re-implement annotation query * fix parameter format * fix alert feature * fix parameter format * refactor cloudwatch to support new tsdb interface * refactor cloudwatch frontend code * refactor cloudwatch frontend code * fix test * re-implement dimension_values() * fix error message * remove performEC2DescribeInstances() * re-implement ec2_instance_attribute() * re-implement ebs_volume_ids() * import the change, https://github.com/grafana/grafana/pull/9268 * fix conflict * fix test * remove obsolete GetMetricStatistics() * fix test * move test code * fix conflict * porting other suggestion * re-implement get regions * move the metric find query code * (cloudwatch) move query parameter to 'parameters' * parse duration * remove offset for startTime * cache creds for keys/credentials auth type * fix test * fix invalid query filter * count up metrics * (cloudwatch) alerting * add brazil currency * tech: upgrade of systemjs to 0.20.x working * tech: reverted to systemjs * tech: migrating elasticsearch to typescript * changelog: add note about using golang 1.9 * change go version to 1.9 * changelog: adds note about closing #9367 * tech: systemjs upgrade * made a text-panel page, maybe we don't need it * cleaned up html/sass and added final touches * Enable dualstack in every net.Dialer, fixes #9364 * jaeger: capitalize tracer name * jaeger: logging improvement * tech: systemjs upgrade * Have include intervalFactor in its calculation, so always equal to the step query parameter. * alertlist: toggle play/pause button * updated css and html for recent state changes for alert lists * Fix export_modal message (#9353) * s3: minor fix for PR #9223 * internal metrics: add grafana version * changelog: adds note about closing 5765 * Update latest.json * typescript: stricter typescript option * prom_docker: give targets correct job name * testdata: add bucket scenarios for heatmap * dev-docker: add grafana as target * changelog: add note ablout closing #9319 * introduce smtp config option for EHLO identity * changelog: note about closing #9250 * go fmt * new page for text, needs more work * replaced img in graph, created alert list page * docs: update docs * Update CHANGELOG.md * changelog: adds note about closing #5873 * replaced image * Docs new updates (#9324) * Update CHANGELOG.md * Update latest.json * cleanup: removed unused file * tech: remove bower and moved remaining bower dependencies to npm * tech: cleanup and fixed build issue * tech: upgraded angularjs and moved dependency from bower to npm, closes #9327 * follow go idiom and return error as second param * tech: updated tsconfig * docker: adds alertmanager to prometheus fig * tech: more tslint rules * another img update * tech: removing unused variables from typescript files, and making tslint rules more strict * deleted old shortcuts instruction * text uppdates for dashlist and singlestat(+img). updated the keyboard shortcuts * context is reserved for go's context * make ds a param for Query * remove batch abstraction * rename executor into tsdbqueryendpoint * remove unused structs * refactor response flow * tech: removed test component * ux: minor singlestat update * singlestat: minor change * Update CHANGELOG.md * Singlestat time (#9298) * tech: progress on react poc * adds note about closing #9213 * Update _navbar.scss * replaced images, updating text(not finished) * fix: close for 'Unsaved Changes' modal, #9284 (#9313) * Initial graphite tags support (#9239) * tech: initial react poc * Make details more clean in PD description * bug: enable HEAD requests again * Add `DbClusterIdentifier` to CloudWatch dimensions (#9297) * templating: fix dependent variable updating (#9306) * Fix adhoc filters restoration (#9303) * Explicitly refer to Github 'OAuth' applications * config bucket and region for s3 uploader * fixes bug introduced with prom namespaces * fixing spelling of millesecond -> millisecond * fixing spelling of millesecond -> millisecond * Remove duplicate bus.AddHandler() (#9289) * Update CHANGELOG.md * use same key as mt * tag alert queries that return no_data * updated error page html+css, added ds_store to ignore (#9285) * public/app/plugins/panel/graph/specs/graph_specs.ts: relax tests to be "within" instead of "equal", so they won't fail on i686 (#9286) * Fix path to icon (#9276) * adds note about fix in v4.5.2 * skip NaN values when writing to graphite * addded mass units, #9265 (#9273) * Fully fill out nulls in cloudfront data source (#9268) * make it possible to configure sampler type * mark >=400 responses as error * change port for jaeger dev container * logwrapper for jaeger * make samplerconfig.param configurable * adds custom tags from settings * use route as span name * add trace headers for outgoing requests * docker file for running jaeger * better formating for error trace * attach context with span to *http.Request * add traces for datasource reverse proxy requests * trace failed executions * use tags instead of logs * use opentracing ext package when possible * set example port to zipkin default * adds codahale to vendor * makes jaeger tracing configurable * add trace parameters for outgoing requests * adds basic traces using open traces * require dashboard panels to have id * fix: jsonData should not be allowed to be null, fixes #9258 * packaging: reduce package size * Update upgrading.md (#9263) * Added --pluginUrl option to grafana-cli for local network plugin installation * adds note about closing #1395 * add locale format * update changelog * fixes broken tests :boom: * minor code adjusetments * pass context to image uploaders * remove unused deps * Reduced OAuth scope to read_write * GCS support via JSON API * gofmt fixes * Added GCS support #8370 * move more known datasources from others * Remove alert thresholds on panel duplicate, issue #9178 (#9257) * 4.5.1 docs + update version to 5.0.0-pre1 * publish_both.sh update for 4.5.1 * Update CHANGELOG.md * docs: updated changelog * packaging: reducing package size be only including public vendor stuff we need * docs: update download links * allow ssl renegotiation for datasources * check args for query * add test for completer * fix * follow token name change * (prometheus) support label value completion * (prometheus) support label name completion * get s3 url via aws-sdk-go, fix #9189 * Prometheus: Rework the interaction between auto interval (computed based on graph resolution), min interval (where specified, per query) and intervalFactor (AKA resolution, where specified, per query). As a bonus, have and reflect the actual interval (not the auto interval), taking into account min interval and Prometheus' 11k data points limit. * minor fix * (prometheus) support instant query for table format, use checkbox to switch query type * (prometheus) instant query support * Add thumbnail to card * Add values to the hipchat card * Reorder editorconfig * Enable datasources to be able to round off to a UTC day properly * Include triggering metrics to pagerduty alerts novnc was updated to fix the following issue: - Add tightPNG encoding (bsc#1145796) This encoding is needed to allow noVNC to work with instances that run on ESX hypervisors. It is not possible to update the Newton package to noVNC 1.1.0 as that version is not supported with openstack-nova until Rocky. openstack-keystone was updated to fix: - A domain_admin should be allowed to list role assignments for the domain and for all projects of this domain with a domain-scoped token. (bsc#1118159) openstack-neutron was updated to fix: - Add path to not update device lists in large sets. (bsc#1136784) Since the ssh timeout issue was resolved, start adding back the removed patches. Backport based on comment #1. - Revert OVS timeout patch as it also seams to cause CI issues. (SOC-10092) - Since the CI failures are mostly seen in ha jobs, let us first try to revert the last added HA related patches. Once we nail down the issue, we can add one at a time. (SOC-10092) - Disallow router interface out of subnet IP range (bsc#1108033) - Fix for dhcp serializing port delete and network rpc calls (bsc#1143475) - Fixed a function call error with get_reader_session Fixed an argument issue with respect to Context not having 'bein' function, we should have passed the session instead of context. Also fixed another function argument error with respect to 'is_ha_router_port'. (bsc#1133722) - Divide and conquer local hridge flows beasts (bsc#1133722) - Choose random value for HA routes vr_id - Change duplicate OVS bridge datapath ids - Async notify neutron server for HA states - Divide and conquer security group beasts - Change default local ovs connection timeout (bsc#1136784) - Do not call update device list in large sets (bsc#1136784) - More accurate agent restart state transfer (bsc#1136784) - OVS agent: Always send start flag during initial sync (bsc#1136784) - Keep HA ports info for HA router during entire lifecycle - Packets getting lost during SNAT with too many connections - Don't restart neutron-ovs-cleanup on RPM update (bsc#1132860) - neutron-keepalived-state-change will check VIP before spawning ip monitor (bsc#1131961) - handle database query correctly - Fix the update port status issue without getting the ports to BUILD status.(bsc#1131053) - OVS Raise RuntimeError in_get_dp if id is None - OVS Survive errors from check ovs status - Trigger port status DOWN on VIF replug.patch - Fix dvr ha router gateway port binding to incorrect host - DVR HA Unbinding a HA router from agent does not clear HA interface - Don't trigger DVR port update if status the same - Add retry decorator update_segment_host_mapping (bsc#1127558) - Do state report after setting start flag on OVS restart openstack-nova was updated to fix: Security issue fixed: - CVE-2016-10127: Fixed XXE in XML Parsing (bsc#1019074) - Allow to attach more than 26 volumes (bsc#1118900) openstack-tempest was updated to fix: - Avoid server check teardown exception breaking tearDown (SOC 10092) python-urllib3 was updated to fix: - Add missing dependency on python-six (bsc#1150895) sleshammer was updated to fix: - Really drop etc/udev/rules.d/70-persistent-net.rules from the overlay it was still present in the tarball. (SOC-9288) rubygem-chef was updated to fix: - pretty print inspect results and force encode the content (SOC-9954) - updated to version 1.0.0 - Unmerge Arrays containing Hashes - Handle duplicate values in arrays correctly rubygem-easy_diff was updated to version 0.0.6 - Fix merging arrays of hashes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2671=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2671=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1 crowbar-core-branding-upstream-4.0+git.1570463621.40b11cd48-9.54.1 novnc-1.0.0-12.1 ruby2.1-rubygem-chef-10.32.2-5.12.1 ruby2.1-rubygem-easy_diff-1.0.0-3.3.1 rubygem-chef-10.32.2-5.12.1 - SUSE OpenStack Cloud 7 (noarch): crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1 openstack-keystone-10.0.3~dev9-7.18.2 openstack-keystone-doc-10.0.3~dev9-7.18.2 openstack-neutron-9.4.2~dev21-7.32.1 openstack-neutron-dhcp-agent-9.4.2~dev21-7.32.1 openstack-neutron-doc-9.4.2~dev21-7.32.1 openstack-neutron-ha-tool-9.4.2~dev21-7.32.1 openstack-neutron-l3-agent-9.4.2~dev21-7.32.1 openstack-neutron-lbaas-9.2.2~dev11-4.18.3 openstack-neutron-lbaas-agent-9.2.2~dev11-4.18.3 openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3 openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.32.1 openstack-neutron-macvtap-agent-9.4.2~dev21-7.32.1 openstack-neutron-metadata-agent-9.4.2~dev21-7.32.1 openstack-neutron-metering-agent-9.4.2~dev21-7.32.1 openstack-neutron-openvswitch-agent-9.4.2~dev21-7.32.1 openstack-neutron-server-9.4.2~dev21-7.32.1 openstack-nova-14.0.11~dev13-4.34.3 openstack-nova-api-14.0.11~dev13-4.34.3 openstack-nova-cells-14.0.11~dev13-4.34.3 openstack-nova-cert-14.0.11~dev13-4.34.3 openstack-nova-compute-14.0.11~dev13-4.34.3 openstack-nova-conductor-14.0.11~dev13-4.34.3 openstack-nova-console-14.0.11~dev13-4.34.3 openstack-nova-consoleauth-14.0.11~dev13-4.34.3 openstack-nova-doc-14.0.11~dev13-4.34.2 openstack-nova-novncproxy-14.0.11~dev13-4.34.3 openstack-nova-placement-api-14.0.11~dev13-4.34.3 openstack-nova-scheduler-14.0.11~dev13-4.34.3 openstack-nova-serialproxy-14.0.11~dev13-4.34.3 openstack-nova-vncproxy-14.0.11~dev13-4.34.3 openstack-tempest-12.2.1~a0~dev177-4.6.3 openstack-tempest-test-12.2.1~a0~dev177-4.6.3 python-keystone-10.0.3~dev9-7.18.2 python-neutron-9.4.2~dev21-7.32.1 python-neutron-lbaas-9.2.2~dev11-4.18.3 python-nova-14.0.11~dev13-4.34.3 python-pysaml2-4.0.2-3.11.3 python-tempest-12.2.1~a0~dev177-4.6.3 python-urllib3-1.16-3.9.2 sleshammer-aarch64-0.7.0-0.18.12.3 sleshammer-debugsource-0.7.0-0.18.12.3 sleshammer-ppc64le-0.7.0-0.18.12.3 sleshammer-s390x-0.7.0-0.18.12.3 sleshammer-x86_64-0.7.0-0.18.12.3 - SUSE OpenStack Cloud 7 (x86_64): grafana-4.6.5-1.11.2 - SUSE Enterprise Storage 4 (aarch64 x86_64): crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1 ruby2.1-rubygem-chef-10.32.2-5.12.1 ruby2.1-rubygem-easy_diff-1.0.0-3.3.1 rubygem-chef-10.32.2-5.12.1 - SUSE Enterprise Storage 4 (noarch): sleshammer-aarch64-0.7.0-0.18.12.3 sleshammer-debugsource-0.7.0-0.18.12.3 sleshammer-x86_64-0.7.0-0.18.12.3 References: https://www.suse.com/security/cve/CVE-2016-10127.html https://www.suse.com/security/cve/CVE-2018-15727.html https://www.suse.com/security/cve/CVE-2018-19039.html https://www.suse.com/security/cve/CVE-2018-558213.html https://www.suse.com/security/cve/CVE-2019-15043.html https://www.suse.com/security/cve/CVE-2019-5477.html https://bugzilla.suse.com/1019074 https://bugzilla.suse.com/1052286 https://bugzilla.suse.com/1106515 https://bugzilla.suse.com/1108033 https://bugzilla.suse.com/1115960 https://bugzilla.suse.com/1118159 https://bugzilla.suse.com/1118900 https://bugzilla.suse.com/1120657 https://bugzilla.suse.com/1127558 https://bugzilla.suse.com/1128954 https://bugzilla.suse.com/1128987 https://bugzilla.suse.com/1131053 https://bugzilla.suse.com/1131961 https://bugzilla.suse.com/1132860 https://bugzilla.suse.com/1133719 https://bugzilla.suse.com/1133722 https://bugzilla.suse.com/1136784 https://bugzilla.suse.com/1143475 https://bugzilla.suse.com/1145796 https://bugzilla.suse.com/1145867 https://bugzilla.suse.com/1148383 https://bugzilla.suse.com/1150895 https://bugzilla.suse.com/1152916 From sle-security-updates at lists.suse.com Tue Oct 15 10:21:07 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 15 Oct 2019 18:21:07 +0200 (CEST) Subject: SUSE-SU-2019:2668-1: important: Security update for sudo Message-ID: <20191015162107.747AEF796@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2668-1 Rating: important References: #1053911 #1058297 #1068003 #1153674 Cross-References: CVE-2019-14287 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for sudo provides the following fix: Security issue fixed: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Other issues fixed: - Cache resolved group names as calling getgrgid() is expensive and on systems connected to AD with many users, groups or sudo rules it causes sudo to take a long time to run (bsc#1068003). - Disable insults by default at build time. For new installations this was done via sudoers file, but when upgrading from previous versions it would accidentally be enabled (bsc#1053911). - Enable support for zlib compressed I/O logs (bsc#1058297). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2668=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2668=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): sudo-1.8.10p3-2.28.1 sudo-debuginfo-1.8.10p3-2.28.1 sudo-debugsource-1.8.10p3-2.28.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): sudo-1.8.10p3-2.28.1 sudo-debuginfo-1.8.10p3-2.28.1 sudo-debugsource-1.8.10p3-2.28.1 References: https://www.suse.com/security/cve/CVE-2019-14287.html https://bugzilla.suse.com/1053911 https://bugzilla.suse.com/1058297 https://bugzilla.suse.com/1068003 https://bugzilla.suse.com/1153674 From sle-security-updates at lists.suse.com Tue Oct 15 10:22:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 15 Oct 2019 18:22:31 +0200 (CEST) Subject: SUSE-SU-2019:2667-1: important: Security update for sudo Message-ID: <20191015162231.67179F796@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2667-1 Rating: important References: #1153674 Cross-References: CVE-2019-14287 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2667=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2667=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2667=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2667=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2667=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): sudo-1.8.10p3-10.23.1 sudo-debuginfo-1.8.10p3-10.23.1 sudo-debugsource-1.8.10p3-10.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): sudo-1.8.10p3-10.23.1 sudo-debuginfo-1.8.10p3-10.23.1 sudo-debugsource-1.8.10p3-10.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): sudo-1.8.10p3-10.23.1 sudo-debuginfo-1.8.10p3-10.23.1 sudo-debugsource-1.8.10p3-10.23.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): sudo-1.8.10p3-10.23.1 sudo-debuginfo-1.8.10p3-10.23.1 sudo-debugsource-1.8.10p3-10.23.1 - SUSE Enterprise Storage 4 (x86_64): sudo-1.8.10p3-10.23.1 sudo-debuginfo-1.8.10p3-10.23.1 sudo-debugsource-1.8.10p3-10.23.1 References: https://www.suse.com/security/cve/CVE-2019-14287.html https://bugzilla.suse.com/1153674 From sle-security-updates at lists.suse.com Tue Oct 15 13:12:46 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 15 Oct 2019 21:12:46 +0200 (CEST) Subject: SUSE-SU-2019:2674-1: important: Security update for tcpdump Message-ID: <20191015191246.AD5BAF796@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2674-1 Rating: important References: #1068716 #1153098 #1153332 Cross-References: CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-1010220 CVE-2019-15166 CVE-2019-15167 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 28 vulnerabilities is now available. Description: This update for tcpdump fixes the following issues: - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098). - CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098). - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098). - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2674=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2674=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-3.9.1 tcpdump-debuginfo-4.9.2-3.9.1 tcpdump-debugsource-4.9.2-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): tcpdump-4.9.2-3.9.1 tcpdump-debuginfo-4.9.2-3.9.1 tcpdump-debugsource-4.9.2-3.9.1 References: https://www.suse.com/security/cve/CVE-2017-16808.html https://www.suse.com/security/cve/CVE-2018-10103.html https://www.suse.com/security/cve/CVE-2018-10105.html https://www.suse.com/security/cve/CVE-2018-14461.html https://www.suse.com/security/cve/CVE-2018-14462.html https://www.suse.com/security/cve/CVE-2018-14463.html https://www.suse.com/security/cve/CVE-2018-14464.html https://www.suse.com/security/cve/CVE-2018-14465.html https://www.suse.com/security/cve/CVE-2018-14466.html https://www.suse.com/security/cve/CVE-2018-14467.html https://www.suse.com/security/cve/CVE-2018-14468.html https://www.suse.com/security/cve/CVE-2018-14469.html https://www.suse.com/security/cve/CVE-2018-14470.html https://www.suse.com/security/cve/CVE-2018-14879.html https://www.suse.com/security/cve/CVE-2018-14880.html https://www.suse.com/security/cve/CVE-2018-14881.html https://www.suse.com/security/cve/CVE-2018-14882.html https://www.suse.com/security/cve/CVE-2018-16227.html https://www.suse.com/security/cve/CVE-2018-16228.html https://www.suse.com/security/cve/CVE-2018-16229.html https://www.suse.com/security/cve/CVE-2018-16230.html https://www.suse.com/security/cve/CVE-2018-16300.html https://www.suse.com/security/cve/CVE-2018-16301.html https://www.suse.com/security/cve/CVE-2018-16451.html https://www.suse.com/security/cve/CVE-2018-16452.html https://www.suse.com/security/cve/CVE-2019-1010220.html https://www.suse.com/security/cve/CVE-2019-15166.html https://www.suse.com/security/cve/CVE-2019-15167.html https://bugzilla.suse.com/1068716 https://bugzilla.suse.com/1153098 https://bugzilla.suse.com/1153332 From sle-security-updates at lists.suse.com Tue Oct 15 13:13:48 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 15 Oct 2019 21:13:48 +0200 (CEST) Subject: SUSE-SU-2019:2673-1: important: Security update for libpcap Message-ID: <20191015191348.46628F796@maintenance.suse.de> SUSE Security Update: Security update for libpcap ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2673-1 Rating: important References: #1153332 Cross-References: CVE-2018-16301 CVE-2019-15165 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2673=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2673=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2673=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2673=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libpcap-debugsource-1.8.1-4.3.1 libpcap-devel-static-1.8.1-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpcap-devel-32bit-1.8.1-4.3.1 libpcap1-32bit-1.8.1-4.3.1 libpcap1-32bit-debuginfo-1.8.1-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libpcap-debugsource-1.8.1-4.3.1 libpcap-devel-static-1.8.1-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpcap-debugsource-1.8.1-4.3.1 libpcap-devel-1.8.1-4.3.1 libpcap1-1.8.1-4.3.1 libpcap1-debuginfo-1.8.1-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpcap-debugsource-1.8.1-4.3.1 libpcap-devel-1.8.1-4.3.1 libpcap1-1.8.1-4.3.1 libpcap1-debuginfo-1.8.1-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-16301.html https://www.suse.com/security/cve/CVE-2019-15165.html https://bugzilla.suse.com/1153332 From sle-security-updates at lists.suse.com Wed Oct 16 13:20:34 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 16 Oct 2019 21:20:34 +0200 (CEST) Subject: SUSE-SU-2019:2686-1: moderate: Security update for libreoffice Message-ID: <20191016192034.23581F798@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2686-1 Rating: moderate References: #1149943 #1149944 Cross-References: CVE-2019-9854 CVE-2019-9855 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libreoffice fixes the following issues: Updated to version 6.2.7.1. Security issues fixed: - CVE-2019-9854: Fixed unsafe URL assembly flaw (bsc#1149944). - CVE-2019-9855: Fixed path equivalence handling flaw (bsc#1149943) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2686=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): libreoffice-6.2.7.1-3.24.4 libreoffice-base-6.2.7.1-3.24.4 libreoffice-base-debuginfo-6.2.7.1-3.24.4 libreoffice-base-drivers-postgresql-6.2.7.1-3.24.4 libreoffice-base-drivers-postgresql-debuginfo-6.2.7.1-3.24.4 libreoffice-calc-6.2.7.1-3.24.4 libreoffice-calc-debuginfo-6.2.7.1-3.24.4 libreoffice-calc-extensions-6.2.7.1-3.24.4 libreoffice-debuginfo-6.2.7.1-3.24.4 libreoffice-debugsource-6.2.7.1-3.24.4 libreoffice-draw-6.2.7.1-3.24.4 libreoffice-draw-debuginfo-6.2.7.1-3.24.4 libreoffice-filters-optional-6.2.7.1-3.24.4 libreoffice-gnome-6.2.7.1-3.24.4 libreoffice-gnome-debuginfo-6.2.7.1-3.24.4 libreoffice-gtk3-6.2.7.1-3.24.4 libreoffice-gtk3-debuginfo-6.2.7.1-3.24.4 libreoffice-impress-6.2.7.1-3.24.4 libreoffice-impress-debuginfo-6.2.7.1-3.24.4 libreoffice-mailmerge-6.2.7.1-3.24.4 libreoffice-math-6.2.7.1-3.24.4 libreoffice-math-debuginfo-6.2.7.1-3.24.4 libreoffice-officebean-6.2.7.1-3.24.4 libreoffice-officebean-debuginfo-6.2.7.1-3.24.4 libreoffice-pyuno-6.2.7.1-3.24.4 libreoffice-pyuno-debuginfo-6.2.7.1-3.24.4 libreoffice-writer-6.2.7.1-3.24.4 libreoffice-writer-debuginfo-6.2.7.1-3.24.4 libreoffice-writer-extensions-6.2.7.1-3.24.4 libreofficekit-6.2.7.1-3.24.4 - SUSE Linux Enterprise Workstation Extension 15 (noarch): libreoffice-branding-upstream-6.2.7.1-3.24.4 libreoffice-icon-themes-6.2.7.1-3.24.4 libreoffice-l10n-af-6.2.7.1-3.24.4 libreoffice-l10n-ar-6.2.7.1-3.24.4 libreoffice-l10n-as-6.2.7.1-3.24.4 libreoffice-l10n-bg-6.2.7.1-3.24.4 libreoffice-l10n-bn-6.2.7.1-3.24.4 libreoffice-l10n-br-6.2.7.1-3.24.4 libreoffice-l10n-ca-6.2.7.1-3.24.4 libreoffice-l10n-cs-6.2.7.1-3.24.4 libreoffice-l10n-cy-6.2.7.1-3.24.4 libreoffice-l10n-da-6.2.7.1-3.24.4 libreoffice-l10n-de-6.2.7.1-3.24.4 libreoffice-l10n-dz-6.2.7.1-3.24.4 libreoffice-l10n-el-6.2.7.1-3.24.4 libreoffice-l10n-en-6.2.7.1-3.24.4 libreoffice-l10n-eo-6.2.7.1-3.24.4 libreoffice-l10n-es-6.2.7.1-3.24.4 libreoffice-l10n-et-6.2.7.1-3.24.4 libreoffice-l10n-eu-6.2.7.1-3.24.4 libreoffice-l10n-fa-6.2.7.1-3.24.4 libreoffice-l10n-fi-6.2.7.1-3.24.4 libreoffice-l10n-fr-6.2.7.1-3.24.4 libreoffice-l10n-ga-6.2.7.1-3.24.4 libreoffice-l10n-gl-6.2.7.1-3.24.4 libreoffice-l10n-gu-6.2.7.1-3.24.4 libreoffice-l10n-he-6.2.7.1-3.24.4 libreoffice-l10n-hi-6.2.7.1-3.24.4 libreoffice-l10n-hr-6.2.7.1-3.24.4 libreoffice-l10n-hu-6.2.7.1-3.24.4 libreoffice-l10n-it-6.2.7.1-3.24.4 libreoffice-l10n-ja-6.2.7.1-3.24.4 libreoffice-l10n-kk-6.2.7.1-3.24.4 libreoffice-l10n-kn-6.2.7.1-3.24.4 libreoffice-l10n-ko-6.2.7.1-3.24.4 libreoffice-l10n-lt-6.2.7.1-3.24.4 libreoffice-l10n-lv-6.2.7.1-3.24.4 libreoffice-l10n-mai-6.2.7.1-3.24.4 libreoffice-l10n-ml-6.2.7.1-3.24.4 libreoffice-l10n-mr-6.2.7.1-3.24.4 libreoffice-l10n-nb-6.2.7.1-3.24.4 libreoffice-l10n-nl-6.2.7.1-3.24.4 libreoffice-l10n-nn-6.2.7.1-3.24.4 libreoffice-l10n-nr-6.2.7.1-3.24.4 libreoffice-l10n-nso-6.2.7.1-3.24.4 libreoffice-l10n-or-6.2.7.1-3.24.4 libreoffice-l10n-pa-6.2.7.1-3.24.4 libreoffice-l10n-pl-6.2.7.1-3.24.4 libreoffice-l10n-pt_BR-6.2.7.1-3.24.4 libreoffice-l10n-pt_PT-6.2.7.1-3.24.4 libreoffice-l10n-ro-6.2.7.1-3.24.4 libreoffice-l10n-ru-6.2.7.1-3.24.4 libreoffice-l10n-si-6.2.7.1-3.24.4 libreoffice-l10n-sk-6.2.7.1-3.24.4 libreoffice-l10n-sl-6.2.7.1-3.24.4 libreoffice-l10n-sr-6.2.7.1-3.24.4 libreoffice-l10n-ss-6.2.7.1-3.24.4 libreoffice-l10n-st-6.2.7.1-3.24.4 libreoffice-l10n-sv-6.2.7.1-3.24.4 libreoffice-l10n-ta-6.2.7.1-3.24.4 libreoffice-l10n-te-6.2.7.1-3.24.4 libreoffice-l10n-th-6.2.7.1-3.24.4 libreoffice-l10n-tn-6.2.7.1-3.24.4 libreoffice-l10n-tr-6.2.7.1-3.24.4 libreoffice-l10n-ts-6.2.7.1-3.24.4 libreoffice-l10n-uk-6.2.7.1-3.24.4 libreoffice-l10n-ve-6.2.7.1-3.24.4 libreoffice-l10n-xh-6.2.7.1-3.24.4 libreoffice-l10n-zh_CN-6.2.7.1-3.24.4 libreoffice-l10n-zh_TW-6.2.7.1-3.24.4 libreoffice-l10n-zu-6.2.7.1-3.24.4 References: https://www.suse.com/security/cve/CVE-2019-9854.html https://www.suse.com/security/cve/CVE-2019-9855.html https://bugzilla.suse.com/1149943 https://bugzilla.suse.com/1149944 From sle-security-updates at lists.suse.com Wed Oct 16 13:17:35 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 16 Oct 2019 21:17:35 +0200 (CEST) Subject: SUSE-SU-2019:2687-1: moderate: Security update for mariadb-100 Message-ID: <20191016191735.30594F798@maintenance.suse.de> SUSE Security Update: Security update for mariadb-100 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2687-1 Rating: moderate References: #1132826 #1141798 Cross-References: CVE-2019-2614 CVE-2019-2627 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for mariadb-100 fixes the following issues: Updated to MariaDB 10.0.40-1. Security issues fixed: - CVE-2019-2805, CVE-2019-2740, CVE-2019-2739, CVE-2019-2737, CVE-2019-2614, CVE-2019-2627. (bsc#1132826) (bsc#1141798). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2687=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2687=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2687=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2687=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libmysqlclient_r18-10.0.40.1-2.9.1 libmysqlclient_r18-32bit-10.0.40.1-2.9.1 mariadb-100-debuginfo-10.0.40.1-2.9.1 mariadb-100-debugsource-10.0.40.1-2.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.40.1-2.9.1 libmysqlclient_r18-10.0.40.1-2.9.1 libmysqld-devel-10.0.40.1-2.9.1 libmysqld18-10.0.40.1-2.9.1 libmysqld18-debuginfo-10.0.40.1-2.9.1 mariadb-100-debuginfo-10.0.40.1-2.9.1 mariadb-100-debugsource-10.0.40.1-2.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libmysqlclient18-10.0.40.1-2.9.1 libmysqlclient18-debuginfo-10.0.40.1-2.9.1 mariadb-100-debuginfo-10.0.40.1-2.9.1 mariadb-100-debugsource-10.0.40.1-2.9.1 mariadb-100-errormessages-10.0.40.1-2.9.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libmysqlclient18-32bit-10.0.40.1-2.9.1 libmysqlclient18-debuginfo-32bit-10.0.40.1-2.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libmysqlclient18-10.0.40.1-2.9.1 libmysqlclient18-32bit-10.0.40.1-2.9.1 libmysqlclient18-debuginfo-10.0.40.1-2.9.1 libmysqlclient18-debuginfo-32bit-10.0.40.1-2.9.1 libmysqlclient_r18-10.0.40.1-2.9.1 libmysqlclient_r18-32bit-10.0.40.1-2.9.1 mariadb-100-debuginfo-10.0.40.1-2.9.1 mariadb-100-debugsource-10.0.40.1-2.9.1 mariadb-100-errormessages-10.0.40.1-2.9.1 References: https://www.suse.com/security/cve/CVE-2019-2614.html https://www.suse.com/security/cve/CVE-2019-2627.html https://www.suse.com/security/cve/CVE-2019-2737.html https://www.suse.com/security/cve/CVE-2019-2739.html https://www.suse.com/security/cve/CVE-2019-2740.html https://www.suse.com/security/cve/CVE-2019-2805.html https://bugzilla.suse.com/1132826 https://bugzilla.suse.com/1141798 From sle-security-updates at lists.suse.com Wed Oct 16 16:16:39 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 17 Oct 2019 00:16:39 +0200 (CEST) Subject: SUSE-SU-2019:2702-1: moderate: Security update for gcc7 Message-ID: <20191016221639.15FB9F798@maintenance.suse.de> SUSE Security Update: Security update for gcc7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2702-1 Rating: moderate References: #1071995 #1141897 #1142649 #1148517 #1149145 Cross-References: CVE-2019-14250 CVE-2019-15847 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for gcc7 to r275405 fixes the following issues: Security issues fixed: - CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649). - CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145). Non-security issue fixed: - Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2702=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2702=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2702=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2702=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2702=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2702=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): cross-arm-gcc7-7.4.1+r275405-4.9.2 cross-arm-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-arm-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-arm-none-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-arm-none-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-arm-none-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-avr-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-avr-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-avr-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-epiphany-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-epiphany-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-epiphany-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-hppa-gcc7-7.4.1+r275405-4.9.2 cross-hppa-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-hppa-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-hppa-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-i386-gcc7-7.4.1+r275405-4.9.2 cross-i386-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-i386-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-i386-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-m68k-gcc7-7.4.1+r275405-4.9.2 cross-m68k-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-m68k-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-m68k-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-mips-gcc7-7.4.1+r275405-4.9.2 cross-mips-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-mips-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-mips-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-rx-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-rx-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-rx-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-sparc-gcc7-7.4.1+r275405-4.9.2 cross-sparc-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-sparc-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-sparcv9-gcc7-icecream-backend-7.4.1+r275405-4.9.2 gcc7-debuginfo-7.4.1+r275405-4.9.2 gcc7-debugsource-7.4.1+r275405-4.9.2 gcc7-go-7.4.1+r275405-4.9.2 gcc7-go-debuginfo-7.4.1+r275405-4.9.2 gcc7-obj-c++-7.4.1+r275405-4.9.2 gcc7-obj-c++-debuginfo-7.4.1+r275405-4.9.2 gcc7-testresults-7.4.1+r275405-4.9.2 libatomic1-gcc7-7.4.1+r275405-4.9.2 libatomic1-gcc7-debuginfo-7.4.1+r275405-4.9.2 libgcc_s1-gcc7-7.4.1+r275405-4.9.2 libgcc_s1-gcc7-debuginfo-7.4.1+r275405-4.9.2 libgo11-7.4.1+r275405-4.9.2 libgo11-debuginfo-7.4.1+r275405-4.9.2 libgomp1-gcc7-7.4.1+r275405-4.9.2 libgomp1-gcc7-debuginfo-7.4.1+r275405-4.9.2 libitm1-gcc7-7.4.1+r275405-4.9.2 libitm1-gcc7-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-gcc7-7.4.1+r275405-4.9.2 libstdc++6-gcc7-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-gcc7-locale-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le x86_64): cross-s390x-gcc7-7.4.1+r275405-4.9.2 cross-s390x-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-s390x-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-s390x-gcc7-icecream-backend-7.4.1+r275405-4.9.2 liblsan0-gcc7-7.4.1+r275405-4.9.2 liblsan0-gcc7-debuginfo-7.4.1+r275405-4.9.2 libtsan0-gcc7-7.4.1+r275405-4.9.2 libtsan0-gcc7-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x): cross-x86_64-gcc7-7.4.1+r275405-4.9.2 cross-x86_64-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-x86_64-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-x86_64-gcc7-icecream-backend-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x x86_64): cross-ppc64le-gcc7-7.4.1+r275405-4.9.2 cross-ppc64le-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-ppc64le-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-ppc64le-gcc7-icecream-backend-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le s390x x86_64): cross-aarch64-gcc7-7.4.1+r275405-4.9.2 cross-aarch64-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-aarch64-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-aarch64-gcc7-icecream-backend-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x x86_64): gcc7-ada-32bit-7.4.1+r275405-4.9.2 gcc7-go-32bit-7.4.1+r275405-4.9.2 gcc7-obj-c++-32bit-7.4.1+r275405-4.9.2 gcc7-objc-32bit-7.4.1+r275405-4.9.2 libada7-32bit-7.4.1+r275405-4.9.2 libada7-32bit-debuginfo-7.4.1+r275405-4.9.2 libatomic1-gcc7-32bit-7.4.1+r275405-4.9.2 libatomic1-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libgcc_s1-gcc7-32bit-7.4.1+r275405-4.9.2 libgcc_s1-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libgo11-32bit-7.4.1+r275405-4.9.2 libgo11-32bit-debuginfo-7.4.1+r275405-4.9.2 libgomp1-gcc7-32bit-7.4.1+r275405-4.9.2 libgomp1-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libitm1-gcc7-32bit-7.4.1+r275405-4.9.2 libitm1-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libobjc4-32bit-7.4.1+r275405-4.9.2 libobjc4-32bit-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-gcc7-32bit-7.4.1+r275405-4.9.2 libstdc++6-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libmpx2-gcc7-32bit-7.4.1+r275405-4.9.2 libmpx2-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libmpx2-gcc7-7.4.1+r275405-4.9.2 libmpx2-gcc7-debuginfo-7.4.1+r275405-4.9.2 libmpxwrappers2-gcc7-32bit-7.4.1+r275405-4.9.2 libmpxwrappers2-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libmpxwrappers2-gcc7-7.4.1+r275405-4.9.2 libmpxwrappers2-gcc7-debuginfo-7.4.1+r275405-4.9.2 libquadmath0-gcc7-32bit-7.4.1+r275405-4.9.2 libquadmath0-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libquadmath0-gcc7-7.4.1+r275405-4.9.2 libquadmath0-gcc7-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): gcc7-32bit-7.4.1+r275405-4.9.2 gcc7-c++-32bit-7.4.1+r275405-4.9.2 gcc7-fortran-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-debuginfo-7.4.1+r275405-4.9.2 libgfortran4-32bit-7.4.1+r275405-4.9.2 libgfortran4-32bit-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-devel-gcc7-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): cross-arm-gcc7-7.4.1+r275405-4.9.2 cross-arm-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-arm-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-arm-none-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-arm-none-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-arm-none-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-avr-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-avr-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-avr-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-epiphany-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-epiphany-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-epiphany-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-hppa-gcc7-7.4.1+r275405-4.9.2 cross-hppa-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-hppa-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-hppa-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-i386-gcc7-7.4.1+r275405-4.9.2 cross-i386-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-i386-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-i386-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-m68k-gcc7-7.4.1+r275405-4.9.2 cross-m68k-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-m68k-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-m68k-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-mips-gcc7-7.4.1+r275405-4.9.2 cross-mips-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-mips-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-mips-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-rx-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-rx-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-rx-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-sparc-gcc7-7.4.1+r275405-4.9.2 cross-sparc-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-sparc-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-sparcv9-gcc7-icecream-backend-7.4.1+r275405-4.9.2 gcc7-debuginfo-7.4.1+r275405-4.9.2 gcc7-debugsource-7.4.1+r275405-4.9.2 gcc7-go-7.4.1+r275405-4.9.2 gcc7-go-debuginfo-7.4.1+r275405-4.9.2 gcc7-obj-c++-7.4.1+r275405-4.9.2 gcc7-obj-c++-debuginfo-7.4.1+r275405-4.9.2 gcc7-testresults-7.4.1+r275405-4.9.2 libgo11-7.4.1+r275405-4.9.2 libgo11-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (s390x x86_64): gcc7-ada-32bit-7.4.1+r275405-4.9.2 gcc7-go-32bit-7.4.1+r275405-4.9.2 gcc7-obj-c++-32bit-7.4.1+r275405-4.9.2 gcc7-objc-32bit-7.4.1+r275405-4.9.2 libada7-32bit-7.4.1+r275405-4.9.2 libada7-7.4.1+r275405-4.9.2 libada7-debuginfo-7.4.1+r275405-4.9.2 libgo11-32bit-7.4.1+r275405-4.9.2 libobjc4-32bit-7.4.1+r275405-4.9.2 libobjc4-7.4.1+r275405-4.9.2 libobjc4-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (s390x): gcc7-32bit-7.4.1+r275405-4.9.2 gcc7-c++-32bit-7.4.1+r275405-4.9.2 gcc7-fortran-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-7.4.1+r275405-4.9.2 libgfortran4-32bit-7.4.1+r275405-4.9.2 libstdc++6-devel-gcc7-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.4.1+r275405-4.9.2 gcc7-ada-debuginfo-7.4.1+r275405-4.9.2 gcc7-debuginfo-7.4.1+r275405-4.9.2 gcc7-debugsource-7.4.1+r275405-4.9.2 gcc7-locale-7.4.1+r275405-4.9.2 gcc7-objc-7.4.1+r275405-4.9.2 gcc7-objc-debuginfo-7.4.1+r275405-4.9.2 libada7-7.4.1+r275405-4.9.2 libada7-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): cross-nvptx-gcc7-7.4.1+r275405-4.9.2 cross-nvptx-newlib7-devel-7.4.1+r275405-4.9.2 gcc7-32bit-7.4.1+r275405-4.9.2 gcc7-c++-32bit-7.4.1+r275405-4.9.2 gcc7-fortran-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-debuginfo-7.4.1+r275405-4.9.2 libcilkrts5-32bit-7.4.1+r275405-4.9.2 libcilkrts5-32bit-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-devel-gcc7-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): gcc7-info-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.4.1+r275405-4.9.2 gcc7-ada-debuginfo-7.4.1+r275405-4.9.2 gcc7-debuginfo-7.4.1+r275405-4.9.2 gcc7-debugsource-7.4.1+r275405-4.9.2 gcc7-locale-7.4.1+r275405-4.9.2 gcc7-objc-7.4.1+r275405-4.9.2 gcc7-objc-debuginfo-7.4.1+r275405-4.9.2 libada7-7.4.1+r275405-4.9.2 libada7-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): cross-nvptx-gcc7-7.4.1+r275405-4.9.2 cross-nvptx-newlib7-devel-7.4.1+r275405-4.9.2 gcc7-32bit-7.4.1+r275405-4.9.2 gcc7-c++-32bit-7.4.1+r275405-4.9.2 gcc7-fortran-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-debuginfo-7.4.1+r275405-4.9.2 libcilkrts5-32bit-7.4.1+r275405-4.9.2 libcilkrts5-32bit-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-devel-gcc7-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): gcc7-info-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cpp7-7.4.1+r275405-4.9.2 cpp7-debuginfo-7.4.1+r275405-4.9.2 gcc7-7.4.1+r275405-4.9.2 gcc7-c++-7.4.1+r275405-4.9.2 gcc7-c++-debuginfo-7.4.1+r275405-4.9.2 gcc7-debuginfo-7.4.1+r275405-4.9.2 gcc7-debugsource-7.4.1+r275405-4.9.2 gcc7-fortran-7.4.1+r275405-4.9.2 gcc7-fortran-debuginfo-7.4.1+r275405-4.9.2 libasan4-7.4.1+r275405-4.9.2 libasan4-debuginfo-7.4.1+r275405-4.9.2 libgfortran4-7.4.1+r275405-4.9.2 libgfortran4-debuginfo-7.4.1+r275405-4.9.2 libobjc4-7.4.1+r275405-4.9.2 libobjc4-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-devel-gcc7-7.4.1+r275405-4.9.2 libubsan0-7.4.1+r275405-4.9.2 libubsan0-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcilkrts5-7.4.1+r275405-4.9.2 libcilkrts5-debuginfo-7.4.1+r275405-4.9.2 libgfortran4-32bit-7.4.1+r275405-4.9.2 libgfortran4-32bit-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): cpp7-7.4.1+r275405-4.9.2 cpp7-debuginfo-7.4.1+r275405-4.9.2 gcc7-7.4.1+r275405-4.9.2 gcc7-c++-7.4.1+r275405-4.9.2 gcc7-c++-debuginfo-7.4.1+r275405-4.9.2 gcc7-debuginfo-7.4.1+r275405-4.9.2 gcc7-debugsource-7.4.1+r275405-4.9.2 gcc7-fortran-7.4.1+r275405-4.9.2 gcc7-fortran-debuginfo-7.4.1+r275405-4.9.2 libasan4-7.4.1+r275405-4.9.2 libasan4-debuginfo-7.4.1+r275405-4.9.2 libgfortran4-7.4.1+r275405-4.9.2 libgfortran4-debuginfo-7.4.1+r275405-4.9.2 libobjc4-7.4.1+r275405-4.9.2 libobjc4-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-devel-gcc7-7.4.1+r275405-4.9.2 libubsan0-7.4.1+r275405-4.9.2 libubsan0-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libcilkrts5-7.4.1+r275405-4.9.2 libcilkrts5-debuginfo-7.4.1+r275405-4.9.2 libgfortran4-32bit-7.4.1+r275405-4.9.2 libgfortran4-32bit-debuginfo-7.4.1+r275405-4.9.2 References: https://www.suse.com/security/cve/CVE-2019-14250.html https://www.suse.com/security/cve/CVE-2019-15847.html https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1141897 https://bugzilla.suse.com/1142649 https://bugzilla.suse.com/1148517 https://bugzilla.suse.com/1149145 From sle-security-updates at lists.suse.com Thu Oct 17 10:14:09 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 17 Oct 2019 18:14:09 +0200 (CEST) Subject: SUSE-SU-2019:2706-1: important: Security update for the Linux Kernel Message-ID: <20191017161409.A9C2DF798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2706-1 Rating: important References: #1051510 #1054914 #1055117 #1061840 #1065600 #1065729 #1071995 #1082555 #1104967 #1109158 #1113722 #1114279 #1119086 #1123034 #1127988 #1131304 #1137069 #1137865 #1137959 #1140155 #1141013 #1142076 #1142635 #1146042 #1146519 #1146540 #1146664 #1148133 #1148712 #1148868 #1149313 #1149446 #1149555 #1149651 #1150381 #1150423 #1151350 #1151610 #1151667 #1151680 #1151891 #1151955 #1152024 #1152025 #1152026 #1152161 #1152325 #1152457 #1152460 #1152466 #1152972 #1152974 #1152975 Cross-References: CVE-2017-18595 CVE-2019-14821 CVE-2019-15291 CVE-2019-9506 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 49 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-15291: There was a NULL pointer dereference, caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-14821: An out-of-bounds access issue was found in the way the KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka "KNOB") that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). The following non-security bugs were fixed: - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - isdn/capi: check message length in capi_write() (bsc#1051510). - kabi: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kabi - kabi: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kabi - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert "[media] marvell-ccic: reset ccic phy when stop streaming for stability" (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - pNFS fallback to MDS if no deviceid found (git-fixes). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Revert "mwifiex: fix system hang problem after resume" (bsc#1051510). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "alredy" -> "already" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "initializatin" -> "initialization" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: fix the transport error_count check (networking-stable-19_08_21). - secure boot lockdown: Fix-up backport of /dev/mem access restriction. The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter "dev_t line" (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - USB: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2706=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2706=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-2706=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2706=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2706=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-2706=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-150.38.1 kernel-default-debugsource-4.12.14-150.38.1 kernel-default-extra-4.12.14-150.38.1 kernel-default-extra-debuginfo-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-150.38.1 kernel-default-base-debuginfo-4.12.14-150.38.1 kernel-default-debuginfo-4.12.14-150.38.1 kernel-default-debugsource-4.12.14-150.38.1 kernel-obs-qa-4.12.14-150.38.1 kselftests-kmp-default-4.12.14-150.38.1 kselftests-kmp-default-debuginfo-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-150.38.1 kernel-default-debugsource-4.12.14-150.38.1 reiserfs-kmp-default-4.12.14-150.38.1 reiserfs-kmp-default-debuginfo-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-150.38.1 kernel-obs-build-debugsource-4.12.14-150.38.1 kernel-syms-4.12.14-150.38.1 kernel-vanilla-base-4.12.14-150.38.1 kernel-vanilla-base-debuginfo-4.12.14-150.38.1 kernel-vanilla-debuginfo-4.12.14-150.38.1 kernel-vanilla-debugsource-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-150.38.1 kernel-source-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150.38.1 kernel-default-base-4.12.14-150.38.1 kernel-default-debuginfo-4.12.14-150.38.1 kernel-default-debugsource-4.12.14-150.38.1 kernel-default-devel-4.12.14-150.38.1 kernel-default-devel-debuginfo-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-150.38.1 kernel-macros-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-150.38.1 kernel-zfcpdump-4.12.14-150.38.1 kernel-zfcpdump-debuginfo-4.12.14-150.38.1 kernel-zfcpdump-debugsource-4.12.14-150.38.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.38.1 cluster-md-kmp-default-debuginfo-4.12.14-150.38.1 dlm-kmp-default-4.12.14-150.38.1 dlm-kmp-default-debuginfo-4.12.14-150.38.1 gfs2-kmp-default-4.12.14-150.38.1 gfs2-kmp-default-debuginfo-4.12.14-150.38.1 kernel-default-debuginfo-4.12.14-150.38.1 kernel-default-debugsource-4.12.14-150.38.1 ocfs2-kmp-default-4.12.14-150.38.1 ocfs2-kmp-default-debuginfo-4.12.14-150.38.1 References: https://www.suse.com/security/cve/CVE-2017-18595.html https://www.suse.com/security/cve/CVE-2019-14821.html https://www.suse.com/security/cve/CVE-2019-15291.html https://www.suse.com/security/cve/CVE-2019-9506.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1123034 https://bugzilla.suse.com/1127988 https://bugzilla.suse.com/1131304 https://bugzilla.suse.com/1137069 https://bugzilla.suse.com/1137865 https://bugzilla.suse.com/1137959 https://bugzilla.suse.com/1140155 https://bugzilla.suse.com/1141013 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1146042 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146540 https://bugzilla.suse.com/1146664 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148712 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149313 https://bugzilla.suse.com/1149446 https://bugzilla.suse.com/1149555 https://bugzilla.suse.com/1149651 https://bugzilla.suse.com/1150381 https://bugzilla.suse.com/1150423 https://bugzilla.suse.com/1151350 https://bugzilla.suse.com/1151610 https://bugzilla.suse.com/1151667 https://bugzilla.suse.com/1151680 https://bugzilla.suse.com/1151891 https://bugzilla.suse.com/1151955 https://bugzilla.suse.com/1152024 https://bugzilla.suse.com/1152025 https://bugzilla.suse.com/1152026 https://bugzilla.suse.com/1152161 https://bugzilla.suse.com/1152325 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152460 https://bugzilla.suse.com/1152466 https://bugzilla.suse.com/1152972 https://bugzilla.suse.com/1152974 https://bugzilla.suse.com/1152975 From sle-security-updates at lists.suse.com Thu Oct 17 10:23:15 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 17 Oct 2019 18:23:15 +0200 (CEST) Subject: SUSE-SU-2019:2706-1: important: Security update for the Linux Kernel Message-ID: <20191017162315.E47E2F798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2706-1 Rating: important References: #1051510 #1054914 #1055117 #1061840 #1065600 #1065729 #1071995 #1082555 #1104967 #1109158 #1113722 #1114279 #1119086 #1123034 #1127988 #1131304 #1137069 #1137865 #1137959 #1140155 #1141013 #1142076 #1142635 #1146042 #1146519 #1146540 #1146664 #1148133 #1148712 #1148868 #1149313 #1149446 #1149555 #1149651 #1150381 #1150423 #1151350 #1151610 #1151667 #1151680 #1151891 #1151955 #1152024 #1152025 #1152026 #1152161 #1152325 #1152457 #1152460 #1152466 #1152972 #1152974 #1152975 Cross-References: CVE-2017-18595 CVE-2019-14821 CVE-2019-15291 CVE-2019-9506 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 49 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-15291: There was a NULL pointer dereference, caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-14821: An out-of-bounds access issue was found in the way the KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka "KNOB") that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). The following non-security bugs were fixed: - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - isdn/capi: check message length in capi_write() (bsc#1051510). - kabi: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kabi - kabi: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kabi - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert "[media] marvell-ccic: reset ccic phy when stop streaming for stability" (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - pNFS fallback to MDS if no deviceid found (git-fixes). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Revert "mwifiex: fix system hang problem after resume" (bsc#1051510). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "alredy" -> "already" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "initializatin" -> "initialization" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: fix the transport error_count check (networking-stable-19_08_21). - secure boot lockdown: Fix-up backport of /dev/mem access restriction. The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter "dev_t line" (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - USB: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2706=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2706=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-2706=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-2706=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2706=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2706=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-2706=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-150.38.1 kernel-default-debugsource-4.12.14-150.38.1 kernel-default-extra-4.12.14-150.38.1 kernel-default-extra-debuginfo-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-150.38.1 kernel-default-base-debuginfo-4.12.14-150.38.1 kernel-default-debuginfo-4.12.14-150.38.1 kernel-default-debugsource-4.12.14-150.38.1 kernel-obs-qa-4.12.14-150.38.1 kselftests-kmp-default-4.12.14-150.38.1 kselftests-kmp-default-debuginfo-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.38.1 kernel-default-debugsource-4.12.14-150.38.1 kernel-default-livepatch-4.12.14-150.38.1 kernel-livepatch-4_12_14-150_38-default-1-1.3.1 kernel-livepatch-4_12_14-150_38-default-debuginfo-1-1.3.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-150.38.1 kernel-default-debugsource-4.12.14-150.38.1 reiserfs-kmp-default-4.12.14-150.38.1 reiserfs-kmp-default-debuginfo-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-150.38.1 kernel-obs-build-debugsource-4.12.14-150.38.1 kernel-syms-4.12.14-150.38.1 kernel-vanilla-base-4.12.14-150.38.1 kernel-vanilla-base-debuginfo-4.12.14-150.38.1 kernel-vanilla-debuginfo-4.12.14-150.38.1 kernel-vanilla-debugsource-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-150.38.1 kernel-source-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150.38.1 kernel-default-base-4.12.14-150.38.1 kernel-default-debuginfo-4.12.14-150.38.1 kernel-default-debugsource-4.12.14-150.38.1 kernel-default-devel-4.12.14-150.38.1 kernel-default-devel-debuginfo-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-150.38.1 kernel-macros-4.12.14-150.38.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-150.38.1 kernel-zfcpdump-4.12.14-150.38.1 kernel-zfcpdump-debuginfo-4.12.14-150.38.1 kernel-zfcpdump-debugsource-4.12.14-150.38.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.38.1 cluster-md-kmp-default-debuginfo-4.12.14-150.38.1 dlm-kmp-default-4.12.14-150.38.1 dlm-kmp-default-debuginfo-4.12.14-150.38.1 gfs2-kmp-default-4.12.14-150.38.1 gfs2-kmp-default-debuginfo-4.12.14-150.38.1 kernel-default-debuginfo-4.12.14-150.38.1 kernel-default-debugsource-4.12.14-150.38.1 ocfs2-kmp-default-4.12.14-150.38.1 ocfs2-kmp-default-debuginfo-4.12.14-150.38.1 References: https://www.suse.com/security/cve/CVE-2017-18595.html https://www.suse.com/security/cve/CVE-2019-14821.html https://www.suse.com/security/cve/CVE-2019-15291.html https://www.suse.com/security/cve/CVE-2019-9506.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1123034 https://bugzilla.suse.com/1127988 https://bugzilla.suse.com/1131304 https://bugzilla.suse.com/1137069 https://bugzilla.suse.com/1137865 https://bugzilla.suse.com/1137959 https://bugzilla.suse.com/1140155 https://bugzilla.suse.com/1141013 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1146042 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146540 https://bugzilla.suse.com/1146664 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148712 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149313 https://bugzilla.suse.com/1149446 https://bugzilla.suse.com/1149555 https://bugzilla.suse.com/1149651 https://bugzilla.suse.com/1150381 https://bugzilla.suse.com/1150423 https://bugzilla.suse.com/1151350 https://bugzilla.suse.com/1151610 https://bugzilla.suse.com/1151667 https://bugzilla.suse.com/1151680 https://bugzilla.suse.com/1151891 https://bugzilla.suse.com/1151955 https://bugzilla.suse.com/1152024 https://bugzilla.suse.com/1152025 https://bugzilla.suse.com/1152026 https://bugzilla.suse.com/1152161 https://bugzilla.suse.com/1152325 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152460 https://bugzilla.suse.com/1152466 https://bugzilla.suse.com/1152972 https://bugzilla.suse.com/1152974 https://bugzilla.suse.com/1152975 From sle-security-updates at lists.suse.com Thu Oct 17 13:11:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 17 Oct 2019 21:11:38 +0200 (CEST) Subject: SUSE-SU-2019:2707-1: important: Security update for postgresql10 Message-ID: <20191017191138.4B521F798@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2707-1 Rating: important References: #1145092 Cross-References: CVE-2019-10208 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2707=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2707=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2707=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libecpg6-10.10-8.6.1 libecpg6-debuginfo-10.10-8.6.1 postgresql10-contrib-10.10-8.6.1 postgresql10-contrib-debuginfo-10.10-8.6.1 postgresql10-debuginfo-10.10-8.6.1 postgresql10-debugsource-10.10-8.6.1 postgresql10-devel-10.10-8.6.1 postgresql10-devel-debuginfo-10.10-8.6.1 postgresql10-plperl-10.10-8.6.1 postgresql10-plperl-debuginfo-10.10-8.6.1 postgresql10-plpython-10.10-8.6.1 postgresql10-plpython-debuginfo-10.10-8.6.1 postgresql10-pltcl-10.10-8.6.1 postgresql10-pltcl-debuginfo-10.10-8.6.1 postgresql10-server-10.10-8.6.1 postgresql10-server-debuginfo-10.10-8.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): postgresql10-docs-10.10-8.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): postgresql10-debuginfo-10.10-8.6.1 postgresql10-debugsource-10.10-8.6.1 postgresql10-test-10.10-8.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libecpg6-32bit-10.10-8.6.1 libecpg6-32bit-debuginfo-10.10-8.6.1 libpq5-32bit-10.10-8.6.1 libpq5-32bit-debuginfo-10.10-8.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpq5-10.10-8.6.1 libpq5-debuginfo-10.10-8.6.1 postgresql10-10.10-8.6.1 postgresql10-debuginfo-10.10-8.6.1 postgresql10-debugsource-10.10-8.6.1 References: https://www.suse.com/security/cve/CVE-2019-10208.html https://bugzilla.suse.com/1145092 From sle-security-updates at lists.suse.com Fri Oct 18 07:11:20 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 18 Oct 2019 15:11:20 +0200 (CEST) Subject: SUSE-SU-2019:2710-1: important: Security update for the Linux Kernel Message-ID: <20191018131120.8F6A9F798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2710-1 Rating: important References: #1051510 #1054914 #1055117 #1061840 #1065600 #1065729 #1071995 #1082555 #1104967 #1109158 #1111666 #1113722 #1114279 #1119086 #1123034 #1127988 #1131304 #1137069 #1137865 #1137959 #1137982 #1140155 #1141013 #1142076 #1142635 #1146042 #1146519 #1146540 #1146664 #1148133 #1148712 #1148868 #1149313 #1149446 #1149555 #1149651 #1150305 #1150381 #1150423 #1150846 #1151067 #1151192 #1151350 #1151610 #1151661 #1151662 #1151667 #1151680 #1151891 #1151955 #1152024 #1152025 #1152026 #1152161 #1152187 #1152243 #1152325 #1152457 #1152460 #1152466 #1152525 #1152972 #1152974 #1152975 Cross-References: CVE-2017-18595 CVE-2019-14821 CVE-2019-15291 CVE-2019-9506 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has 60 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka "KNOB") that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). The following non-security bugs were fixed: - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet (bsc#1111666). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: introduce blk_mq_request_completed() (bsc#1149446). - blk-mq: introduce blk_mq_tagset_wait_completed_request() (bsc#1149446). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - Compile nvme.ko as module (bsc#1150846) - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: caam/qi - fix error handling in ERN handler (bsc#1111666). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - dma-buf/sw_sync: Synchronize signal vs syncpt free (bsc#1111666). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - floppy: fix usercopy direction (bsc#1111666). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - i2c: designware: Synchronize IRQs when unregistering slave client (bsc#1111666). - i40e: Add support for X710 device (bsc#1151067). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu: Do not use sme_active() in generic code (bsc#1151661). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151662). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - isdn/capi: check message length in capi_write() (bsc#1051510). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - KABI protect struct vmem_altmap (bsc#1150305). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - libnvdimm/altmap: Track namespace boundaries in altmap (bsc#1150305). - libnvdimm: prevent nvdimm from requesting key when security is disabled (bsc#1137982). - lightnvm: remove dependencies on BLK_DEV_NVME and PCI (bsc#1150846). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert "[media] marvell-ccic: reset ccic phy when stop streaming for stability" (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: do not abort completed request in nvme_cancel_request (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: remove redundant reference between ib_device and tagset (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme-rdma: use dynamic dma mapping per command (bsc#1149446). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - nvme-tcp: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-tcp: fix timeout handler (bsc#1149446). - nvme: wait until all completed request's complete fn is called (bsc#1149446). - PCI: Add ACS quirk for Amazon Annapurna Labs root ports (bsc#1152187,bsc#1152525). - PCI: Add Amazon's Annapurna Labs vendor ID (bsc#1152187,bsc#1152525). - PCI: Add quirk to disable MSI-X support for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI/VPD: Prevent VPD access for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - pNFS fallback to MDS if no deviceid found (git-fixes). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/papr_scm: Fix an off-by-one check in papr_scm_meta_{get, set} (bsc#1152243 ltc#181472). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Revert "mwifiex: fix system hang problem after resume" (bsc#1051510). - rtlwifi: Fix file release memory leak (bsc#1111666). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "alredy" -> "already" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "initializatin" -> "initialization" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: fix the transport error_count check (networking-stable-19_08_21). - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter "dev_t line" (bsc#1051510). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1111666). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - supported.conf: Add vfio_ccw (bsc#1151192 jsc#SLE-6138). - supported.conf: Mark vfio_ccw supported by SUSE, because bugs can be routed to IBM via SUSE support (jsc#SLE-6138, bsc#1151192). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - team: Add vlan tx offload to hw_enc_features (bsc#1051510). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs (bsc#1111666). - tun: fix use-after-free when register netdev failed (bsc#1111666). - Update s390 config files (bsc#1151192). - VFIO_CCW=m - S390_CCW_IOMMU=y - USB: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - vhost/test: fix build for vhost test (bsc#1111666). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - wcn36xx: use dynamic allocation for large variables (bsc#1111666). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xsk: avoid store-tearing when assigning queues (bsc#1111666). - xsk: avoid store-tearing when assigning umem (bsc#1111666). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2710=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2710=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2710=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2710=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2710=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-2710=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.21.1 kernel-default-debugsource-4.12.14-197.21.1 kernel-default-extra-4.12.14-197.21.1 kernel-default-extra-debuginfo-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.21.1 kernel-default-debugsource-4.12.14-197.21.1 kernel-obs-qa-4.12.14-197.21.1 kernel-vanilla-4.12.14-197.21.1 kernel-vanilla-base-4.12.14-197.21.1 kernel-vanilla-base-debuginfo-4.12.14-197.21.1 kernel-vanilla-debuginfo-4.12.14-197.21.1 kernel-vanilla-debugsource-4.12.14-197.21.1 kernel-vanilla-devel-4.12.14-197.21.1 kernel-vanilla-devel-debuginfo-4.12.14-197.21.1 kernel-vanilla-livepatch-devel-4.12.14-197.21.1 kselftests-kmp-default-4.12.14-197.21.1 kselftests-kmp-default-debuginfo-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64): kernel-debug-4.12.14-197.21.1 kernel-debug-base-4.12.14-197.21.1 kernel-debug-base-debuginfo-4.12.14-197.21.1 kernel-debug-debuginfo-4.12.14-197.21.1 kernel-debug-debugsource-4.12.14-197.21.1 kernel-debug-devel-4.12.14-197.21.1 kernel-debug-devel-debuginfo-4.12.14-197.21.1 kernel-debug-livepatch-devel-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x): kernel-default-livepatch-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): dtb-al-4.12.14-197.21.1 dtb-allwinner-4.12.14-197.21.1 dtb-altera-4.12.14-197.21.1 dtb-amd-4.12.14-197.21.1 dtb-amlogic-4.12.14-197.21.1 dtb-apm-4.12.14-197.21.1 dtb-arm-4.12.14-197.21.1 dtb-broadcom-4.12.14-197.21.1 dtb-cavium-4.12.14-197.21.1 dtb-exynos-4.12.14-197.21.1 dtb-freescale-4.12.14-197.21.1 dtb-hisilicon-4.12.14-197.21.1 dtb-lg-4.12.14-197.21.1 dtb-marvell-4.12.14-197.21.1 dtb-mediatek-4.12.14-197.21.1 dtb-nvidia-4.12.14-197.21.1 dtb-qcom-4.12.14-197.21.1 dtb-renesas-4.12.14-197.21.1 dtb-rockchip-4.12.14-197.21.1 dtb-socionext-4.12.14-197.21.1 dtb-sprd-4.12.14-197.21.1 dtb-xilinx-4.12.14-197.21.1 dtb-zte-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): kernel-kvmsmall-4.12.14-197.21.1 kernel-kvmsmall-base-4.12.14-197.21.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.21.1 kernel-kvmsmall-debuginfo-4.12.14-197.21.1 kernel-kvmsmall-debugsource-4.12.14-197.21.1 kernel-kvmsmall-devel-4.12.14-197.21.1 kernel-kvmsmall-devel-debuginfo-4.12.14-197.21.1 kernel-kvmsmall-livepatch-devel-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-docs-html-4.12.14-197.21.1 kernel-source-vanilla-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): kernel-zfcpdump-debuginfo-4.12.14-197.21.1 kernel-zfcpdump-debugsource-4.12.14-197.21.1 kernel-zfcpdump-man-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.21.1 kernel-default-debugsource-4.12.14-197.21.1 reiserfs-kmp-default-4.12.14-197.21.1 reiserfs-kmp-default-debuginfo-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.21.1 kernel-obs-build-debugsource-4.12.14-197.21.1 kernel-syms-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.21.1 kernel-source-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.21.1 kernel-default-base-4.12.14-197.21.1 kernel-default-base-debuginfo-4.12.14-197.21.1 kernel-default-debuginfo-4.12.14-197.21.1 kernel-default-debugsource-4.12.14-197.21.1 kernel-default-devel-4.12.14-197.21.1 kernel-default-devel-debuginfo-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.21.1 kernel-macros-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.21.1 kernel-zfcpdump-4.12.14-197.21.1 kernel-zfcpdump-debuginfo-4.12.14-197.21.1 kernel-zfcpdump-debugsource-4.12.14-197.21.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.21.1 cluster-md-kmp-default-debuginfo-4.12.14-197.21.1 dlm-kmp-default-4.12.14-197.21.1 dlm-kmp-default-debuginfo-4.12.14-197.21.1 gfs2-kmp-default-4.12.14-197.21.1 gfs2-kmp-default-debuginfo-4.12.14-197.21.1 kernel-default-debuginfo-4.12.14-197.21.1 kernel-default-debugsource-4.12.14-197.21.1 ocfs2-kmp-default-4.12.14-197.21.1 ocfs2-kmp-default-debuginfo-4.12.14-197.21.1 References: https://www.suse.com/security/cve/CVE-2017-18595.html https://www.suse.com/security/cve/CVE-2019-14821.html https://www.suse.com/security/cve/CVE-2019-15291.html https://www.suse.com/security/cve/CVE-2019-9506.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1123034 https://bugzilla.suse.com/1127988 https://bugzilla.suse.com/1131304 https://bugzilla.suse.com/1137069 https://bugzilla.suse.com/1137865 https://bugzilla.suse.com/1137959 https://bugzilla.suse.com/1137982 https://bugzilla.suse.com/1140155 https://bugzilla.suse.com/1141013 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1146042 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146540 https://bugzilla.suse.com/1146664 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148712 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149313 https://bugzilla.suse.com/1149446 https://bugzilla.suse.com/1149555 https://bugzilla.suse.com/1149651 https://bugzilla.suse.com/1150305 https://bugzilla.suse.com/1150381 https://bugzilla.suse.com/1150423 https://bugzilla.suse.com/1150846 https://bugzilla.suse.com/1151067 https://bugzilla.suse.com/1151192 https://bugzilla.suse.com/1151350 https://bugzilla.suse.com/1151610 https://bugzilla.suse.com/1151661 https://bugzilla.suse.com/1151662 https://bugzilla.suse.com/1151667 https://bugzilla.suse.com/1151680 https://bugzilla.suse.com/1151891 https://bugzilla.suse.com/1151955 https://bugzilla.suse.com/1152024 https://bugzilla.suse.com/1152025 https://bugzilla.suse.com/1152026 https://bugzilla.suse.com/1152161 https://bugzilla.suse.com/1152187 https://bugzilla.suse.com/1152243 https://bugzilla.suse.com/1152325 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152460 https://bugzilla.suse.com/1152466 https://bugzilla.suse.com/1152525 https://bugzilla.suse.com/1152972 https://bugzilla.suse.com/1152974 https://bugzilla.suse.com/1152975 From sle-security-updates at lists.suse.com Fri Oct 18 07:21:47 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 18 Oct 2019 15:21:47 +0200 (CEST) Subject: SUSE-SU-2019:2710-1: important: Security update for the Linux Kernel Message-ID: <20191018132147.1F8FBF798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2710-1 Rating: important References: #1051510 #1054914 #1055117 #1061840 #1065600 #1065729 #1071995 #1082555 #1104967 #1109158 #1111666 #1113722 #1114279 #1119086 #1123034 #1127988 #1131304 #1137069 #1137865 #1137959 #1137982 #1140155 #1141013 #1142076 #1142635 #1146042 #1146519 #1146540 #1146664 #1148133 #1148712 #1148868 #1149313 #1149446 #1149555 #1149651 #1150305 #1150381 #1150423 #1150846 #1151067 #1151192 #1151350 #1151610 #1151661 #1151662 #1151667 #1151680 #1151891 #1151955 #1152024 #1152025 #1152026 #1152161 #1152187 #1152243 #1152325 #1152457 #1152460 #1152466 #1152525 #1152972 #1152974 #1152975 Cross-References: CVE-2017-18595 CVE-2019-14821 CVE-2019-15291 CVE-2019-9506 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has 60 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka "KNOB") that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). The following non-security bugs were fixed: - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet (bsc#1111666). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: introduce blk_mq_request_completed() (bsc#1149446). - blk-mq: introduce blk_mq_tagset_wait_completed_request() (bsc#1149446). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - Compile nvme.ko as module (bsc#1150846) - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: caam/qi - fix error handling in ERN handler (bsc#1111666). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - dma-buf/sw_sync: Synchronize signal vs syncpt free (bsc#1111666). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - floppy: fix usercopy direction (bsc#1111666). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - i2c: designware: Synchronize IRQs when unregistering slave client (bsc#1111666). - i40e: Add support for X710 device (bsc#1151067). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu: Do not use sme_active() in generic code (bsc#1151661). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151662). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - isdn/capi: check message length in capi_write() (bsc#1051510). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - KABI protect struct vmem_altmap (bsc#1150305). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - libnvdimm/altmap: Track namespace boundaries in altmap (bsc#1150305). - libnvdimm: prevent nvdimm from requesting key when security is disabled (bsc#1137982). - lightnvm: remove dependencies on BLK_DEV_NVME and PCI (bsc#1150846). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert "[media] marvell-ccic: reset ccic phy when stop streaming for stability" (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: do not abort completed request in nvme_cancel_request (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: remove redundant reference between ib_device and tagset (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme-rdma: use dynamic dma mapping per command (bsc#1149446). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - nvme-tcp: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-tcp: fix timeout handler (bsc#1149446). - nvme: wait until all completed request's complete fn is called (bsc#1149446). - PCI: Add ACS quirk for Amazon Annapurna Labs root ports (bsc#1152187,bsc#1152525). - PCI: Add Amazon's Annapurna Labs vendor ID (bsc#1152187,bsc#1152525). - PCI: Add quirk to disable MSI-X support for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI/VPD: Prevent VPD access for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - pNFS fallback to MDS if no deviceid found (git-fixes). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/papr_scm: Fix an off-by-one check in papr_scm_meta_{get, set} (bsc#1152243 ltc#181472). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Revert "mwifiex: fix system hang problem after resume" (bsc#1051510). - rtlwifi: Fix file release memory leak (bsc#1111666). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "alredy" -> "already" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "initializatin" -> "initialization" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: fix the transport error_count check (networking-stable-19_08_21). - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter "dev_t line" (bsc#1051510). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1111666). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - supported.conf: Add vfio_ccw (bsc#1151192 jsc#SLE-6138). - supported.conf: Mark vfio_ccw supported by SUSE, because bugs can be routed to IBM via SUSE support (jsc#SLE-6138, bsc#1151192). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - team: Add vlan tx offload to hw_enc_features (bsc#1051510). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs (bsc#1111666). - tun: fix use-after-free when register netdev failed (bsc#1111666). - Update s390 config files (bsc#1151192). - VFIO_CCW=m - S390_CCW_IOMMU=y - USB: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - vhost/test: fix build for vhost test (bsc#1111666). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - wcn36xx: use dynamic allocation for large variables (bsc#1111666). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xsk: avoid store-tearing when assigning queues (bsc#1111666). - xsk: avoid store-tearing when assigning umem (bsc#1111666). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2710=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2710=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-2710=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2710=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2710=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2710=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-2710=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.21.1 kernel-default-debugsource-4.12.14-197.21.1 kernel-default-extra-4.12.14-197.21.1 kernel-default-extra-debuginfo-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.21.1 kernel-default-debugsource-4.12.14-197.21.1 kernel-obs-qa-4.12.14-197.21.1 kernel-vanilla-4.12.14-197.21.1 kernel-vanilla-base-4.12.14-197.21.1 kernel-vanilla-base-debuginfo-4.12.14-197.21.1 kernel-vanilla-debuginfo-4.12.14-197.21.1 kernel-vanilla-debugsource-4.12.14-197.21.1 kernel-vanilla-devel-4.12.14-197.21.1 kernel-vanilla-devel-debuginfo-4.12.14-197.21.1 kernel-vanilla-livepatch-devel-4.12.14-197.21.1 kselftests-kmp-default-4.12.14-197.21.1 kselftests-kmp-default-debuginfo-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64): kernel-debug-4.12.14-197.21.1 kernel-debug-base-4.12.14-197.21.1 kernel-debug-base-debuginfo-4.12.14-197.21.1 kernel-debug-debuginfo-4.12.14-197.21.1 kernel-debug-debugsource-4.12.14-197.21.1 kernel-debug-devel-4.12.14-197.21.1 kernel-debug-devel-debuginfo-4.12.14-197.21.1 kernel-debug-livepatch-devel-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x): kernel-default-livepatch-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): dtb-al-4.12.14-197.21.1 dtb-allwinner-4.12.14-197.21.1 dtb-altera-4.12.14-197.21.1 dtb-amd-4.12.14-197.21.1 dtb-amlogic-4.12.14-197.21.1 dtb-apm-4.12.14-197.21.1 dtb-arm-4.12.14-197.21.1 dtb-broadcom-4.12.14-197.21.1 dtb-cavium-4.12.14-197.21.1 dtb-exynos-4.12.14-197.21.1 dtb-freescale-4.12.14-197.21.1 dtb-hisilicon-4.12.14-197.21.1 dtb-lg-4.12.14-197.21.1 dtb-marvell-4.12.14-197.21.1 dtb-mediatek-4.12.14-197.21.1 dtb-nvidia-4.12.14-197.21.1 dtb-qcom-4.12.14-197.21.1 dtb-renesas-4.12.14-197.21.1 dtb-rockchip-4.12.14-197.21.1 dtb-socionext-4.12.14-197.21.1 dtb-sprd-4.12.14-197.21.1 dtb-xilinx-4.12.14-197.21.1 dtb-zte-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-docs-html-4.12.14-197.21.1 kernel-source-vanilla-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): kernel-kvmsmall-4.12.14-197.21.1 kernel-kvmsmall-base-4.12.14-197.21.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.21.1 kernel-kvmsmall-debuginfo-4.12.14-197.21.1 kernel-kvmsmall-debugsource-4.12.14-197.21.1 kernel-kvmsmall-devel-4.12.14-197.21.1 kernel-kvmsmall-devel-debuginfo-4.12.14-197.21.1 kernel-kvmsmall-livepatch-devel-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): kernel-zfcpdump-debuginfo-4.12.14-197.21.1 kernel-zfcpdump-debugsource-4.12.14-197.21.1 kernel-zfcpdump-man-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.21.1 kernel-default-debugsource-4.12.14-197.21.1 kernel-default-livepatch-4.12.14-197.21.1 kernel-default-livepatch-devel-4.12.14-197.21.1 kernel-livepatch-4_12_14-197_21-default-1-3.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.21.1 kernel-default-debugsource-4.12.14-197.21.1 reiserfs-kmp-default-4.12.14-197.21.1 reiserfs-kmp-default-debuginfo-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.21.1 kernel-obs-build-debugsource-4.12.14-197.21.1 kernel-syms-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.21.1 kernel-source-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.21.1 kernel-default-base-4.12.14-197.21.1 kernel-default-base-debuginfo-4.12.14-197.21.1 kernel-default-debuginfo-4.12.14-197.21.1 kernel-default-debugsource-4.12.14-197.21.1 kernel-default-devel-4.12.14-197.21.1 kernel-default-devel-debuginfo-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.21.1 kernel-macros-4.12.14-197.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.21.1 kernel-zfcpdump-4.12.14-197.21.1 kernel-zfcpdump-debuginfo-4.12.14-197.21.1 kernel-zfcpdump-debugsource-4.12.14-197.21.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.21.1 cluster-md-kmp-default-debuginfo-4.12.14-197.21.1 dlm-kmp-default-4.12.14-197.21.1 dlm-kmp-default-debuginfo-4.12.14-197.21.1 gfs2-kmp-default-4.12.14-197.21.1 gfs2-kmp-default-debuginfo-4.12.14-197.21.1 kernel-default-debuginfo-4.12.14-197.21.1 kernel-default-debugsource-4.12.14-197.21.1 ocfs2-kmp-default-4.12.14-197.21.1 ocfs2-kmp-default-debuginfo-4.12.14-197.21.1 References: https://www.suse.com/security/cve/CVE-2017-18595.html https://www.suse.com/security/cve/CVE-2019-14821.html https://www.suse.com/security/cve/CVE-2019-15291.html https://www.suse.com/security/cve/CVE-2019-9506.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1123034 https://bugzilla.suse.com/1127988 https://bugzilla.suse.com/1131304 https://bugzilla.suse.com/1137069 https://bugzilla.suse.com/1137865 https://bugzilla.suse.com/1137959 https://bugzilla.suse.com/1137982 https://bugzilla.suse.com/1140155 https://bugzilla.suse.com/1141013 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1146042 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146540 https://bugzilla.suse.com/1146664 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148712 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149313 https://bugzilla.suse.com/1149446 https://bugzilla.suse.com/1149555 https://bugzilla.suse.com/1149651 https://bugzilla.suse.com/1150305 https://bugzilla.suse.com/1150381 https://bugzilla.suse.com/1150423 https://bugzilla.suse.com/1150846 https://bugzilla.suse.com/1151067 https://bugzilla.suse.com/1151192 https://bugzilla.suse.com/1151350 https://bugzilla.suse.com/1151610 https://bugzilla.suse.com/1151661 https://bugzilla.suse.com/1151662 https://bugzilla.suse.com/1151667 https://bugzilla.suse.com/1151680 https://bugzilla.suse.com/1151891 https://bugzilla.suse.com/1151955 https://bugzilla.suse.com/1152024 https://bugzilla.suse.com/1152025 https://bugzilla.suse.com/1152026 https://bugzilla.suse.com/1152161 https://bugzilla.suse.com/1152187 https://bugzilla.suse.com/1152243 https://bugzilla.suse.com/1152325 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152460 https://bugzilla.suse.com/1152466 https://bugzilla.suse.com/1152525 https://bugzilla.suse.com/1152972 https://bugzilla.suse.com/1152974 https://bugzilla.suse.com/1152975 From sle-security-updates at lists.suse.com Fri Oct 18 13:16:44 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 18 Oct 2019 21:16:44 +0200 (CEST) Subject: SUSE-SU-2019:2719-1: moderate: Security update for python-xdg Message-ID: <20191018191644.ED3A0F798@maintenance.suse.de> SUSE Security Update: Security update for python-xdg ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2719-1 Rating: moderate References: #859835 Cross-References: CVE-2014-1624 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-xdg fixes the following issues: Security issue fixed: - CVE-2014-1624: Fixed a TOCTOU race condition in get_runtime_dir(). (bsc#859835) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2719=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2719=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): python-xdg-0.25-9.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): python-xdg-0.25-9.3.1 References: https://www.suse.com/security/cve/CVE-2014-1624.html https://bugzilla.suse.com/859835 From sle-security-updates at lists.suse.com Fri Oct 18 13:21:14 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 18 Oct 2019 21:21:14 +0200 (CEST) Subject: SUSE-SU-2019:2462-2: moderate: Security update for python-numpy Message-ID: <20191018192114.11D53F798@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2462-2 Rating: moderate References: #1149203 Cross-References: CVE-2019-6446 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for HPC 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issues: Non-security issues fixed: - Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-2462=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2462=1 - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2019-2462=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2462=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-numpy-debuginfo-1.16.1-4.8.1 python-numpy-debugsource-1.16.1-4.8.1 python2-numpy-1.16.1-4.8.1 python2-numpy-debuginfo-1.16.1-4.8.1 python2-numpy-devel-1.16.1-4.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le s390x): python2-numpy-gnu-hpc-1.16.1-4.8.1 python2-numpy-gnu-hpc-devel-1.16.1-4.8.1 python3-numpy-gnu-hpc-1.16.1-4.8.1 python3-numpy-gnu-hpc-devel-1.16.1-4.8.1 - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): python2-numpy-gnu-hpc-1.16.1-4.8.1 python2-numpy-gnu-hpc-devel-1.16.1-4.8.1 python3-numpy-gnu-hpc-1.16.1-4.8.1 python3-numpy-gnu-hpc-devel-1.16.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): python-numpy-debuginfo-1.16.1-4.8.1 python-numpy-debugsource-1.16.1-4.8.1 python3-numpy-1.16.1-4.8.1 python3-numpy-debuginfo-1.16.1-4.8.1 python3-numpy-devel-1.16.1-4.8.1 References: https://www.suse.com/security/cve/CVE-2019-6446.html https://bugzilla.suse.com/1149203 From sle-security-updates at lists.suse.com Fri Oct 18 13:22:01 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 18 Oct 2019 21:22:01 +0200 (CEST) Subject: SUSE-SU-2019:14193-1: important: Security update for sudo Message-ID: <20191018192201.8869EF798@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14193-1 Rating: important References: #1153674 Cross-References: CVE-2019-14287 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-sudo-14193=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-sudo-14193=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sudo-14193=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-sudo-14193=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): sudo-1.7.6p2-0.30.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): sudo-1.7.6p2-0.30.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): sudo-debuginfo-1.7.6p2-0.30.5.1 sudo-debugsource-1.7.6p2-0.30.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): sudo-debuginfo-1.7.6p2-0.30.5.1 sudo-debugsource-1.7.6p2-0.30.5.1 References: https://www.suse.com/security/cve/CVE-2019-14287.html https://bugzilla.suse.com/1153674 From sle-security-updates at lists.suse.com Fri Oct 18 13:22:48 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 18 Oct 2019 21:22:48 +0200 (CEST) Subject: SUSE-SU-2019:1353-2: moderate: Security update for bluez Message-ID: <20191018192248.ACC56F798@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1353-2 Rating: moderate References: #1013708 #1013712 #1013893 #1015171 Cross-References: CVE-2016-9797 CVE-2016-9798 CVE-2016-9802 CVE-2016-9917 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for bluez fixes the following issues: Security issues fixed: - CVE-2016-9797: Fixed a buffer over-read in l2cap_dump() (bsc#1013708). - CVE-2016-9798: Fixed a use-after-free in conf_opt() (bsc#1013712). - CVE-2016-9917: Fixed a heap-based buffer overflow in read_n() (bsc#1015171). - CVE-2016-9802: Fixed a buffer over-read in l2cap_packet() (bsc#1013893). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1353=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1353=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-1353=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1353=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): bluez-cups-5.48-5.16.1 bluez-cups-debuginfo-5.48-5.16.1 bluez-debuginfo-5.48-5.16.1 bluez-debugsource-5.48-5.16.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.48-5.16.1 bluez-debugsource-5.48-5.16.1 bluez-test-5.48-5.16.1 bluez-test-debuginfo-5.48-5.16.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): bluez-auto-enable-devices-5.48-5.16.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): bluez-devel-32bit-5.48-5.16.1 libbluetooth3-32bit-5.48-5.16.1 libbluetooth3-32bit-debuginfo-5.48-5.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): bluez-5.48-5.16.1 bluez-debuginfo-5.48-5.16.1 bluez-debugsource-5.48-5.16.1 bluez-devel-5.48-5.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.48-5.16.1 bluez-debugsource-5.48-5.16.1 libbluetooth3-5.48-5.16.1 libbluetooth3-debuginfo-5.48-5.16.1 References: https://www.suse.com/security/cve/CVE-2016-9797.html https://www.suse.com/security/cve/CVE-2016-9798.html https://www.suse.com/security/cve/CVE-2016-9802.html https://www.suse.com/security/cve/CVE-2016-9917.html https://bugzilla.suse.com/1013708 https://bugzilla.suse.com/1013712 https://bugzilla.suse.com/1013893 https://bugzilla.suse.com/1015171 From sle-security-updates at lists.suse.com Mon Oct 21 10:12:35 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 21 Oct 2019 18:12:35 +0200 (CEST) Subject: SUSE-SU-2019:2727-1: moderate: Security update for dhcp Message-ID: <20191021161235.07834F798@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2727-1 Rating: moderate References: #1089524 #1134078 #1136572 Cross-References: CVE-2019-6470 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078). Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524). - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2727=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2727=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2727=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.3-10.19.1 dhcp-debugsource-4.3.3-10.19.1 dhcp-devel-4.3.3-10.19.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dhcp-4.3.3-10.19.1 dhcp-client-4.3.3-10.19.1 dhcp-client-debuginfo-4.3.3-10.19.1 dhcp-debuginfo-4.3.3-10.19.1 dhcp-debugsource-4.3.3-10.19.1 dhcp-relay-4.3.3-10.19.1 dhcp-relay-debuginfo-4.3.3-10.19.1 dhcp-server-4.3.3-10.19.1 dhcp-server-debuginfo-4.3.3-10.19.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dhcp-4.3.3-10.19.1 dhcp-client-4.3.3-10.19.1 dhcp-client-debuginfo-4.3.3-10.19.1 dhcp-debuginfo-4.3.3-10.19.1 dhcp-debugsource-4.3.3-10.19.1 - SUSE CaaS Platform 3.0 (x86_64): dhcp-4.3.3-10.19.1 dhcp-client-4.3.3-10.19.1 dhcp-client-debuginfo-4.3.3-10.19.1 References: https://www.suse.com/security/cve/CVE-2019-6470.html https://bugzilla.suse.com/1089524 https://bugzilla.suse.com/1134078 https://bugzilla.suse.com/1136572 From sle-security-updates at lists.suse.com Mon Oct 21 13:12:26 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 21 Oct 2019 21:12:26 +0200 (CEST) Subject: SUSE-SU-2019:2730-1: important: Security update for procps Message-ID: <20191021191226.57092F798@maintenance.suse.de> SUSE Security Update: Security update for procps ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2730-1 Rating: important References: #1092100 #1121753 Cross-References: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert "Support running with child namespaces" * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2730=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2730=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libprocps7-3.3.15-7.7.26 libprocps7-debuginfo-3.3.15-7.7.26 procps-3.3.15-7.7.26 procps-debuginfo-3.3.15-7.7.26 procps-debugsource-3.3.15-7.7.26 procps-devel-3.3.15-7.7.26 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libprocps7-3.3.15-7.7.26 libprocps7-debuginfo-3.3.15-7.7.26 procps-3.3.15-7.7.26 procps-debuginfo-3.3.15-7.7.26 procps-debugsource-3.3.15-7.7.26 procps-devel-3.3.15-7.7.26 References: https://www.suse.com/security/cve/CVE-2018-1122.html https://www.suse.com/security/cve/CVE-2018-1123.html https://www.suse.com/security/cve/CVE-2018-1124.html https://www.suse.com/security/cve/CVE-2018-1125.html https://www.suse.com/security/cve/CVE-2018-1126.html https://bugzilla.suse.com/1092100 https://bugzilla.suse.com/1121753 From sle-security-updates at lists.suse.com Tue Oct 22 07:11:42 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 22 Oct 2019 15:11:42 +0200 (CEST) Subject: SUSE-SU-2019:2737-1: moderate: Security update for openconnect Message-ID: <20191022131142.ED69FF798@maintenance.suse.de> SUSE Security Update: Security update for openconnect ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2737-1 Rating: moderate References: #1151178 Cross-References: CVE-2019-16239 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openconnect fixes the following issues: - CVE-2019-16239: Fixed a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. (bsc#1151178) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2737=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2737=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2737=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2737=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): openconnect-lang-7.08-6.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): openconnect-7.08-6.3.1 openconnect-debuginfo-7.08-6.3.1 openconnect-debugsource-7.08-6.3.1 openconnect-devel-7.08-6.3.1 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): openconnect-7.08-6.3.1 openconnect-debuginfo-7.08-6.3.1 openconnect-debugsource-7.08-6.3.1 openconnect-devel-7.08-6.3.1 - SUSE Linux Enterprise Workstation Extension 15 (noarch): openconnect-lang-7.08-6.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): openconnect-debuginfo-7.08-6.3.1 openconnect-debugsource-7.08-6.3.1 openconnect-doc-7.08-6.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openconnect-debuginfo-7.08-6.3.1 openconnect-debugsource-7.08-6.3.1 openconnect-doc-7.08-6.3.1 References: https://www.suse.com/security/cve/CVE-2019-16239.html https://bugzilla.suse.com/1151178 From sle-security-updates at lists.suse.com Tue Oct 22 07:12:23 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 22 Oct 2019 15:12:23 +0200 (CEST) Subject: SUSE-SU-2019:2736-1: moderate: Security update for ceph, ceph-iscsi, ses-manual_en Message-ID: <20191022131223.B3C15F798@maintenance.suse.de> SUSE Security Update: Security update for ceph, ceph-iscsi, ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2736-1 Rating: moderate References: #1132767 #1134444 #1135584 #1137503 #1140491 #1141174 #1145093 #1145617 #1145618 #1145759 #1146656 #1147132 #1149093 #1150406 #1151439 #1151990 #1151991 #1151992 #1151993 #1151994 #1151995 #1152002 Cross-References: CVE-2019-10222 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that solves one vulnerability and has 21 fixes is now available. Description: This update for ceph, ceph-iscsi and ses-manual_en fixes the following issues: Security issues fixed: - CVE-2019-10222: Fixed RGW crash caused by unauthenticated clients. (bsc#1145093) Non-security issues-fixed: - ceph-volume: prints errors to stdout with --format json (bsc#1132767) - mgr/dashboard: Changing rgw-api-host does not get effective without disable/enable dashboard mgr module (bsc#1137503) - mgr/dashboard: Silence Alertmanager alerts (bsc#1141174) - mgr/dashboard: Fix e2e failures caused by webdriver version (bsc#1145759) - librbd: always try to acquire exclusive lock when removing image (bsc#1149093) - The no{up,down,in,out} related commands have been revamped (bsc#1151990) - radosgw-admin gets two new subcommands for managing expire-stale objects. (bsc#1151991) - Deploying a single new BlueStore OSD on a cluster upgraded to SES6 from SES5 breaks pool utilization stats reported by ceph df (bsc#1151992) - Ceph cluster will no longer issue a health warning if CRUSH tunables are older than "hammer" (bsc#1151993) - Nautilus-based librbd clients can not open images on Jewel clusters (bsc#1151994) - The RGW num_rados_handles has been removed in Ceph 14.2.3 (bsc#1151995) - "osd_deep_scrub_large_omap_object_key_threshold" has been lowered in Nautilus 14.2.3 (bsc#1152002) - Support iSCSI target-level CHAP authentication (bsc#1145617) - Validation and render of iSCSI controls based "type" (bsc#1140491) - Fix error editing iSCSI image advanced settings (bsc#1146656) - Fix error during iSCSI target edit Fixes in ses-manual_en: - Added a new chapter with changelogs of Ceph releases. (bsc#1135584) - Rewrote rolling updates and replaced running stage.0 with manual commands to prevent infinite loop. (bsc#1134444) - Improved name of CaaSP to its fuller version. (bsc#1151439) - Verify which OSD's are going to be removed before running stage.5. (bsc#1150406) - Added two additional steps to recovering an OSD. (bsc#1147132) Fixes in ceph-iscsi: - Validate kernel LIO controls type and value (bsc#1140491) - TPG lun_id persistence (bsc#1145618) - Target level CHAP authentication (bsc#1145617) ceph-iscsi was updated to the upstream 3.2 release: - Always use host FQDN instead of shortname - Validate min/max value for target controls and rbd:user/tcmu-runner image controls (bsc#1140491) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2736=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2736=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2736=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ceph-14.2.4.373+gc3e67ed133-3.19.1 ceph-base-14.2.4.373+gc3e67ed133-3.19.1 ceph-base-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-debugsource-14.2.4.373+gc3e67ed133-3.19.1 ceph-fuse-14.2.4.373+gc3e67ed133-3.19.1 ceph-fuse-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-mds-14.2.4.373+gc3e67ed133-3.19.1 ceph-mds-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-mgr-14.2.4.373+gc3e67ed133-3.19.1 ceph-mgr-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-mon-14.2.4.373+gc3e67ed133-3.19.1 ceph-mon-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-osd-14.2.4.373+gc3e67ed133-3.19.1 ceph-osd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-radosgw-14.2.4.373+gc3e67ed133-3.19.1 ceph-radosgw-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 cephfs-shell-14.2.4.373+gc3e67ed133-3.19.1 rbd-fuse-14.2.4.373+gc3e67ed133-3.19.1 rbd-fuse-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 rbd-mirror-14.2.4.373+gc3e67ed133-3.19.1 rbd-mirror-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 rbd-nbd-14.2.4.373+gc3e67ed133-3.19.1 rbd-nbd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): ceph-grafana-dashboards-14.2.4.373+gc3e67ed133-3.19.1 ceph-mgr-dashboard-14.2.4.373+gc3e67ed133-3.19.1 ceph-mgr-diskprediction-cloud-14.2.4.373+gc3e67ed133-3.19.1 ceph-mgr-diskprediction-local-14.2.4.373+gc3e67ed133-3.19.1 ceph-mgr-rook-14.2.4.373+gc3e67ed133-3.19.1 ceph-mgr-ssh-14.2.4.373+gc3e67ed133-3.19.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): ceph-test-14.2.4.373+gc3e67ed133-3.19.1 ceph-test-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-test-debugsource-14.2.4.373+gc3e67ed133-3.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ceph-common-14.2.4.373+gc3e67ed133-3.19.1 ceph-common-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-debugsource-14.2.4.373+gc3e67ed133-3.19.1 libcephfs-devel-14.2.4.373+gc3e67ed133-3.19.1 libcephfs2-14.2.4.373+gc3e67ed133-3.19.1 libcephfs2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 librados-devel-14.2.4.373+gc3e67ed133-3.19.1 librados-devel-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 librados2-14.2.4.373+gc3e67ed133-3.19.1 librados2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 libradospp-devel-14.2.4.373+gc3e67ed133-3.19.1 librbd-devel-14.2.4.373+gc3e67ed133-3.19.1 librbd1-14.2.4.373+gc3e67ed133-3.19.1 librbd1-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 librgw-devel-14.2.4.373+gc3e67ed133-3.19.1 librgw2-14.2.4.373+gc3e67ed133-3.19.1 librgw2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 python3-ceph-argparse-14.2.4.373+gc3e67ed133-3.19.1 python3-cephfs-14.2.4.373+gc3e67ed133-3.19.1 python3-cephfs-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 python3-rados-14.2.4.373+gc3e67ed133-3.19.1 python3-rados-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 python3-rbd-14.2.4.373+gc3e67ed133-3.19.1 python3-rbd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 python3-rgw-14.2.4.373+gc3e67ed133-3.19.1 python3-rgw-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 rados-objclass-devel-14.2.4.373+gc3e67ed133-3.19.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): ceph-14.2.4.373+gc3e67ed133-3.19.1 ceph-base-14.2.4.373+gc3e67ed133-3.19.1 ceph-base-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-common-14.2.4.373+gc3e67ed133-3.19.1 ceph-common-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-debugsource-14.2.4.373+gc3e67ed133-3.19.1 ceph-fuse-14.2.4.373+gc3e67ed133-3.19.1 ceph-fuse-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-mds-14.2.4.373+gc3e67ed133-3.19.1 ceph-mds-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-mgr-14.2.4.373+gc3e67ed133-3.19.1 ceph-mgr-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-mon-14.2.4.373+gc3e67ed133-3.19.1 ceph-mon-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-osd-14.2.4.373+gc3e67ed133-3.19.1 ceph-osd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 ceph-radosgw-14.2.4.373+gc3e67ed133-3.19.1 ceph-radosgw-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 cephfs-shell-14.2.4.373+gc3e67ed133-3.19.1 libcephfs2-14.2.4.373+gc3e67ed133-3.19.1 libcephfs2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 librados2-14.2.4.373+gc3e67ed133-3.19.1 librados2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 librbd1-14.2.4.373+gc3e67ed133-3.19.1 librbd1-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 librgw2-14.2.4.373+gc3e67ed133-3.19.1 librgw2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 python3-ceph-argparse-14.2.4.373+gc3e67ed133-3.19.1 python3-cephfs-14.2.4.373+gc3e67ed133-3.19.1 python3-cephfs-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 python3-rados-14.2.4.373+gc3e67ed133-3.19.1 python3-rados-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 python3-rbd-14.2.4.373+gc3e67ed133-3.19.1 python3-rbd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 python3-rgw-14.2.4.373+gc3e67ed133-3.19.1 python3-rgw-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 rbd-fuse-14.2.4.373+gc3e67ed133-3.19.1 rbd-fuse-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 rbd-mirror-14.2.4.373+gc3e67ed133-3.19.1 rbd-mirror-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 rbd-nbd-14.2.4.373+gc3e67ed133-3.19.1 rbd-nbd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1 - SUSE Enterprise Storage 6 (noarch): ceph-grafana-dashboards-14.2.4.373+gc3e67ed133-3.19.1 ceph-iscsi-3.3+1570532654.g93940a4-3.5.1 ceph-mgr-dashboard-14.2.4.373+gc3e67ed133-3.19.1 ceph-mgr-diskprediction-local-14.2.4.373+gc3e67ed133-3.19.1 ceph-mgr-rook-14.2.4.373+gc3e67ed133-3.19.1 ceph-prometheus-alerts-14.2.4.373+gc3e67ed133-3.19.1 ses-admin_en-pdf-6+git145.1558531-3.15.1 ses-deployment_en-pdf-6+git145.1558531-3.15.1 ses-manual_en-6+git145.1558531-3.15.1 References: https://www.suse.com/security/cve/CVE-2019-10222.html https://bugzilla.suse.com/1132767 https://bugzilla.suse.com/1134444 https://bugzilla.suse.com/1135584 https://bugzilla.suse.com/1137503 https://bugzilla.suse.com/1140491 https://bugzilla.suse.com/1141174 https://bugzilla.suse.com/1145093 https://bugzilla.suse.com/1145617 https://bugzilla.suse.com/1145618 https://bugzilla.suse.com/1145759 https://bugzilla.suse.com/1146656 https://bugzilla.suse.com/1147132 https://bugzilla.suse.com/1149093 https://bugzilla.suse.com/1150406 https://bugzilla.suse.com/1151439 https://bugzilla.suse.com/1151990 https://bugzilla.suse.com/1151991 https://bugzilla.suse.com/1151992 https://bugzilla.suse.com/1151993 https://bugzilla.suse.com/1151994 https://bugzilla.suse.com/1151995 https://bugzilla.suse.com/1152002 From sle-security-updates at lists.suse.com Tue Oct 22 10:11:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 22 Oct 2019 18:11:38 +0200 (CEST) Subject: SUSE-SU-2019:2738-1: important: Security update for the Linux Kernel Message-ID: <20191022161138.4F6BDF798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2738-1 Rating: important References: #1047238 #1050911 #1051510 #1054914 #1055117 #1056686 #1060662 #1061840 #1061843 #1064597 #1064701 #1065600 #1065729 #1066369 #1071009 #1071306 #1078248 #1082555 #1082635 #1085030 #1085536 #1085539 #1086103 #1087092 #1090734 #1091171 #1093205 #1102097 #1103990 #1104353 #1104427 #1104745 #1104902 #1106061 #1106284 #1106434 #1108382 #1109837 #1111666 #1112178 #1112374 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113722 #1113994 #1114279 #1114542 #1118689 #1119086 #1119113 #1120046 #1120876 #1120902 #1123105 #1123959 #1124370 #1129424 #1129519 #1129664 #1131107 #1131281 #1131489 #1131565 #1132426 #1133021 #1134291 #1134476 #1134881 #1134882 #1135219 #1135642 #1135897 #1135990 #1136039 #1136261 #1136346 #1136349 #1136352 #1136496 #1136498 #1136502 #1136682 #1137322 #1137323 #1137884 #1138099 #1138100 #1138539 #1139020 #1139021 #1139101 #1139500 #1140012 #1140426 #1140487 #1141340 #1141450 #1141543 #1141554 #1142019 #1142076 #1142109 #1142117 #1142118 #1142119 #1142496 #1142541 #1142635 #1142685 #1142701 #1142857 #1143300 #1143331 #1143466 #1143706 #1143738 #1143765 #1143841 #1143843 #1143962 #1144123 #1144333 #1144375 #1144474 #1144518 #1144582 #1144718 #1144813 #1144880 #1144886 #1144912 #1144920 #1144979 #1145010 #1145018 #1145051 #1145059 #1145189 #1145235 #1145256 #1145300 #1145302 #1145357 #1145388 #1145389 #1145390 #1145391 #1145392 #1145393 #1145394 #1145395 #1145396 #1145397 #1145408 #1145409 #1145446 #1145661 #1145678 #1145687 #1145920 #1145922 #1145934 #1145937 #1145940 #1145941 #1145942 #1145946 #1146074 #1146084 #1146141 #1146163 #1146215 #1146285 #1146346 #1146351 #1146352 #1146361 #1146368 #1146376 #1146378 #1146381 #1146391 #1146399 #1146413 #1146425 #1146512 #1146514 #1146516 #1146519 #1146524 #1146526 #1146529 #1146531 #1146543 #1146547 #1146550 #1146575 #1146589 #1146678 #1146938 #1148031 #1148032 #1148033 #1148034 #1148035 #1148093 #1148133 #1148192 #1148196 #1148198 #1148202 #1148219 #1148297 #1148303 #1148308 #1148363 #1148379 #1148394 #1148527 #1148570 #1148574 #1148616 #1148617 #1148619 #1148698 #1148859 #1148868 #1149053 #1149083 #1149104 #1149105 #1149106 #1149197 #1149214 #1149224 #1149325 #1149376 #1149413 #1149418 #1149424 #1149522 #1149527 #1149539 #1149552 #1149591 #1149602 #1149612 #1149626 #1149652 #1149713 #1149940 #1149976 #1150025 #1150033 #1150112 #1150562 #1150727 #1150860 #1150861 #1150933 Cross-References: CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15099 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that solves 40 vulnerabilities and has 225 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361). - CVE-2019-15924: fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure (bnc#1149612). - CVE-2019-9456: In the Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have led to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via an interrupt. To exploit the vulnerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE was misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bnc#1149626). - CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602). - CVE-2018-21008: A use-after-free could have been caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552). - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539). - CVE-2019-15926: An out-of-bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527). - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522). - CVE-2019-15902: Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524). - CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14815: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bsc#1146514) - CVE-2019-14816: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516). - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526). - CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093). - - Update reference for ath6kl fix (CVE-2019-15290,bsc#1146543). - - Update reference for ath6kl fix (CVE-2019-15290,bsc#1146543). - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146368). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550). - CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529). - CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413). - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425). - CVE-2019-15090: An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the qedi_dbg_* family of functions, there is an out-of-bounds read (bnc#1146399). - CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c. There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion (bnc#1145922). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920). - CVE-2019-10207: Bluetooth/hci_uart was missing a check for tty operations (bsc#1142857). The following non-security bugs were fixed: - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - ACPI/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ACPI: fix false-positive -Wuninitialized warning (bsc#1051510). - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - ACPI: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - Add missing structs and defines from recent SMB3.1.1 documentation (bsc#1144333). - Add new flag on SMB3.1.1 read (bsc#1144333). - Address lock imbalance warnings in smbdirect.c (bsc#1144333). - Add some missing debug fields in server and tcon structs (bsc#1144333). - add some missing definitions (bsc#1144333). - Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - ALSA: firewire: fix a memory leak bug (bsc#1051510). - ALSA: hda - Add a generic reboot_notify (bsc#1051510). - ALSA: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - ALSA: hda/ca0132 - Add new SBZ quirk (bsc#1051510). - ALSA: hda - Do not override global PCM hw info flag (bsc#1051510). - ALSA: hda: Fix 1-minute detection delay when i915 module is not available (bsc#1111666). - ALSA: hda - Fix a memory leak bug (bsc#1051510). - ALSA: hda - Fixes inverted Conexant GPIO mic mute led (bsc#1051510). - ALSA: hda - Fix potential endless loop at applying quirks (bsc#1051510). - ALSA: hda: kabi workaround for generic parser flag (bsc#1051510). - ALSA: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - ALSA: hda/realtek - Add quirk for HP Envy x360 (bsc#1051510). - ALSA: hda/realtek - Add quirk for HP Pavilion 15 (bsc#1051510). - ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL (bsc#1051510). - ALSA: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - ALSA: hiface: fix multiple memory leak bugs (bsc#1051510). - ALSA: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - ALSA: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - ALSA: usb-audio: Add implicit fb quirk for Behringer UFX1604 (bsc#1051510). - ALSA: usb-audio: Check mixer unit bitmap yet more strictly (bsc#1051510). - ALSA: usb-audio: fix a memory leak bug (bsc#1111666). - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate() (bsc#1051510). - arm64: fix undefined reference to 'printk' (bsc#1148219). - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1148219). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1148219). - arm64: PCI: Preserve firmware configuration when desired (SLE-9332). - ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ASoC: Fail card instantiation if DAI format setup fails (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - ath10k: Change the warning message string (bsc#1051510). - ath10k: Drop WARN_ON()s that always trigger during system resume (bsc#1111666). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bcache: Revert "bcache: use sysfs_match_string() instead of __sysfs_match_string()" (git fixes). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - Bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - Bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - Bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - Bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - Bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2fc_fcoe: Use skb_queue_walk_safe() (bsc#1136502 jsc#SLE-4703). - bnx2x: Disable multi-cos feature (bsc#1136498 jsc#SLE-4699). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bnxt_en: Fix to include flow direction in L2 key (bsc#1104745 ). - bnxt_en: Fix VNIC clearing logic for 57500 chips (bsc#1104745 ). - bnxt_en: Improve RX doorbell sequence (bsc#1104745). - bnxt_en: Use correct src_fid to determine direction of the flow (bsc#1104745). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - bpf: sockmap, only create entry if ulp is not already enabled (bsc#1109837). - bpf: sockmap, sock_map_delete needs to use xchg (bsc#1109837). - bpf: sockmap, synchronize_rcu before free'ing map (bsc#1109837). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata "Needless activation of MRAF irq" (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: add btime field to ceph_inode_info (bsc#1148133 bsc#1136682). - ceph: add ceph.snap.btime vxattr (bsc#1148133 bsc#1148570). - ceph: add change_attr field to ceph_inode_info (bsc#1148133 bsc#1136682). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: carry snapshot creation time with inodes (bsc#1148133 bsc#1148570). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: clear page dirty before invalidate page (bsc#1148133). - ceph: decode feature bits in session message (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix decode_locker to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix infinite loop in get_quota_realm() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: fix listxattr vxattr buffer length calculation (bsc#1148133 bsc#1148570). - ceph: handle btime in cap messages (bsc#1148133 bsc#1136682). - ceph: handle change_attr in cap messages (bsc#1148133 bsc#1136682). - ceph: have MDS map decoding use entity_addr_t decoder (bsc#1148133 bsc#1136682). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: increment change_attribute on local changes (bsc#1148133 bsc#1136682). - ceph: initialize superblock s_time_gran to 1 (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: remove unused vxattr length helpers (bsc#1148133 bsc#1148570). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - Cleanup some minor endian issues in smb3 rdma (bsc#1144333). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - config: arm64: Remove CONFIG_ARM64_MODULE_CMODEL_LARGE Option removed by patches in bsc#1148219 - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - crypto: virtio - Read crypto services and algorithm masks (jsc#SLE-5844 jsc#SLE-6331 bsc#1145446 LTC#175307). - crypto: virtio - Register an algo only if it's supported (jsc#SLE-5844 jsc#SLE-6331 bsc#1145446 LTC#175307). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: correctly calculate the size of metadata area (git fixes). - dm integrity: fix a crash due to BUG_ON in __journal_read_write() (git fixes). - dm integrity: fix deadlock with overlapping I/O (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm log writes: make sure super sector log updates are written in order (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE") (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm zoned: Silence a static checker warning (git fixes). - Documentation: Add nospectre_v1 parameter (bsc#1051510). - Documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - Documentation: Update Documentation for iommu.passthrough (bsc#1136039). - Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333). - Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amd/display: Always allocate initial connector state state (bsc#1111666). - drm/amd/display: Disable ABM before destroy ABM struct (bsc#1111666). - drm/amd/display: Fill prescale_params->scale for RGB565 (bsc#1111666). - drm/amd/display: fix compilation error (bsc#1111666). - drm/amd/display: Fix dc_create failure handling and 666 color depths (bsc#1111666). - drm/amd/display: Increase size of audios array (bsc#1111666). - drm/amd/display: num of sw i2c/aux engines less than num of connectors (bsc#1145946). - drm/amd/display: Only enable audio if speaker allocation exists (bsc#1111666). - drm/amd/display: Remove redundant non-zero and overflow check (bsc#1145946). - drm/amd/display: use encoder's engine id to find matched free audio device (bsc#1111666). - drm/amd/display: Wait for backlight programming completion in set backlight level (bsc#1111666). - drm/amdgpu: Add APTX quirk for Dell Latitude 5495 (bsc#1142635) - drm/amdgpu: added support 2nd UVD instance (bsc#1143331). - drm/amdgpu:change VEGA booting with firmware loaded by PSP (bsc#1143331). - drm/amdgpu: fix a potential information leaking bug (bsc#1111666). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE (bsc#1111666). - drm/amdkfd: Fix a potential memory leak (bsc#1111666). - drm/amdkfd: Fix sdma queue map issue (bsc#1111666). - drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m (bsc#1111666). - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: Also sprinkle irqrestore over early exits (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/edid: parse CEA blocks embedded in DisplayID (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/exynos: fix missing decrement of retry counter (bsc#1111666). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix GEN8_MCR_SELECTOR programming (bsc#1111666). - drm/i915: Fix HW readout for crtc_clock in HDMI mode (bsc#1111666). - drm/i915: Fix the TBT AUX power well enabling (bsc#1111666). - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1051510). - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915/gvt: fix incorrect cache entry for guest page mapping (bsc#1111666). - drm/i915/perf: ensure we keep a reference on the driver (bsc#1051510). - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/perf: fix ICL perf register offsets (bsc#1111666). - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1111666). - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1111666). - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm: silence variable 'conn' set but not used (bsc#1051510). - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - Drop an ASoC fix that was reverted in 4.14.y stable - eCryptfs: fix a couple type promotion bugs (bsc#1051510). - EDAC/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - EDAC, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - EDAC/amd64: Adjust printed chip select sizes when interleaved (bsc#1131489). - EDAC/amd64: Cache secondary Chip Select registers (bsc#1131489). - EDAC/amd64: Decode syndrome before translating address (bsc#1131489). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1131489). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1131489). - EDAC/amd64: Recognize DRAM device type ECC capability (bsc#1131489). - EDAC/amd64: Recognize x16 symbol size (bsc#1131489). - EDAC/amd64: Set maximum channel layer size depending on family (bsc#1131489). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1131489). - EDAC/amd64: Support more than two controllers for chip selects handling (bsc#1131489). - EDAC/amd64: Support more than two Unified Memory Controllers (bsc#1131489). - EDAC/amd64: Use a macro for iterating over Unified Memory Controllers (bsc#1131489). - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333). - Fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - Fix kABI after KVM fixes - Fix match_server check to allow for auto dialect negotiate (bsc#1144333). - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333). - Fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - Fix struct ufs_req removal of unused field (git-fixes). - Fix warning messages when mounting to older servers (bsc#1144333). - floppy: fix invalid pointer dereference in drive_name (bsc#1111666). - floppy: fix out-of-bounds read in next_valid_format (bsc#1111666). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - HID: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - HID: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - HID: hiddev: avoid opening a disconnected device (bsc#1051510). - HID: hiddev: do cleanup in failure of opening a device (bsc#1051510). - HID: holtek: test for sanity of intfdata (bsc#1051510). - HID: sony: Fix race condition between rumble and device remove (bsc#1051510). - HID: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - HID: wacom: correct misreported EKR ring values (bsc#1142635). - HID: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ia64: Get rid of iommu_pass_through (bsc#1136039). - IB/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - Input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - Input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - Input: iforce - add sanity checks (bsc#1051510). - Input: kbtab - sanity check for endpoint type (bsc#1051510). - Input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - Input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - Input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - iommu: Add helpers to set/get default domain type (bsc#1136039). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/amd: Request passthrough mode from IOMMU core (bsc#1136039). - iommu: Disable passthrough mode when SME is active (bsc#1136039). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Remove stale cached32_node (bsc#1145018). - iommu: Print default domain type on boot (bsc#1136039). - iommu: Remember when default domain type was set on kernel command line (bsc#1136039). - iommu: Set default domain type at runtime (bsc#1136039). - iommu: Use Functions to set default domain type in iommu_set_def_domain_type() (bsc#1136039). - iommu/vt-d: Request passthrough mode from IOMMU core (bsc#1136039). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v2m: Add support for Amazon Graviton variant of GICv3+GICv2m (SLE-9332). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - ISDN: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iversion: add a routine to update a raw value with a larger one (bsc#1148133). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - ixgbe: fix possible deadlock in ixgbe_service_task() (bsc#1113994). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kABI: Fix kABI for x86 pci-dma code (bsc#1136039). - kABI/severities: Exclude drivers/crypto/ccp/* - kABI/severities: match SLE15 entry ordering. - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - KVM: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - KVM: arm/arm64: Close VMID generation race (bsc#1133021). - KVM: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - KVM: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - KVM: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - KVM: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - KVM: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - KVM: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - KVM: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - KVM: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - KVM: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - KVM: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - KVM: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - KVM: mmu: Fix overlap between public and private memslots (bsc#1133021). - KVM: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - KVM: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - KVM: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - KVM: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - KVM: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - KVM: s390: add debug logging for cpu model subfunctions (jsc#SLE-6240). - KVM: s390: add deflate conversion facilty to cpu model (jsc#SLE-6240). - KVM: s390: add enhanced sort facilty to cpu model (jsc#SLE-6240 ). - KVM: s390: add MSA9 to cpumodel (jsc#SLE-6240). - KVM: s390: add vector BCD enhancements facility to cpumodel (jsc#SLE-6240). - KVM: s390: add vector enhancements facility 2 to cpumodel (jsc#SLE-6240). - KVM: s390: enable MSA9 keywrapping functions depending on cpu model (jsc#SLE-6240). - KVM: s390: implement subfunction processor calls (jsc#SLE-6240 ). - KVM: s390: provide query function for instructions returning 32 byte (jsc#SLE-6240). - KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - KVM: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - KVM: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - KVM: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - KVM: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - KVM: x86: fix backward migration with async_PF (bsc#1146074). - KVM/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - KVM: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - KVM: x86: Unconditionally enable irqs in guest context (bsc#1145396). - KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph: add ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: ADDR2 support for monmap (bsc#1148133 bsc#1136682). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: correctly decode ADDR2 addresses in incremental OSD maps (bsc#1148133 bsc#1136682). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: fix sa_family just after reading address (bsc#1148133 bsc#1136682). - libceph: fix unaligned accesses in ceph_entity_addr handling (bsc#1136682). - libceph: fix watch_item_t decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: make ceph_pr_addr take an struct ceph_entity_addr pointer (bsc#1136682). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: rename ceph_encode_addr to ceph_encode_banner_addr (bsc#1148133 bsc#1136682). - libceph: switch osdmap decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: turn on CEPH_FEATURE_MSG_ADDR2 (bsc#1148133 bsc#1136682). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libceph: use TYPE_LEGACY for entity addrs instead of TYPE_NONE (bsc#1148133 bsc#1136682). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - lpfc: fix 12.4.0.0 GPF at boot (bsc#1148308). - mac80211: Correctly set noencrypt for PAE frames (bsc#1111666). - mac80211: Do not memset RXCB prior to PAE intercept (bsc#1111666). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - mac80211_hwsim: Fix possible null-pointer dereferences in hwsim_dump_radio_nl() (bsc#1111666). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mlxsw: spectrum: Fix error path in mlxsw_sp_module_init() (bsc#1112374). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - mmc: sdhci-pci: Fix BYT OCP setting (bsc#1051510). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm: move MAP_SYNC to asm-generic/mman-common.h (bsc#1148297). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm, vmscan: do not special-case slab reclaim when watermarks are boosted (git fixes (mm/vmscan)). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move irq_data_get_effective_affinity_mask prior the sorted section - Move upstreamed BT fix into sorted section - Move upstreamed nvme fix into sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - Negotiate and save preferred compression algorithms (bsc#1144333). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: fix bpf_xdp_adjust_head regression for generic-XDP (bsc#1109837). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: hns3: add a check to pointer in error_detected and slot_reset (bsc#1104353). - net: hns3: add all IMP return code (bsc#1104353). - net: hns3: add aRFS support for PF (bsc#1104353). - net: hns3: add Asym Pause support to fix autoneg problem (bsc#1104353). - net: hns3: add check to number of buffer descriptors (bsc#1104353). - net: hns3: add default value for tc_size and tc_offset (bsc#1104353). - net: hns3: add exception handling when enable NIC HW error interrupts (bsc#1104353). - net: hns3: add handling of two bits in MAC tunnel interrupts (bsc#1104353). - net: hns3: add handshake with hardware while doing reset (bsc#1104353). - net: hns3: Add missing newline at end of file (bsc#1104353 ). - net: hns3: add opcode about query and clear RAS & MSI-X to special opcode (bsc#1104353). - net: hns3: add recovery for the H/W errors occurred before the HNS dev initialization (bsc#1104353). - net: hns3: add some error checking in hclge_tm module (bsc#1104353). - net: hns3: add support for dump firmware statistics by debugfs (bsc#1104353). - net: hns3: adjust hns3_uninit_phy()'s location in the hns3_client_uninit() (bsc#1104353). - net: hns3: bitwise operator should use unsigned type (bsc#1104353). - net: hns3: change SSU's buffer allocation according to UM (bsc#1104353). - net: hns3: check msg_data before memcpy in hclgevf_send_mbx_msg (bsc#1104353). - net: hns3: clear restting state when initializing HW device (bsc#1104353). - net: hns3: code optimizaition of hclge_handle_hw_ras_error() (bsc#1104353). - net: hns3: delay and separate enabling of NIC and ROCE HW errors (bsc#1104353). - net: hns3: delay ring buffer clearing during reset (bsc#1104353 ). - net: hns3: delay setting of reset level for hw errors until slot_reset is called (bsc#1104353). - net: hns3: delete the redundant user NIC codes (bsc#1104353 ). - net: hns3: do not configure new VLAN ID into VF VLAN table when it's full (bsc#1104353). - net: hns3: enable broadcast promisc mode when initializing VF (bsc#1104353). - net: hns3: enable DCB when TC num is one and pfc_en is non-zero (bsc#1104353). - net: hns3: extract handling of mpf/pf msi-x errors into functions (bsc#1104353). - net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector (bsc#1104353). - net: hns3: fix a statistics issue about l3l4 checksum error (bsc#1104353). - net: hns3: fix avoid unnecessary resetting for the H/W errors which do not require reset (bsc#1104353). - net: hns3: fix a -Wformat-nonliteral compile warning (bsc#1104353). - net: hns3: fix compile warning without CONFIG_RFS_ACCEL (bsc#1104353). - net: hns3: fix dereference of ae_dev before it is null checked (bsc#1104353). - net: hns3: fixes wrong place enabling ROCE HW error when loading (bsc#1104353). - net: hns3: fix flow control configure issue for fibre port (bsc#1104353). - net: hns3: fix for dereferencing before null checking (bsc#1104353). - net: hns3: fix for skb leak when doing selftest (bsc#1104353 ). - net: hns3: fix __QUEUE_STATE_STACK_XOFF not cleared issue (bsc#1104353). - net: hns3: fix race conditions between reset and module loading & unloading (bsc#1104353). - net: hns3: fix some coding style issues (bsc#1104353 ). - net: hns3: fix VLAN filter restore issue after reset (bsc#1104353). - net: hns3: fix wrong size of mailbox responding data (bsc#1104353). - net: hns3: free irq when exit from abnormal branch (bsc#1104353 ). - net: hns3: handle empty unknown interrupt (bsc#1104353 ). - net: hns3: initialize CPU reverse mapping (bsc#1104353 ). - net: hns3: log detail error info of ROCEE ECC and AXI errors (bsc#1104353). - net: hns3: make HW GRO handling compliant with SW GRO (bsc#1104353). - net: hns3: modify handling of out of memory in hclge_err.c (bsc#1104353). - net: hns3: modify hclge_init_client_instance() (bsc#1104353 ). - net: hns3: modify hclgevf_init_client_instance() (bsc#1104353 ). - net: hns3: optimize the CSQ cmd error handling (bsc#1104353 ). - net: hns3: process H/W errors occurred before HNS dev initialization (bsc#1104353). - net: hns3: refactor hns3_get_new_int_gl function (bsc#1104353 ). - net: hns3: refactor PF/VF RSS hash key configuration (bsc#1104353). - net: hns3: refine the flow director handle (bsc#1104353 ). - net: hns3: remove override_pci_need_reset (bsc#1104353 ). - net: hns3: remove redundant core reset (bsc#1104353 ). - net: hns3: remove RXD_VLD check in hns3_handle_bdinfo (bsc#1104353). - net: hns3: remove setting bit of reset_requests when handling mac tunnel interrupts (bsc#1104353). - net: hns3: remove unused linkmode definition (bsc#1104353 ). - net: hns3: remove VF VLAN filter entry inexistent warning print (bsc#1104353). - net: hns3: replace numa_node_id with numa_mem_id for buffer reusing (bsc#1104353). - net: hns3: re-schedule reset task while VF reset fail (bsc#1104353). - net: hns3: set default value for param "type" in hclgevf_bind_ring_to_vector (bsc#1104353). - net: hns3: set maximum length to resp_data_len for exceptional case (bsc#1104353). - net: hns3: set ops to null when unregister ad_dev (bsc#1104353 ). - net: hns3: set the port shaper according to MAC speed (bsc#1104353). - net: hns3: small changes for magic numbers (bsc#1104353 ). - net: hns3: some changes of MSI-X bits in PPU(RCB) (bsc#1104353 ). - net: hns3: some modifications to simplify and optimize code (bsc#1104353). - net: hns3: some variable modification (bsc#1104353). - net: hns3: stop schedule reset service while unloading driver (bsc#1104353). - net: hns3: sync VLAN filter entries when kill VLAN ID failed (bsc#1104353). - net: hns3: trigger VF reset if a VF has an over_8bd_nfe_err (bsc#1104353). - net: hns3: typo in the name of a constant (bsc#1104353 ). - net: hns3: use HCLGE_STATE_NIC_REGISTERED to indicate PF NIC client has registered (bsc#1104353). - net: hns3: use HCLGE_STATE_ROCE_REGISTERED to indicate PF ROCE client has registered (bsc#1104353). - net: hns3: use HCLGEVF_STATE_NIC_REGISTERED to indicate VF NIC client has registered (bsc#1104353). - net: hns3: use macros instead of magic numbers (bsc#1104353 ). - net: hns: add support for vlan TSO (bsc#1104353). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: always initialize frag->last_in_page (bsc#1103990 ). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/mlx5: Fix modify_cq_in alignment (bsc#1103990). - net: mvpp2: Do not check for 3 consecutive Idle frames for 10G links (bsc#1119113). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25). - net: phylink: Fix flow control for fixed-link (bsc#1119113 ). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - nfc: fix potential illegal memory access (bsc#1051510). - NFS: Cleanup if nfs_match_client is interrupted (bsc#1134291). - NFS: Fix a double unlock from nfs_match,get_client (bsc#1134291). - NFS: Fix the inode request accounting when pages have subrequests (bsc#1140012). - NFS: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - {nl,mac}80211: fix interface combinations on crypto controlled devices (bsc#1111666). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme: fix possible use-after-free in connect error flow (bsc#1139500) - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - PCI: al: Add Amazon Annapurna Labs PCIe host controller driver (SLE-9332). - PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - PCI: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - PCI: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - PCI: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - PCI: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - PM / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - PM / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/nvdimm: Add an informative message if we fail to allocate altmap block (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/nvdimm: Add support for multibyte read/write for metadata (bsc#1142685 LTC#179509). - powerpc/nvdimm: Pick nearby online node if the device node is not online (bsc#1142685 ltc#179509). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries/scm: Mark the region volatile if cache flush not required (bsc#1142685 LTC#179509). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qla2xxx: kABI fixes for v10.01.00.18-k (bcs#1082635 bcs#1141340 bcs#1143706). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - raid5-cache: Need to do start() part job after adding journal device (git fixes). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - RDMA/hns: Add mtr support for mixed multihop addressing (bsc#1104427). - RDMA/hns: Bugfix for calculating qp buffer size (bsc#1104427 ). - RDMA/hns: Bugfix for filling the sge of srq (bsc#1104427 ). - RDMa/hns: Do not stuck in endless timeout loop (bsc#1104427 ). - RDMA/hns: Fix an error code in hns_roce_set_user_sq_size() (bsc#1104427). - RDMA/hns: fix inverted logic of readl read and shift (bsc#1104427). - RDMA/hns: Fixs hw access invalid dma memory error (bsc#1104427 ). - RDMA/hns: Fixup qp release bug (bsc#1104427). - RDMA/hns: Modify ba page size for cqe (bsc#1104427). - RDMA/hns: Remove set but not used variable 'fclr_write_fail_flag' (bsc#1104427). - RDMA/hns: Remove unnecessary print message in aeq (bsc#1104427 ). - RDMA/hns: Replace magic numbers with #defines (bsc#1104427 ). - RDMA/hns: reset function when removing module (bsc#1104427 ). - RDMA/hns: Set reset flag when hw resetting (bsc#1104427 ). - RDMA/hns: Use %pK format pointer print (bsc#1104427 ). - refresh: soc: fsl: guts: Add definition for LX2160A (). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510, bsc#1144333). - Revert "Bluetooth: validate BLE connection interval updates" (bsc#1051510). - Revert "cfg80211: fix processing world regdomain when non modular" (bsc#1051510). - Revert "dm bufio: fix deadlock with loop device" (git fixes). - Revert i915 userptr page lock patch (bsc#1145051) This patch potentially causes a deadlock between kcompactd, as reported on 5.3-rc3. - Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" (bsc#1139020 bsc#1139021). - Revert patches.suse/0001-blk-wbt-Avoid-lock-contention-and-thundering-herd-is.patc h (bsc#1141543) - Revert "scsi: ncr5380: Increase register polling limit" (git-fixes). - Revert "scsi: prefix header search paths with $(srctree)/ (bsc#1136346)" - Revert "scsi: ufs: disable vccq if it's not needed by UFS device" (git-fixes). - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rtc: pcf8563: Clear event flags and disable interrupts before requesting irq (bsc#1051510). - rtc: pcf8563: Fix interrupt trigger method (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: Avoid implicit enum conversion in bfad_im_post_vendor_event (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_fcs_lport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_fcs_rport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_ioc: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: clean up a couple of indentation issues (bsc#1136496 jsc#SLE-4698). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bfa: fix calls to dma_set_mask_and_coherent() (bsc#1136496 jsc#SLE-4698). - scsi: bfa: no need to check return value of debugfs_create functions (bsc#1136496 jsc#SLE-4698). - scsi: bfa: remove ScsiResult macro (bsc#1136496 jsc#SLE-4698). - scsi: bfa: Remove unused functions (bsc#1136496 jsc#SLE-4698). - scsi: bfa: use dma_set_mask_and_coherent (bsc#1136496 jsc#SLE-4698). - scsi: bnx2fc: Do not allow both a cleanup completion and abort completion for the same request (bsc#1144582). - scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_rec (bsc#1144582). - scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_srr (bsc#1144582). - scsi: bnx2fc: Fix error handling in probe() (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: Limit the IO size according to the FW capability (bsc#1144582). - scsi: bnx2fc: Only put reference to io_req in bnx2fc_abts_cleanup if cleanup times out (bsc#1144582). - scsi: bnx2fc: Redo setting source FCoE MAC (bsc#1144582). - scsi: bnx2fc: Remove set but not used variable 'oxid' (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: remove unneeded variable (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Separate out completion flags and variables for abort and cleanup (bsc#1144582). - scsi: bnx2fc: Update the driver version to 2.12.10 (bsc#1144582). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: cxgb4i: fix incorrect spelling "reveive" -> "receive" (bsc#1136346 jsc#SLE-4682). - scsi: cxgb4i: get pf number from lldi->pf (bsc#1136346 jsc#SLE-4682). - scsi: cxgb4i: validate tcp sequence number only if chip version <= T5 (bsc#1136346 jsc#SLE-4682). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: hisi_sas: Add support for DIX feature for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: change queue depth from 512 to 4096 (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Change SERDES_CFG init value to increase reliability of HiLink (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Disable stash for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Fix losing directly attached disk when hot-plug (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Ignore the error code between phy down to phy up (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Issue internal abort on all relevant queues (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: kabi fixes (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: print PHY RX errors count for later revision of v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Reduce HISI_SAS_SGE_PAGE_CNT in size (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Reject setting programmed minimum linkrate > 1.5G (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: send primitive NOTIFY to SSP situation only (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: shutdown axi bus to avoid exception CQ returned (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Use pci_irq_get_affinity() for v3 hw as experimental (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libcxgbi: find cxgbi device by MAC address (bsc#1136352 jsc#SLE-4687). - scsi: libcxgbi: remove uninitialized variable len (bsc#1136352 jsc#SLE-4687). - scsi: libcxgbi: update route finding logic (bsc#1136352 jsc#SLE-4687) - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: delete sas port if expander discover failed (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: libsas: kABI protect struct sas_task_slow (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: libsas: only clear phy->in_shutdown after shutdown event done (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: lpfc: add check for loss of ndlp when sending RRQ (bsc#1148308). - scsi: lpfc: Add first and second level hardware revisions to sysfs (bsc#1146215). - scsi: lpfc: Add MDS driver loopback diagnostics support (bsc#1146215). - scsi: lpfc: Add NVMe sequence level error recovery support (bsc#1146215). - scsi: lpfc: Add simple unlikely optimizations to reduce NVME latency (bsc#1146215). - scsi: lpfc: Avoid unused function warnings (bsc#1148308). - scsi: lpfc: change snprintf to scnprintf for possible overflow (bsc#1146215). - scsi: lpfc: Convert timers to use timer_setup() (bsc#1148308). - scsi: lpfc: correct rcu unlock issue in lpfc_nvme_info_show (bsc#1148308). - scsi: lpfc: Default fdmi_on to on (bsc#1148308). - scsi: lpfc: Fix ADISC reception terminating login state if a NVME (bsc#1146215). - scsi: lpfc: Fix BlockGuard enablement on FCoE adapters (bsc#1146215). - scsi: lpfc: Fix coverity warnings (bsc#1146215). - scsi: lpfc: Fix crash due to port reset racing vs adapter error (bsc#1146215). - scsi: lpfc: Fix crash on driver unload in wq free (bsc#1146215). - scsi: lpfc: Fix crash when cpu count is 1 and null irq affinity mask (bsc#1146215). - scsi: lpfc: Fix deadlock on host_lock during cable pulls (bsc#1146215). - scsi: lpfc: Fix devices that do not return after devloss followed by (bsc#1146215). - scsi: lpfc: Fix discovery when target has no GID_FT information (bsc#1146215). - scsi: lpfc: Fix ELS field alignments (bsc#1146215). - scsi: lpfc: Fix error in remote port address change (bsc#1146215). - scsi: lpfc: Fix failure to clear non-zero eq_delay after io rate (bsc#1146215). - scsi: lpfc: Fix FLOGI handling across multiple link up/down (bsc#1146215). - scsi: lpfc: Fix hang when downloading fw on port enabled for nvme (bsc#1146215). - scsi: lpfc: Fix irq raising in lpfc_sli_hba_down (bsc#1146215). - scsi: lpfc: Fix issuing init_vpi mbox on SLI-3 card (bsc#1146215). - scsi: lpfc: Fix leak of ELS completions on adapter reset (bsc#1146215). - scsi: lpfc: Fix loss of remote port after devloss due to lack of RPIs (bsc#1146215). - scsi: lpfc: Fix Max Frame Size value shown in fdmishow output (bsc#1146215). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs (bsc#1146215). - scsi: lpfc: Fix nvme first burst module parameter description (bsc#1146215). - scsi: lpfc: Fix nvme sg_seg_cnt display if HBA does not support NVME (bsc#1146215). - scsi: lpfc: Fix nvme target mode ABTSing a received ABTS (bsc#1146215). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1146215). - scsi: lpfc: Fix oops when fewer hdwqs than cpus (bsc#1146215). - scsi: lpfc: Fix PLOGI failure with high remoteport count (bsc#1146215). - scsi: lpfc: Fix port relogin failure due to GID_FT interaction (bsc#1146215). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1146215). - scsi: lpfc: Fix reported physical link speed on a disabled trunked (bsc#1146215). - scsi: lpfc: Fix reset recovery paths that are not recovering (bsc#1144375). - scsi: lpfc: Fix sg_seg_cnt for HBAs that do not support NVME (bsc#1146215). - scsi: lpfc: Fix sli4 adapter initialization with MSI (bsc#1146215). - scsi: lpfc: Fix too many sg segments spamming in kernel log (bsc#1146215). - scsi: lpfc: Fix upcall to bsg done in non-success cases (bsc#1146215). - scsi: lpfc: Limit xri count for kdump environment (bsc#1146215). - scsi: lpfc: lpfc_sli: Mark expected switch fall-throughs (bsc#1148308). - scsi: lpfc: Make some symbols static (bsc#1148308). - scsi: lpfc: Merge per-protocol WQ/CQ pairs into single per-cpu pair (bsc#1146215). - scsi: lpfc: Merge per-protocol WQ/CQ pairs into single per-cpu pair (bsc#1146215). - scsi: lpfc: Migrate to %px and %pf in kernel print calls (bsc#1146215). - scsi: lpfc: no need to check return value of debugfs_create functions (bsc#1148308). - scsi: lpfc: nvme: avoid hang / use-after-free when destroying localport (bsc#1148308). - scsi: lpfc: nvmet: avoid hang / use-after-free when destroying targetport (bsc#1148308). - scsi: lpfc: remove a bogus pci_dma_sync_single_for_device call (bsc#1148308). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: lpfc: remove NULL check before some freeing functions (bsc#1146215). - scsi: lpfc: remove null check on nvmebuf (bsc#1148308). - scsi: lpfc: remove ScsiResult macro (bsc#1148308). - scsi: lpfc: Remove set but not used variable 'psli' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'fc_hdr' and 'hw_page_size' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'qp' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'tgtp' (bsc#1148308). - scsi: lpfc: Resolve checker warning for lpfc_new_io_buf() (bsc#1144375). - scsi: lpfc: resolve lockdep warnings (bsc#1148308). - scsi: lpfc: Support dynamic unbounded SGL lists on G7 hardware (bsc#1146215). - scsi: lpfc: Update lpfc version to 12.4.0.0 (bsc#1146215). - scsi: lpfc: Use dma_zalloc_coherent (bsc#1148308). - scsi: lpfc: use sg helper to iterate over scatterlist (bsc#1148308). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: megaraid_sas: IRQ poll to avoid CPU hard lockups (bsc#1143962). - scsi: megaraid_sas: Release Mutex lock before OCR in case of DCMD timeout (bsc#1143962). - scsi: mpt3sas: Determine smp affinity on per HBA basis (bsc#1143738). - scsi: mpt3sas: Fix msix load balance on and off settings (bsc#1143738). - scsi: mpt3sas: make driver options visible in sys (bsc#1143738). - scsi: mpt3sas: Mark expected switch fall-through (bsc#1143738). - scsi: mpt3sas: Remove CPU arch check to determine perf_mode (bsc#1143738). - scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA (bsc#1143738). - scsi: mpt3sas: Use configured PCIe link speed, not max (bsc#1143738). - scsi: mpt3sas: use DEVICE_ATTR_{RO, RW} (bsc#1143738). - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: pmcraid: do not allocate a dma coherent buffer for sense data (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: simplify pmcraid_cancel_all a bit (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: use generic DMA API (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: use sg helper to iterate over scatterlist (bsc#1135990 jsc#SLE-4709). - scsi: prefix header search paths with $(srctree)/ (bsc#1136346 jsc#SLE-4682). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1143706). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Change a stack variable into a static const variable (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Change data_dsd into an array (bsc#1143706). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1143706). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1143706). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1143706). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1143706). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1134476). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1143706). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1143706). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1143706). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1143706). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1143706). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1143706). - scsi: qla2xxx: Declare local symbols static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1143706). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1143706). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1143706). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1143706). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a format specifier (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1143706). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1143706). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix device staying in blocked state (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1143706). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1143706). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix fw dump corruption (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1143706). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix premature timer expiration (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1143706). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1143706). - scsi: qla2xxx: fix spelling mistake "alredy" -> "already" (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix stale session (bsc#1143706). - scsi: qla2xxx: Fix stuck login session (bsc#1143706). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1143706). - scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1143706). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1143706). - scsi: qla2xxx: Insert spaces where required (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1143706). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1143706). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1143706). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1143706). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1143706). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1143706). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1143706). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1143706). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1143706). - scsi: qla2xxx: Modify NVMe include directives (bsc#1143706). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move the include directive (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1134476). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1143706). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1143706). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1143706). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1143706). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1143706). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1143706). - scsi: qla2xxx: Remove dead code (bsc#1143706). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1143706). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove two superfluous casts (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1143706). - scsi: qla2xxx: Remove two superfluous tests (bsc#1143706). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove unnecessary null check (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1143706). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1143706). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1143706). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1143706). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1143706). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Simplify a debug statement (bsc#1143706). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1143706). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1143706). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1143706). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1143706). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1143706). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Unregister chrdev if module initialization fails (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1143706). - scsi: qla2xxx: Update two source code comments (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update two source code comments (git-fixes). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use __le64 instead of uint32_t[2] for sending DMA addresses to firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1143706). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1143706). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1143706). - scsi: qla2xxx: Use tabs to indent code (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1143706). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: sas: Convert timers to use timer_setup() (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: target: iscsi: cxgbit: add missing spin_lock_init() (bsc#1136349 jsc#SLE-4685). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - sdhci-fujitsu: add support for setting the CMD_DAT_DELAY attribute (bsc#1145256). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - staging: fsl-dpaa2/ethsw: fix memory leak of switchdev_work (bsc#1111666). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Remove duplicate entries - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tools: bpftool: close prog FD before exit on showing a single program (bsc#1109837). - tools: bpftool: fix error message (prog -> object) (bsc#1109837). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: mark small packets as owned by the tap sock (bsc#1109837). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - Update session and share information displayed for debugging SMB2/SMB3 (bsc#1144333). - Update version of cifs module (bsc#1144333). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear "suspended" on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: typec: tcpm: free log buf memory when remove debug file (bsc#1111666). - usb: typec: tcpm: Ignore unsupported/unknown alternate mode requests (bsc#1111666). - usb: typec: tcpm: remove tcpm dir if no children (bsc#1111666). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - virtio/s390: fix race on airq_areas (bsc#1145357). - VMCI: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/asm: Remove dead __GNUC__ conditionals (bsc#1112178). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/dma: Get rid of iommu_pass_through (bsc#1136039). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/resctrl: Prevent NULL pointer dereference when local MBM is disabled (bsc#1112178). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xdp: unpin xdp umem pages in error path (bsc#1109837). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2019-2738=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2738=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP1 (noarch): kernel-devel-rt-4.12.14-14.11.1 kernel-source-rt-4.12.14-14.11.1 - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): cluster-md-kmp-rt-4.12.14-14.11.1 cluster-md-kmp-rt-debuginfo-4.12.14-14.11.1 dlm-kmp-rt-4.12.14-14.11.1 dlm-kmp-rt-debuginfo-4.12.14-14.11.1 gfs2-kmp-rt-4.12.14-14.11.1 gfs2-kmp-rt-debuginfo-4.12.14-14.11.1 kernel-rt-4.12.14-14.11.1 kernel-rt-base-4.12.14-14.11.1 kernel-rt-base-debuginfo-4.12.14-14.11.1 kernel-rt-debuginfo-4.12.14-14.11.1 kernel-rt-debugsource-4.12.14-14.11.1 kernel-rt-devel-4.12.14-14.11.1 kernel-rt-devel-debuginfo-4.12.14-14.11.1 kernel-rt_debug-debuginfo-4.12.14-14.11.1 kernel-rt_debug-debugsource-4.12.14-14.11.1 kernel-rt_debug-devel-4.12.14-14.11.1 kernel-rt_debug-devel-debuginfo-4.12.14-14.11.1 kernel-syms-rt-4.12.14-14.11.1 ocfs2-kmp-rt-4.12.14-14.11.1 ocfs2-kmp-rt-debuginfo-4.12.14-14.11.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): cluster-md-kmp-rt_debug-4.12.14-14.11.1 cluster-md-kmp-rt_debug-debuginfo-4.12.14-14.11.1 dlm-kmp-rt_debug-4.12.14-14.11.1 dlm-kmp-rt_debug-debuginfo-4.12.14-14.11.1 gfs2-kmp-rt_debug-4.12.14-14.11.1 gfs2-kmp-rt_debug-debuginfo-4.12.14-14.11.1 kernel-rt-debuginfo-4.12.14-14.11.1 kernel-rt-debugsource-4.12.14-14.11.1 kernel-rt-extra-4.12.14-14.11.1 kernel-rt-extra-debuginfo-4.12.14-14.11.1 kernel-rt-livepatch-4.12.14-14.11.1 kernel-rt-livepatch-devel-4.12.14-14.11.1 kernel-rt_debug-4.12.14-14.11.1 kernel-rt_debug-base-4.12.14-14.11.1 kernel-rt_debug-base-debuginfo-4.12.14-14.11.1 kernel-rt_debug-debuginfo-4.12.14-14.11.1 kernel-rt_debug-debugsource-4.12.14-14.11.1 kernel-rt_debug-extra-4.12.14-14.11.1 kernel-rt_debug-extra-debuginfo-4.12.14-14.11.1 kernel-rt_debug-livepatch-4.12.14-14.11.1 kernel-rt_debug-livepatch-devel-4.12.14-14.11.1 kselftests-kmp-rt-4.12.14-14.11.1 kselftests-kmp-rt-debuginfo-4.12.14-14.11.1 kselftests-kmp-rt_debug-4.12.14-14.11.1 kselftests-kmp-rt_debug-debuginfo-4.12.14-14.11.1 ocfs2-kmp-rt_debug-4.12.14-14.11.1 ocfs2-kmp-rt_debug-debuginfo-4.12.14-14.11.1 reiserfs-kmp-rt-4.12.14-14.11.1 reiserfs-kmp-rt-debuginfo-4.12.14-14.11.1 reiserfs-kmp-rt_debug-4.12.14-14.11.1 reiserfs-kmp-rt_debug-debuginfo-4.12.14-14.11.1 References: https://www.suse.com/security/cve/CVE-2017-18551.html https://www.suse.com/security/cve/CVE-2018-20976.html https://www.suse.com/security/cve/CVE-2018-21008.html https://www.suse.com/security/cve/CVE-2019-10207.html https://www.suse.com/security/cve/CVE-2019-14814.html https://www.suse.com/security/cve/CVE-2019-14815.html https://www.suse.com/security/cve/CVE-2019-14816.html https://www.suse.com/security/cve/CVE-2019-14835.html https://www.suse.com/security/cve/CVE-2019-15030.html https://www.suse.com/security/cve/CVE-2019-15031.html https://www.suse.com/security/cve/CVE-2019-15090.html https://www.suse.com/security/cve/CVE-2019-15098.html https://www.suse.com/security/cve/CVE-2019-15099.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-15118.html https://www.suse.com/security/cve/CVE-2019-15211.html https://www.suse.com/security/cve/CVE-2019-15212.html https://www.suse.com/security/cve/CVE-2019-15214.html https://www.suse.com/security/cve/CVE-2019-15215.html https://www.suse.com/security/cve/CVE-2019-15216.html https://www.suse.com/security/cve/CVE-2019-15217.html https://www.suse.com/security/cve/CVE-2019-15218.html https://www.suse.com/security/cve/CVE-2019-15219.html https://www.suse.com/security/cve/CVE-2019-15220.html https://www.suse.com/security/cve/CVE-2019-15221.html https://www.suse.com/security/cve/CVE-2019-15222.html https://www.suse.com/security/cve/CVE-2019-15239.html https://www.suse.com/security/cve/CVE-2019-15290.html https://www.suse.com/security/cve/CVE-2019-15292.html https://www.suse.com/security/cve/CVE-2019-15538.html https://www.suse.com/security/cve/CVE-2019-15666.html https://www.suse.com/security/cve/CVE-2019-15902.html https://www.suse.com/security/cve/CVE-2019-15917.html https://www.suse.com/security/cve/CVE-2019-15919.html https://www.suse.com/security/cve/CVE-2019-15920.html https://www.suse.com/security/cve/CVE-2019-15921.html https://www.suse.com/security/cve/CVE-2019-15924.html https://www.suse.com/security/cve/CVE-2019-15926.html https://www.suse.com/security/cve/CVE-2019-15927.html https://www.suse.com/security/cve/CVE-2019-9456.html https://bugzilla.suse.com/1047238 https://bugzilla.suse.com/1050911 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1060662 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1061843 https://bugzilla.suse.com/1064597 https://bugzilla.suse.com/1064701 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066369 https://bugzilla.suse.com/1071009 https://bugzilla.suse.com/1071306 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1082635 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086103 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1102097 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1104902 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113994 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1118689 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120876 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1123959 https://bugzilla.suse.com/1124370 https://bugzilla.suse.com/1129424 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131281 https://bugzilla.suse.com/1131489 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1132426 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134291 https://bugzilla.suse.com/1134476 https://bugzilla.suse.com/1134881 https://bugzilla.suse.com/1134882 https://bugzilla.suse.com/1135219 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1135990 https://bugzilla.suse.com/1136039 https://bugzilla.suse.com/1136261 https://bugzilla.suse.com/1136346 https://bugzilla.suse.com/1136349 https://bugzilla.suse.com/1136352 https://bugzilla.suse.com/1136496 https://bugzilla.suse.com/1136498 https://bugzilla.suse.com/1136502 https://bugzilla.suse.com/1136682 https://bugzilla.suse.com/1137322 https://bugzilla.suse.com/1137323 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1138099 https://bugzilla.suse.com/1138100 https://bugzilla.suse.com/1138539 https://bugzilla.suse.com/1139020 https://bugzilla.suse.com/1139021 https://bugzilla.suse.com/1139101 https://bugzilla.suse.com/1139500 https://bugzilla.suse.com/1140012 https://bugzilla.suse.com/1140426 https://bugzilla.suse.com/1140487 https://bugzilla.suse.com/1141340 https://bugzilla.suse.com/1141450 https://bugzilla.suse.com/1141543 https://bugzilla.suse.com/1141554 https://bugzilla.suse.com/1142019 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142109 https://bugzilla.suse.com/1142117 https://bugzilla.suse.com/1142118 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142496 https://bugzilla.suse.com/1142541 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142857 https://bugzilla.suse.com/1143300 https://bugzilla.suse.com/1143331 https://bugzilla.suse.com/1143466 https://bugzilla.suse.com/1143706 https://bugzilla.suse.com/1143738 https://bugzilla.suse.com/1143765 https://bugzilla.suse.com/1143841 https://bugzilla.suse.com/1143843 https://bugzilla.suse.com/1143962 https://bugzilla.suse.com/1144123 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1144375 https://bugzilla.suse.com/1144474 https://bugzilla.suse.com/1144518 https://bugzilla.suse.com/1144582 https://bugzilla.suse.com/1144718 https://bugzilla.suse.com/1144813 https://bugzilla.suse.com/1144880 https://bugzilla.suse.com/1144886 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1144920 https://bugzilla.suse.com/1144979 https://bugzilla.suse.com/1145010 https://bugzilla.suse.com/1145018 https://bugzilla.suse.com/1145051 https://bugzilla.suse.com/1145059 https://bugzilla.suse.com/1145189 https://bugzilla.suse.com/1145235 https://bugzilla.suse.com/1145256 https://bugzilla.suse.com/1145300 https://bugzilla.suse.com/1145302 https://bugzilla.suse.com/1145357 https://bugzilla.suse.com/1145388 https://bugzilla.suse.com/1145389 https://bugzilla.suse.com/1145390 https://bugzilla.suse.com/1145391 https://bugzilla.suse.com/1145392 https://bugzilla.suse.com/1145393 https://bugzilla.suse.com/1145394 https://bugzilla.suse.com/1145395 https://bugzilla.suse.com/1145396 https://bugzilla.suse.com/1145397 https://bugzilla.suse.com/1145408 https://bugzilla.suse.com/1145409 https://bugzilla.suse.com/1145446 https://bugzilla.suse.com/1145661 https://bugzilla.suse.com/1145678 https://bugzilla.suse.com/1145687 https://bugzilla.suse.com/1145920 https://bugzilla.suse.com/1145922 https://bugzilla.suse.com/1145934 https://bugzilla.suse.com/1145937 https://bugzilla.suse.com/1145940 https://bugzilla.suse.com/1145941 https://bugzilla.suse.com/1145942 https://bugzilla.suse.com/1145946 https://bugzilla.suse.com/1146074 https://bugzilla.suse.com/1146084 https://bugzilla.suse.com/1146141 https://bugzilla.suse.com/1146163 https://bugzilla.suse.com/1146215 https://bugzilla.suse.com/1146285 https://bugzilla.suse.com/1146346 https://bugzilla.suse.com/1146351 https://bugzilla.suse.com/1146352 https://bugzilla.suse.com/1146361 https://bugzilla.suse.com/1146368 https://bugzilla.suse.com/1146376 https://bugzilla.suse.com/1146378 https://bugzilla.suse.com/1146381 https://bugzilla.suse.com/1146391 https://bugzilla.suse.com/1146399 https://bugzilla.suse.com/1146413 https://bugzilla.suse.com/1146425 https://bugzilla.suse.com/1146512 https://bugzilla.suse.com/1146514 https://bugzilla.suse.com/1146516 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146524 https://bugzilla.suse.com/1146526 https://bugzilla.suse.com/1146529 https://bugzilla.suse.com/1146531 https://bugzilla.suse.com/1146543 https://bugzilla.suse.com/1146547 https://bugzilla.suse.com/1146550 https://bugzilla.suse.com/1146575 https://bugzilla.suse.com/1146589 https://bugzilla.suse.com/1146678 https://bugzilla.suse.com/1146938 https://bugzilla.suse.com/1148031 https://bugzilla.suse.com/1148032 https://bugzilla.suse.com/1148033 https://bugzilla.suse.com/1148034 https://bugzilla.suse.com/1148035 https://bugzilla.suse.com/1148093 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148192 https://bugzilla.suse.com/1148196 https://bugzilla.suse.com/1148198 https://bugzilla.suse.com/1148202 https://bugzilla.suse.com/1148219 https://bugzilla.suse.com/1148297 https://bugzilla.suse.com/1148303 https://bugzilla.suse.com/1148308 https://bugzilla.suse.com/1148363 https://bugzilla.suse.com/1148379 https://bugzilla.suse.com/1148394 https://bugzilla.suse.com/1148527 https://bugzilla.suse.com/1148570 https://bugzilla.suse.com/1148574 https://bugzilla.suse.com/1148616 https://bugzilla.suse.com/1148617 https://bugzilla.suse.com/1148619 https://bugzilla.suse.com/1148698 https://bugzilla.suse.com/1148859 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149053 https://bugzilla.suse.com/1149083 https://bugzilla.suse.com/1149104 https://bugzilla.suse.com/1149105 https://bugzilla.suse.com/1149106 https://bugzilla.suse.com/1149197 https://bugzilla.suse.com/1149214 https://bugzilla.suse.com/1149224 https://bugzilla.suse.com/1149325 https://bugzilla.suse.com/1149376 https://bugzilla.suse.com/1149413 https://bugzilla.suse.com/1149418 https://bugzilla.suse.com/1149424 https://bugzilla.suse.com/1149522 https://bugzilla.suse.com/1149527 https://bugzilla.suse.com/1149539 https://bugzilla.suse.com/1149552 https://bugzilla.suse.com/1149591 https://bugzilla.suse.com/1149602 https://bugzilla.suse.com/1149612 https://bugzilla.suse.com/1149626 https://bugzilla.suse.com/1149652 https://bugzilla.suse.com/1149713 https://bugzilla.suse.com/1149940 https://bugzilla.suse.com/1149976 https://bugzilla.suse.com/1150025 https://bugzilla.suse.com/1150033 https://bugzilla.suse.com/1150112 https://bugzilla.suse.com/1150562 https://bugzilla.suse.com/1150727 https://bugzilla.suse.com/1150860 https://bugzilla.suse.com/1150861 https://bugzilla.suse.com/1150933 From sle-security-updates at lists.suse.com Tue Oct 22 10:51:36 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 22 Oct 2019 18:51:36 +0200 (CEST) Subject: SUSE-SU-2019:2744-1: moderate: Security update for openconnect Message-ID: <20191022165136.580F5F798@maintenance.suse.de> SUSE Security Update: Security update for openconnect ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2744-1 Rating: moderate References: #1151178 Cross-References: CVE-2019-16239 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openconnect fixes the following issues: - CVE-2019-16239: Fixed a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. (bsc#1151178) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2744=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2744=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): openconnect-7.08-3.4.1 openconnect-debuginfo-7.08-3.4.1 openconnect-debugsource-7.08-3.4.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): openconnect-lang-7.08-3.4.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): openconnect-7.08-3.4.1 openconnect-debuginfo-7.08-3.4.1 openconnect-debugsource-7.08-3.4.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): openconnect-lang-7.08-3.4.1 References: https://www.suse.com/security/cve/CVE-2019-16239.html https://bugzilla.suse.com/1151178 From sle-security-updates at lists.suse.com Tue Oct 22 11:01:29 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 22 Oct 2019 19:01:29 +0200 (CEST) Subject: SUSE-SU-2019:2745-1: moderate: Security update for libcaca Message-ID: <20191022170129.11795F798@maintenance.suse.de> SUSE Security Update: Security update for libcaca ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2745-1 Rating: moderate References: #1120470 #1120502 #1120503 #1120504 #1120584 #1120589 Cross-References: CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for libcaca fixes the following issues: Security issues fixed: - CVE-2018-20544: Fixed a floating point exception at caca/dither.c (bsc#1120502) - CVE-2018-20545: Fixed a WRITE memory access in the load_image function at common-image.c for 4bpp (bsc#1120584) - CVE-2018-20546: Fixed a READ memory access in the get_rgba_default function at caca/dither.c for bpp (bsc#1120503) - CVE-2018-20547: Fixed a READ memory access in the get_rgba_default function at caca/dither.c for 24bpp (bsc#1120504) - CVE-2018-20548: Fixed a WRITE memory access in the load_image function at common-image.c for 1bpp (bsc#1120589) - CVE-2018-20549: Fixed a WRITE memory access in the caca_file_read function at caca/file.c (bsc#1120470) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2745=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2745=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2745=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta18-14.3.27 libcaca-devel-0.99.beta18-14.3.27 libcaca0-plugins-0.99.beta18-14.3.27 libcaca0-plugins-debuginfo-0.99.beta18-14.3.27 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta18-14.3.27 libcaca0-0.99.beta18-14.3.27 libcaca0-debuginfo-0.99.beta18-14.3.27 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libcaca-debugsource-0.99.beta18-14.3.27 libcaca0-0.99.beta18-14.3.27 libcaca0-debuginfo-0.99.beta18-14.3.27 References: https://www.suse.com/security/cve/CVE-2018-20544.html https://www.suse.com/security/cve/CVE-2018-20545.html https://www.suse.com/security/cve/CVE-2018-20546.html https://www.suse.com/security/cve/CVE-2018-20547.html https://www.suse.com/security/cve/CVE-2018-20548.html https://www.suse.com/security/cve/CVE-2018-20549.html https://bugzilla.suse.com/1120470 https://bugzilla.suse.com/1120502 https://bugzilla.suse.com/1120503 https://bugzilla.suse.com/1120504 https://bugzilla.suse.com/1120584 https://bugzilla.suse.com/1120589 From sle-security-updates at lists.suse.com Tue Oct 22 10:54:11 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 22 Oct 2019 18:54:11 +0200 (CEST) Subject: SUSE-SU-2019:2743-1: moderate: Security update for python Message-ID: <20191022165411.519F0F798@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2743-1 Rating: moderate References: #1130840 #1149955 #1153238 Cross-References: CVE-2019-16056 CVE-2019-16935 CVE-2019-9947 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. (bsc#1130840) - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-2743=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2743=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2743=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2743=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2743=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2743=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2743=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.14-7.24.1 python-base-debugsource-2.7.14-7.24.1 python-curses-2.7.14-7.24.1 python-curses-debuginfo-2.7.14-7.24.1 python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 python-devel-2.7.14-7.24.1 python-gdbm-2.7.14-7.24.1 python-gdbm-debuginfo-2.7.14-7.24.1 python-xml-2.7.14-7.24.1 python-xml-debuginfo-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 python-demo-2.7.14-7.24.1 python-idle-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpython2_7-1_0-32bit-2.7.14-7.24.1 libpython2_7-1_0-32bit-debuginfo-2.7.14-7.24.1 python-32bit-2.7.14-7.24.1 python-32bit-debuginfo-2.7.14-7.24.1 python-base-32bit-2.7.14-7.24.1 python-base-32bit-debuginfo-2.7.14-7.24.1 python-base-debugsource-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python-doc-2.7.14-7.24.2 python-doc-pdf-2.7.14-7.24.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 python-demo-2.7.14-7.24.1 python-idle-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-doc-2.7.14-7.24.2 python-doc-pdf-2.7.14-7.24.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 python-tk-2.7.14-7.24.1 python-tk-debuginfo-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 python-tk-2.7.14-7.24.1 python-tk-debuginfo-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.24.1 libpython2_7-1_0-debuginfo-2.7.14-7.24.1 python-2.7.14-7.24.1 python-base-2.7.14-7.24.1 python-base-debuginfo-2.7.14-7.24.1 python-base-debugsource-2.7.14-7.24.1 python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.24.1 libpython2_7-1_0-debuginfo-2.7.14-7.24.1 python-2.7.14-7.24.1 python-base-2.7.14-7.24.1 python-base-debuginfo-2.7.14-7.24.1 python-base-debugsource-2.7.14-7.24.1 python-curses-2.7.14-7.24.1 python-curses-debuginfo-2.7.14-7.24.1 python-debuginfo-2.7.14-7.24.1 python-debugsource-2.7.14-7.24.1 python-devel-2.7.14-7.24.1 python-gdbm-2.7.14-7.24.1 python-gdbm-debuginfo-2.7.14-7.24.1 python-xml-2.7.14-7.24.1 python-xml-debuginfo-2.7.14-7.24.1 References: https://www.suse.com/security/cve/CVE-2019-16056.html https://www.suse.com/security/cve/CVE-2019-16935.html https://www.suse.com/security/cve/CVE-2019-9947.html https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1149955 https://bugzilla.suse.com/1153238 From sle-security-updates at lists.suse.com Wed Oct 23 04:11:46 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 23 Oct 2019 12:11:46 +0200 (CEST) Subject: SUSE-SU-2019:2748-1: moderate: Security update for python Message-ID: <20191023101146.C7E19F798@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2748-1 Rating: moderate References: #1149955 #1153238 Cross-References: CVE-2019-16056 CVE-2019-16935 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module (bsc#1149955). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2748=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2748=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2748=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2748=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2748=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): python-base-debuginfo-2.7.13-28.36.1 python-base-debugsource-2.7.13-28.36.1 python-devel-2.7.13-28.36.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.13-28.36.1 python-base-debugsource-2.7.13-28.36.1 python-devel-2.7.13-28.36.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.13-28.36.1 libpython2_7-1_0-debuginfo-2.7.13-28.36.1 python-2.7.13-28.36.1 python-base-2.7.13-28.36.1 python-base-debuginfo-2.7.13-28.36.1 python-base-debugsource-2.7.13-28.36.1 python-curses-2.7.13-28.36.1 python-curses-debuginfo-2.7.13-28.36.1 python-debuginfo-2.7.13-28.36.1 python-debugsource-2.7.13-28.36.1 python-demo-2.7.13-28.36.1 python-devel-2.7.13-28.36.1 python-gdbm-2.7.13-28.36.1 python-gdbm-debuginfo-2.7.13-28.36.1 python-idle-2.7.13-28.36.1 python-tk-2.7.13-28.36.1 python-tk-debuginfo-2.7.13-28.36.1 python-xml-2.7.13-28.36.1 python-xml-debuginfo-2.7.13-28.36.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libpython2_7-1_0-32bit-2.7.13-28.36.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.36.1 python-32bit-2.7.13-28.36.1 python-base-32bit-2.7.13-28.36.1 python-base-debuginfo-32bit-2.7.13-28.36.1 python-debuginfo-32bit-2.7.13-28.36.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): python-doc-2.7.13-28.36.1 python-doc-pdf-2.7.13-28.36.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython2_7-1_0-2.7.13-28.36.1 libpython2_7-1_0-32bit-2.7.13-28.36.1 libpython2_7-1_0-debuginfo-2.7.13-28.36.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.36.1 python-2.7.13-28.36.1 python-base-2.7.13-28.36.1 python-base-debuginfo-2.7.13-28.36.1 python-base-debuginfo-32bit-2.7.13-28.36.1 python-base-debugsource-2.7.13-28.36.1 python-curses-2.7.13-28.36.1 python-curses-debuginfo-2.7.13-28.36.1 python-debuginfo-2.7.13-28.36.1 python-debugsource-2.7.13-28.36.1 python-devel-2.7.13-28.36.1 python-tk-2.7.13-28.36.1 python-tk-debuginfo-2.7.13-28.36.1 python-xml-2.7.13-28.36.1 python-xml-debuginfo-2.7.13-28.36.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-debuginfo-2.7.13-28.36.1 python-debugsource-2.7.13-28.36.1 python-strict-tls-check-2.7.13-28.36.1 - SUSE CaaS Platform 3.0 (x86_64): libpython2_7-1_0-2.7.13-28.36.1 libpython2_7-1_0-debuginfo-2.7.13-28.36.1 python-2.7.13-28.36.1 python-base-2.7.13-28.36.1 python-base-debuginfo-2.7.13-28.36.1 python-base-debugsource-2.7.13-28.36.1 python-debuginfo-2.7.13-28.36.1 python-debugsource-2.7.13-28.36.1 python-xml-2.7.13-28.36.1 python-xml-debuginfo-2.7.13-28.36.1 References: https://www.suse.com/security/cve/CVE-2019-16056.html https://www.suse.com/security/cve/CVE-2019-16935.html https://bugzilla.suse.com/1149955 https://bugzilla.suse.com/1153238 From sle-security-updates at lists.suse.com Wed Oct 23 04:12:57 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 23 Oct 2019 12:12:57 +0200 (CEST) Subject: SUSE-SU-2019:2749-1: moderate: Security update for sysstat Message-ID: <20191023101257.82A00F798@maintenance.suse.de> SUSE Security Update: Security update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2749-1 Rating: moderate References: #1150114 Cross-References: CVE-2019-16167 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sysstat fixes the following issue: - CVE-2019-16167: Fixed a memory corruption due to an integer overflow. (bsc#1150114) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2749=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2749=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2749=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2749=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): sysstat-debuginfo-12.0.2-3.15.1 sysstat-debugsource-12.0.2-3.15.1 sysstat-isag-12.0.2-3.15.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): sysstat-debuginfo-12.0.2-3.15.1 sysstat-debugsource-12.0.2-3.15.1 sysstat-isag-12.0.2-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-3.15.1 sysstat-debuginfo-12.0.2-3.15.1 sysstat-debugsource-12.0.2-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-3.15.1 sysstat-debuginfo-12.0.2-3.15.1 sysstat-debugsource-12.0.2-3.15.1 References: https://www.suse.com/security/cve/CVE-2019-16167.html https://bugzilla.suse.com/1150114 From sle-security-updates at lists.suse.com Wed Oct 23 07:11:15 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 23 Oct 2019 15:11:15 +0200 (CEST) Subject: SUSE-SU-2019:2752-1: moderate: Security update for sysstat Message-ID: <20191023131115.71251F798@maintenance.suse.de> SUSE Security Update: Security update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2752-1 Rating: moderate References: #1150114 Cross-References: CVE-2019-16167 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sysstat fixes the following issue: - CVE-2019-16167: Fixed a memory corruption due to an integer overflow. (bsc#1150114) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2752=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2752=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-10.27.1 sysstat-debuginfo-12.0.2-10.27.1 sysstat-debugsource-12.0.2-10.27.1 sysstat-isag-12.0.2-10.27.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): sysstat-12.0.2-10.27.1 sysstat-debuginfo-12.0.2-10.27.1 sysstat-debugsource-12.0.2-10.27.1 References: https://www.suse.com/security/cve/CVE-2019-16167.html https://bugzilla.suse.com/1150114 From sle-security-updates at lists.suse.com Wed Oct 23 07:11:56 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 23 Oct 2019 15:11:56 +0200 (CEST) Subject: SUSE-SU-2019:2750-1: moderate: Security update for zziplib Message-ID: <20191023131156.1D162F798@maintenance.suse.de> SUSE Security Update: Security update for zziplib ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2750-1 Rating: moderate References: #1107424 #1129403 Cross-References: CVE-2018-16548 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for zziplib fixes the following issues: Security issue fixed: - CVE-2018-16548: Prevented memory leak from __zzip_parse_root_directory(). Free allocated structure if its address is not passed back. (bsc#1107424) Other issue addressed: - Prevented a division by zero (bsc#1129403). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2750=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2750=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2750=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2750=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libzzip-0-13-32bit-0.13.69-3.10.1 libzzip-0-13-32bit-debuginfo-0.13.69-3.10.1 zziplib-debugsource-0.13.69-3.10.1 zziplib-devel-32bit-0.13.69-3.10.1 zziplib-devel-32bit-debuginfo-0.13.69-3.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (x86_64): libzzip-0-13-32bit-0.13.69-3.10.1 libzzip-0-13-32bit-debuginfo-0.13.69-3.10.1 zziplib-debugsource-0.13.69-3.10.1 zziplib-devel-32bit-0.13.69-3.10.1 zziplib-devel-32bit-debuginfo-0.13.69-3.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.69-3.10.1 libzzip-0-13-debuginfo-0.13.69-3.10.1 zziplib-debugsource-0.13.69-3.10.1 zziplib-devel-0.13.69-3.10.1 zziplib-devel-debuginfo-0.13.69-3.10.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.69-3.10.1 libzzip-0-13-debuginfo-0.13.69-3.10.1 zziplib-debugsource-0.13.69-3.10.1 zziplib-devel-0.13.69-3.10.1 zziplib-devel-debuginfo-0.13.69-3.10.1 References: https://www.suse.com/security/cve/CVE-2018-16548.html https://bugzilla.suse.com/1107424 https://bugzilla.suse.com/1129403 From sle-security-updates at lists.suse.com Wed Oct 23 10:11:18 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 23 Oct 2019 18:11:18 +0200 (CEST) Subject: SUSE-SU-2019:2753-1: important: Security update for xen Message-ID: <20191023161118.892B7F798@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2753-1 Rating: important References: #1027519 #1111331 #1126140 #1126141 #1126192 #1126195 #1126196 #1126197 #1126198 #1126201 #1127400 #1129642 #1131811 #1137717 #1138294 #1143797 #1145240 #1145774 #1146874 #1149813 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17345 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has four fixes is now available. Description: This update for xen to version 4.11.2 fixes the following issues: Security issues fixed: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Other issues fixed: - Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above (bsc#1137717). - Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). - Fixed an issue where libxenlight could not create new domain (bsc#1131811). - Fixed an issue where attached pci devices were lost after reboot (bsc#1129642). - Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2753=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2753=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2753=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 x86_64): xen-debugsource-4.11.2_02-2.14.2 xen-devel-4.11.2_02-2.14.2 - SUSE Linux Enterprise Server 12-SP4 (x86_64): xen-4.11.2_02-2.14.2 xen-debugsource-4.11.2_02-2.14.2 xen-doc-html-4.11.2_02-2.14.2 xen-libs-32bit-4.11.2_02-2.14.2 xen-libs-4.11.2_02-2.14.2 xen-libs-debuginfo-32bit-4.11.2_02-2.14.2 xen-libs-debuginfo-4.11.2_02-2.14.2 xen-tools-4.11.2_02-2.14.2 xen-tools-debuginfo-4.11.2_02-2.14.2 xen-tools-domU-4.11.2_02-2.14.2 xen-tools-domU-debuginfo-4.11.2_02-2.14.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): xen-4.11.2_02-2.14.2 xen-debugsource-4.11.2_02-2.14.2 xen-libs-32bit-4.11.2_02-2.14.2 xen-libs-4.11.2_02-2.14.2 xen-libs-debuginfo-32bit-4.11.2_02-2.14.2 xen-libs-debuginfo-4.11.2_02-2.14.2 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-12068.html https://www.suse.com/security/cve/CVE-2019-14378.html https://www.suse.com/security/cve/CVE-2019-15890.html https://www.suse.com/security/cve/CVE-2019-17340.html https://www.suse.com/security/cve/CVE-2019-17341.html https://www.suse.com/security/cve/CVE-2019-17342.html https://www.suse.com/security/cve/CVE-2019-17343.html https://www.suse.com/security/cve/CVE-2019-17344.html https://www.suse.com/security/cve/CVE-2019-17345.html https://www.suse.com/security/cve/CVE-2019-17346.html https://www.suse.com/security/cve/CVE-2019-17347.html https://www.suse.com/security/cve/CVE-2019-17348.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126197 https://bugzilla.suse.com/1126198 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1127400 https://bugzilla.suse.com/1129642 https://bugzilla.suse.com/1131811 https://bugzilla.suse.com/1137717 https://bugzilla.suse.com/1138294 https://bugzilla.suse.com/1143797 https://bugzilla.suse.com/1145240 https://bugzilla.suse.com/1145774 https://bugzilla.suse.com/1146874 https://bugzilla.suse.com/1149813 From sle-security-updates at lists.suse.com Wed Oct 23 13:11:46 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 23 Oct 2019 21:11:46 +0200 (CEST) Subject: SUSE-SU-2019:2757-1: moderate: Security update for lz4 Message-ID: <20191023191146.35B3BF798@maintenance.suse.de> SUSE Security Update: Security update for lz4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2757-1 Rating: moderate References: #1153936 Cross-References: CVE-2019-17543 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for lz4 fixes the following issues: - CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2757=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2757=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): liblz4-1-1.8.0-3.5.1 liblz4-1-debuginfo-1.8.0-3.5.1 liblz4-devel-1.8.0-3.5.1 lz4-1.8.0-3.5.1 lz4-debuginfo-1.8.0-3.5.1 lz4-debugsource-1.8.0-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): liblz4-1-32bit-1.8.0-3.5.1 liblz4-1-32bit-debuginfo-1.8.0-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): liblz4-1-1.8.0-3.5.1 liblz4-1-debuginfo-1.8.0-3.5.1 liblz4-devel-1.8.0-3.5.1 lz4-1.8.0-3.5.1 lz4-debuginfo-1.8.0-3.5.1 lz4-debugsource-1.8.0-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): liblz4-1-32bit-1.8.0-3.5.1 liblz4-1-32bit-debuginfo-1.8.0-3.5.1 References: https://www.suse.com/security/cve/CVE-2019-17543.html https://bugzilla.suse.com/1153936 From sle-security-updates at lists.suse.com Wed Oct 23 13:12:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 23 Oct 2019 21:12:31 +0200 (CEST) Subject: SUSE-SU-2019:2755-1: moderate: Security update for rust Message-ID: <20191023191231.CB753F798@maintenance.suse.de> SUSE Security Update: Security update for rust ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2755-1 Rating: moderate References: #1096945 #1100691 #1133283 #1134978 Cross-References: CVE-2018-1000622 CVE-2019-12083 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for rust fixes the following issues: Rust was updated to version 1.36.0. Security issues fixed: - CVE-2019-12083: a standard method can be overridden violating Rust's safety guarantees and causing memory unsafety (bsc#1134978) - CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution (bsc#1100691) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2755=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2755=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): rust-doc-1.36.0-4.1 rust-gdb-1.36.0-4.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): cargo-doc-1.36.0-4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): cargo-1.36.0-4.1 clippy-1.36.0-4.1 rls-1.36.0-4.1 rust-1.36.0-4.1 rust-analysis-1.36.0-4.1 rust-std-static-1.36.0-4.1 rustfmt-1.36.0-4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): rust-src-1.36.0-4.1 References: https://www.suse.com/security/cve/CVE-2018-1000622.html https://www.suse.com/security/cve/CVE-2019-12083.html https://bugzilla.suse.com/1096945 https://bugzilla.suse.com/1100691 https://bugzilla.suse.com/1133283 https://bugzilla.suse.com/1134978 From sle-security-updates at lists.suse.com Wed Oct 23 13:14:16 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 23 Oct 2019 21:14:16 +0200 (CEST) Subject: SUSE-SU-2019:2756-1: important: Security update for the Linux Kernel Message-ID: <20191023191416.D46A5F798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2756-1 Rating: important References: #1012382 #1047238 #1050911 #1051510 #1053043 #1054914 #1055117 #1056686 #1060662 #1061840 #1061843 #1064597 #1064701 #1065600 #1065729 #1066369 #1071009 #1071306 #1071995 #1078248 #1082555 #1083647 #1083710 #1085030 #1085536 #1085539 #1086103 #1087092 #1088047 #1090734 #1091171 #1093205 #1094555 #1098633 #1102097 #1102247 #1104902 #1104967 #1106061 #1106284 #1106383 #1106434 #1106751 #1108382 #1109137 #1109158 #1111666 #1112178 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113722 #1114279 #1114542 #1115688 #1117158 #1118139 #1118689 #1119086 #1119222 #1119532 #1120423 #1120566 #1120876 #1120902 #1120937 #1123034 #1123080 #1123105 #1123959 #1124167 #1124370 #1124503 #1127034 #1127155 #1127315 #1127988 #1128432 #1128902 #1128910 #1129424 #1129519 #1129664 #1129770 #1130972 #1131107 #1131281 #1131304 #1131565 #1132154 #1132390 #1132686 #1133021 #1133401 #1134097 #1134291 #1134303 #1134390 #1134671 #1134881 #1134882 #1135219 #1135296 #1135335 #1135556 #1135642 #1135661 #1135897 #1136157 #1136261 #1136811 #1136896 #1136935 #1136990 #1137069 #1137162 #1137221 #1137366 #1137372 #1137429 #1137444 #1137458 #1137534 #1137535 #1137584 #1137586 #1137609 #1137625 #1137728 #1137739 #1137752 #1137811 #1137827 #1137865 #1137884 #1137959 #1137995 #1137996 #1137998 #1137999 #1138000 #1138002 #1138003 #1138005 #1138006 #1138007 #1138008 #1138009 #1138010 #1138011 #1138012 #1138013 #1138014 #1138015 #1138016 #1138017 #1138018 #1138019 #1138374 #1138375 #1138539 #1138589 #1138719 #1139020 #1139021 #1139101 #1139500 #1139771 #1139782 #1139865 #1140012 #1140133 #1140139 #1140155 #1140322 #1140328 #1140405 #1140424 #1140426 #1140428 #1140487 #1140637 #1140652 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 #1140887 #1140888 #1140889 #1140891 #1140893 #1140903 #1140945 #1140948 #1140954 #1140955 #1140956 #1140957 #1140958 #1140959 #1140960 #1140961 #1140962 #1140964 #1140971 #1140972 #1140992 #1141013 #1141401 #1141402 #1141450 #1141452 #1141453 #1141454 #1141478 #1141543 #1141554 #1142019 #1142076 #1142109 #1142112 #1142117 #1142118 #1142119 #1142129 #1142220 #1142221 #1142350 #1142351 #1142354 #1142359 #1142450 #1142496 #1142541 #1142635 #1142685 #1142701 #1142857 #1142868 #1143003 #1143105 #1143185 #1143300 #1143466 #1143507 #1143765 #1143841 #1143843 #1144123 #1144333 #1144474 #1144518 #1144718 #1144813 #1144880 #1144886 #1144912 #1144920 #1144979 #1145010 #1145024 #1145051 #1145059 #1145189 #1145235 #1145300 #1145302 #1145388 #1145389 #1145390 #1145391 #1145392 #1145393 #1145394 #1145395 #1145396 #1145397 #1145408 #1145409 #1145661 #1145678 #1145687 #1145920 #1145922 #1145934 #1145937 #1145940 #1145941 #1145942 #1146042 #1146074 #1146084 #1146163 #1146285 #1146346 #1146351 #1146352 #1146361 #1146376 #1146378 #1146381 #1146391 #1146399 #1146413 #1146425 #1146512 #1146514 #1146516 #1146519 #1146524 #1146526 #1146529 #1146531 #1146540 #1146543 #1146547 #1146550 #1146575 #1146589 #1146664 #1146678 #1146938 #1148031 #1148032 #1148033 #1148034 #1148035 #1148093 #1148133 #1148192 #1148196 #1148198 #1148202 #1148303 #1148363 #1148379 #1148394 #1148527 #1148574 #1148616 #1148617 #1148619 #1148698 #1148712 #1148859 #1148868 #1149053 #1149083 #1149104 #1149105 #1149106 #1149197 #1149214 #1149224 #1149313 #1149325 #1149376 #1149413 #1149418 #1149424 #1149446 #1149522 #1149527 #1149539 #1149552 #1149555 #1149591 #1149602 #1149612 #1149626 #1149651 #1149652 #1149713 #1149940 #1149959 #1149963 #1149976 #1150025 #1150033 #1150112 #1150381 #1150423 #1150562 #1150727 #1150860 #1150861 #1150933 #1151350 #1151610 #1151667 #1151671 #1151891 #1151955 #1152024 #1152025 #1152026 #1152161 #1152325 #1152457 #1152460 #1152466 #1152972 #1152974 #1152975 Cross-References: CVE-2017-18551 CVE-2017-18595 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-11479 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15291 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 CVE-2019-9506 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP4 ______________________________________________________________________________ An update that solves 44 vulnerabilities and has 368 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka "KNOB") that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361). - CVE-2019-15924: fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure (bnc#1149612). - CVE-2019-9456: In the Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have led to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via an interrupt. To exploit the vulnerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE was misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bnc#1149626). - CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602). - CVE-2018-21008: A use-after-free could have been caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552). - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539). - CVE-2019-15926: An out-of-bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527). - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522). - CVE-2019-15902: Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524). - CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14815: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bsc#1146514) - CVE-2019-14816: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516). - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526). - CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093). - - Update reference for ath6kl fix (CVE-2019-15290,bsc#1146543). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550). - CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529). - CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413). - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425). - CVE-2019-15090: An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the qedi_dbg_* family of functions, there is an out-of-bounds read (bnc#1146399). - CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c. There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion (bnc#1145922). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920). - CVE-2019-11479: Fixed the default MSS that was hard-coded to 48 bytes. This allowed a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. (bnc#1137586). - CVE-2019-10207: Bluetooth/hci_uart was missing a check for tty operations (bsc#1142857). The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - Abort file_remove_privs() for non-reg. files (bsc#1140888). - ACPI: Add Hygon Dhyana support (). - ACPI/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI: fix false-positive -Wuninitialized warning (bsc#1051510). - ACPI: fix menuconfig presentation of ACPI submenu (bsc#1117158). - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - ACPI/nfit: Always dump _DSM output payload (bsc#1142351). - ACPI/PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - ACPI: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - ACPI: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - Add back sibling paca poiter to paca (bsc#1055117). - Added De0-Nanos-SoC board support (and others based on Altera SOC). - Add missing structs and defines from recent SMB3.1.1 documentation (bsc#1144333). - Add new flag on SMB3.1.1 read (bsc#1144333). - Address lock imbalance warnings in smbdirect.c (bsc#1144333). - Add sample kernel-default-base spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - Add some missing debug fields in server and tcon structs (bsc#1144333). - add some missing definitions (bsc#1144333). - Add support for crct10dif-vpmsum (). - Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_key: unconditionally clone on broadcast (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - af_unix: remove redundant lockdep class (git-fixes). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - ALSA: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - ALSA: compress: Fix regression on compressed capture streams (bsc#1051510). - ALSA: compress: Prevent bypasses of set_params (bsc#1051510). - ALSA: firewire: fix a memory leak bug (bsc#1051510). - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - ALSA: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - ALSA: hda - Add a generic reboot_notify (bsc#1051510). - ALSA: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - ALSA: hda - Do not override global PCM hw info flag (bsc#1051510). - ALSA: hda - Fix a memory leak bug (bsc#1051510). - ALSA: hda - Fix potential endless loop at applying quirks (bsc#1051510). - ALSA: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - ALSA: hda: kabi workaround for generic parser flag (bsc#1051510). - ALSA: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - ALSA: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - ALSA: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - ALSA: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - ALSA: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - ALSA: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - ALSA: hda/realtek - Set default power save node to 0 (bsc#1051510). - ALSA: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - ALSA: hiface: fix multiple memory leak bugs (bsc#1051510). - ALSA: line6: Fix a typo (bsc#1051510). - ALSA: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - ALSA: line6: Fix write on zero-sized buffer (bsc#1051510). - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - ALSA: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - ALSA: seq: Break too long mutex context in the write loop (bsc#1051510). - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - ALSA: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - ALSA: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - ALSA: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - ALSA: usb-audio: Cleanup DSD whitelist (bsc#1051510). - ALSA: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - ALSA: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - ALSA: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64: acpi: fix alignment fault in accessing ACPI (bsc#1117158). - arm64: fix ACPI dependencies (bsc#1117158). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - ASoC : cs4265 : readable register too low (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: Fail card instantiation if DAI format setup fails (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - ASoC: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove "XXX:" comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - Bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - Bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - Bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - Bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - Bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs-kill-btrfs_clear_path_blocking.patch: (bsc#1140139). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - Build klp-symbols in kernel devel projects. - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: m_can: implement errata "Needless activation of MRAF irq" (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - chardev: add additional check for minor range overlap (bsc#1051510). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - Cleanup some minor endian issues in smb3 rdma (bsc#1144333). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: Add Hygon Dhyana support (). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpu/topology: Export die_id (jsc#SLE-5454). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp - fix the SEV probe in kexec boot path (bsc#1136896). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - Delete for bsc#1144979: bcache: kernel oops on reading sysfs cache_mode file patches.suse/0031-bcache-use-sysfs_match_string-instead-of-__sysfs_mat.patc h. - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" (bsc#1051510). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm, dax: Fix detection of DAX support (bsc#1139782). - dm delay: fix a crash when invalid device is specified (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm log writes: make sure super sector log updates are written in order (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE") (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm zoned: Silence a static checker warning (git fixes). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - Documentation: Add MDS vulnerability documentation (bsc#1135642). - Documentation: Add nospectre_v1 parameter (bsc#1051510). - Documentation: Correct the possible MDS sysfs values (bsc#1135642). - Documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - Documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333). - Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333). - Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751). - Do not provide kernel-default-srchash from kernel-default-base. - Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm: silence variable 'conn' set but not used (bsc#1051510). - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - Drop an ASoC fix that was reverted in 4.14.y stable - e1000e: start network tx queue only when link is up (bsc#1051510). - eCryptfs: fix a couple type promotion bugs (bsc#1051510). - EDAC/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - EDAC, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - EDAC, amd64: Add Hygon Dhyana support (). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark ACPI reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi/arm: Revert "Defer persistent reservations until after paging_init()" (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - Fix kABI after KVM fixes - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix match_server check to allow for auto dialect negotiate (bsc#1144333). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - Fix warning messages when mounting to older servers (bsc#1144333). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - HID: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - HID: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - HID: hiddev: avoid opening a disconnected device (bsc#1051510). - HID: hiddev: do cleanup in failure of opening a device (bsc#1051510). - HID: holtek: test for sanity of intfdata (bsc#1051510). - HID: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - HID: sony: Fix race condition between rumble and device remove (bsc#1051510). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - HID: wacom: correct misreported EKR ring values (bsc#1142635). - HID: wacom: correct touch resolution x/y typo (bsc#1051510). - HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Do not set tool type until we're in range (bsc#1051510). - HID: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: add the "Report Valid" usage (bsc#1051510). - HID: wacom: generic: Correct pad syncing (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - hwrng: omap - Set default quality (bsc#1051510). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - IB/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - Input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - Input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - Input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - Input: iforce - add sanity checks (bsc#1051510). - Input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - Input: kbtab - sanity check for endpoint type (bsc#1051510). - Input: psmouse - fix build error of multiple definition (bsc#1051510). - Input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - Input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - Input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - Input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - Input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - Install extra rpm scripts for kernel subpackaging (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671). - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024). - iommu: Use right function to get group for device (bsc#1140958). - iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510). - isdn/capi: check message length in capi_write() (bsc#1051510). - ISDN: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kabi fixup blk_mq_register_dev() (bsc#1140637). - kabi: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kabi: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kabi workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-binary: Use -c grep option in klp project detection. - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - KMPs: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - kvm: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - kvm: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - kvm: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - kvm: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - kvm: x86: fix return value for reserved EFER (bsc#1140992). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - lan78xx: Fix memory leaks (bsc#1051510). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - leds: avoid flush_work in atomic context (bsc#1051510). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: au0828: fix null dereference in error path (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert "[media] marvell-ccic: reset ccic phy when stop streaming for stability" (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move irq_data_get_effective_affinity_mask prior the sorted section - Move stuff git_sort chokes on, out of the way - Move upstreamed BT fix into sorted section - Move upstreamed nvme fix into sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - Negotiate and save preferred compression algorithms (bsc#1144333). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net/smc: original socket family in inet_sock_diag (bsc#1149959). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - nfc: fix potential illegal memory access (bsc#1051510). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - nfs4: Fix v4.0 client state corruption when mount (git-fixes). - nfs add module option to limit NFSv4 minor version (jsc#PM-231). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - nfs: Do not interrupt file writeout due to fatal errors (git-fixes). - nfs: Do not open code clearing of delegation state (git-fixes). - nfs: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (git-fixes). - nfs: make nfs_match_client killable (bsc#1134291). - nfs: Refactor nfs_lookup_revalidate() (git-fixes). - nfs: Remove redundant semicolon (git-fixes). - nfsv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - nfsv4.1: Fix open stateid recovery (git-fixes). - nfsv4.1: Only reap expired delegations (git-fixes). - nfsv4: Check the return value of update_open_stateid() (git-fixes). - nfsv4: Fix an Oops in nfs4_do_setattr (git-fixes). - nfsv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - nfsv4: Fix delegation state recovery (git-fixes). - nfsv4: Fix lookup revalidate of regular files (git-fixes). - nfsv4: Fix OPEN / CLOSE race (git-fixes). - nfsv4: Handle the special Linux file open access mode (git-fixes). - nfsv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - nfsv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - PCI: Always allow probing with driver_override (bsc#1051510). - PCI: Do not poll for PME if the device is in D3cold (bsc#1051510). - PCI: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - PCI: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - PCI: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - PCI: hv: Remove unused reason for refcount handler (bsc#1142701). - PCI: hv: support reporting serial number as slot information (bsc#1142701). - PCI: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - PCI: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - PCI: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - PCI: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - PCI: Return error if cannot probe VF (bsc#1051510). - PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - PCI: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - PM / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - PM / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - pnfs fallback to MDS if no deviceid found (git-fixes). - pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pnfs/flexfiles: Turn off soft RPC calls (git-fixes). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - ppp: Fix memory leak in ppp_write (git-fixes). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279). - RAS/CEC: Fix binary search function (bsc#1114279). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - RDS: IB: fix 'passing zero to ERR_PTR()' warning (git-fixes). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510, bsc#1144333). - Replace the bluetooth fix with the upstream commit (bsc#1135556) - Revert "ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops" (bsc#1051510). - Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()" (bsc#1140652). - Revert "Bluetooth: validate BLE connection interval updates" (bsc#1051510). - Revert "cfg80211: fix processing world regdomain when non modular" (bsc#1051510). - Revert "dm bufio: fix deadlock with loop device" (git fixes). - Revert "Drop multiversion(kernel) from the KMP template ()" (bsc#1109137). - Revert "e1000e: fix cyclic resets at link up with active tx" (bsc#1051510). - Revert "HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range" (bsc#1051510). - Revert i915 userptr page lock patch (bsc#1145051) This patch potentially causes a deadlock between kcompactd, as reported on 5.3-rc3. - Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137)." - Revert "mwifiex: fix system hang problem after resume" (bsc#1051510). - Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" (bsc#1139020 bsc#1139021). - Revert patches.suse/0001-blk-wbt-Avoid-lock-contention-and-thundering-herd-is.patc h (bsc#1141543) As we see stalls / crashes recently with the relevant code path, revert this patch tentatively. - Revert "Revert "Drop multiversion(kernel) from the KMP template ()"" This feature was requested for SLE15 but aws reverted in packaging and master. - Revert "Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137)."" - Revert "Revert "KMPs: provide and conflict a kernel version specific KMP name"" - Revert "Revert "Revert "Drop multiversion(kernel) from the KMP template ()""" - Revert "s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589)." This broke the build with older gcc instead. - Revert "scsi: ncr5380: Increase register polling limit" (git-fixes). - Revert "scsi: ufs: disable vccq if it's not needed by UFS device" (git-fixes). - Revert "serial: 8250: Do not service RX FIFO if interrupts are disabled" (bsc#1051510). - Revert "svm: Fix AVIC incomplete IPI emulation" (bsc#1140133). - rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/. - rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/. - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-subpackage-build: handle arm kernel zImage. - rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage. - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: Add mmots tree. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: delete sas port if expander discover failed (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: fix error message on "already" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake: "existant" -> "existent" (bsc#1118139). - scsi: qla2xxx: fix spelling mistake "initializatin" -> "initialization" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update two source code comments (git-fixes). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - sctp: fix the transport error_count check (networking-stable-19_08_21). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - signal/ptrace: Do not leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter "dev_t line" (bsc#1051510). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1137884). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - Staging: vc04_services: Fix a couple error codes (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - team: Always enable vlan tx offload (bsc#1051510). - test_firmware: fix a memory leak bug (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - Trim build dependencies of sample subpackage spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - Update config files. (bsc#1145687) Add the following kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y CONFIG_HOTPLUG_PCI_ACPI=y - Update config files. - CIFS: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys (bsc#1144333). - Update config files. - cifs: allow disabling insecure dialects in the config (bsc#1144333). - Update config files. - CIFS: SMBD: Introduce kernel config option CONFIG_CIFS_SMB_DIRECT (bsc#1144333). - Update config files for NFSv4.2 Enable NFSv4.2 support - jsc at PM-231 This requires a module parameter for NFSv4.2 to actually be available on SLE12 and SLE15-SP0 - update internal version number for cifs.ko (bsc#1144333). - Update session and share information displayed for debugging SMB2/SMB3 (bsc#1144333). - Update version of cifs module (bsc#1144333). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: gadget: composite: Clear "suspended" on reset/disconnect (bsc#1051510). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - VMCI: Fix integer overflow in VMCI handle arrays (bsc#1051510). - VMCI: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - vrf: sit mtu should not be updated when vrf netdev is the link (networking-stable-19_05_14). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - wil6210: fix potential out-of-bounds read (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - x86/xen: Add Hygon Dhyana support to Xen (). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not overflow xattr listent buffer (bsc#1143105). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: truncate transaction does not modify the inobt (bsc#1145235). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP4: zypper in -t patch SUSE-SLE-RT-12-SP4-2019-2756=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP4 (x86_64): cluster-md-kmp-rt-4.12.14-8.6.1 dlm-kmp-rt-4.12.14-8.6.1 gfs2-kmp-rt-4.12.14-8.6.1 kernel-rt-4.12.14-8.6.1 kernel-rt-base-4.12.14-8.6.1 kernel-rt-devel-4.12.14-8.6.1 kernel-rt_debug-devel-4.12.14-8.6.1 kernel-syms-rt-4.12.14-8.6.1 ocfs2-kmp-rt-4.12.14-8.6.1 - SUSE Linux Enterprise Real Time Extension 12-SP4 (noarch): kernel-devel-rt-4.12.14-8.6.1 kernel-source-rt-4.12.14-8.6.1 References: https://www.suse.com/security/cve/CVE-2017-18551.html https://www.suse.com/security/cve/CVE-2017-18595.html https://www.suse.com/security/cve/CVE-2018-20976.html https://www.suse.com/security/cve/CVE-2018-21008.html https://www.suse.com/security/cve/CVE-2019-10207.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-14814.html https://www.suse.com/security/cve/CVE-2019-14815.html https://www.suse.com/security/cve/CVE-2019-14816.html https://www.suse.com/security/cve/CVE-2019-14821.html https://www.suse.com/security/cve/CVE-2019-14835.html https://www.suse.com/security/cve/CVE-2019-15030.html https://www.suse.com/security/cve/CVE-2019-15031.html https://www.suse.com/security/cve/CVE-2019-15090.html https://www.suse.com/security/cve/CVE-2019-15098.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-15118.html https://www.suse.com/security/cve/CVE-2019-15211.html https://www.suse.com/security/cve/CVE-2019-15212.html https://www.suse.com/security/cve/CVE-2019-15214.html https://www.suse.com/security/cve/CVE-2019-15215.html https://www.suse.com/security/cve/CVE-2019-15216.html https://www.suse.com/security/cve/CVE-2019-15217.html https://www.suse.com/security/cve/CVE-2019-15218.html https://www.suse.com/security/cve/CVE-2019-15219.html https://www.suse.com/security/cve/CVE-2019-15220.html https://www.suse.com/security/cve/CVE-2019-15221.html https://www.suse.com/security/cve/CVE-2019-15222.html https://www.suse.com/security/cve/CVE-2019-15239.html https://www.suse.com/security/cve/CVE-2019-15290.html https://www.suse.com/security/cve/CVE-2019-15291.html https://www.suse.com/security/cve/CVE-2019-15292.html https://www.suse.com/security/cve/CVE-2019-15538.html https://www.suse.com/security/cve/CVE-2019-15666.html https://www.suse.com/security/cve/CVE-2019-15902.html https://www.suse.com/security/cve/CVE-2019-15917.html https://www.suse.com/security/cve/CVE-2019-15919.html https://www.suse.com/security/cve/CVE-2019-15920.html https://www.suse.com/security/cve/CVE-2019-15921.html https://www.suse.com/security/cve/CVE-2019-15924.html https://www.suse.com/security/cve/CVE-2019-15926.html https://www.suse.com/security/cve/CVE-2019-15927.html https://www.suse.com/security/cve/CVE-2019-9456.html https://www.suse.com/security/cve/CVE-2019-9506.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1047238 https://bugzilla.suse.com/1050911 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1060662 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1061843 https://bugzilla.suse.com/1064597 https://bugzilla.suse.com/1064701 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066369 https://bugzilla.suse.com/1071009 https://bugzilla.suse.com/1071306 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083710 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086103 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1102097 https://bugzilla.suse.com/1102247 https://bugzilla.suse.com/1104902 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1106751 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1115688 https://bugzilla.suse.com/1117158 https://bugzilla.suse.com/1118139 https://bugzilla.suse.com/1118689 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119222 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1120566 https://bugzilla.suse.com/1120876 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1120937 https://bugzilla.suse.com/1123034 https://bugzilla.suse.com/1123080 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1123959 https://bugzilla.suse.com/1124167 https://bugzilla.suse.com/1124370 https://bugzilla.suse.com/1124503 https://bugzilla.suse.com/1127034 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127315 https://bugzilla.suse.com/1127988 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1128910 https://bugzilla.suse.com/1129424 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131281 https://bugzilla.suse.com/1131304 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1132154 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1132686 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1134097 https://bugzilla.suse.com/1134291 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134390 https://bugzilla.suse.com/1134671 https://bugzilla.suse.com/1134881 https://bugzilla.suse.com/1134882 https://bugzilla.suse.com/1135219 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135335 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136261 https://bugzilla.suse.com/1136811 https://bugzilla.suse.com/1136896 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1137069 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137221 https://bugzilla.suse.com/1137366 https://bugzilla.suse.com/1137372 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137444 https://bugzilla.suse.com/1137458 https://bugzilla.suse.com/1137534 https://bugzilla.suse.com/1137535 https://bugzilla.suse.com/1137584 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137609 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137752 https://bugzilla.suse.com/1137811 https://bugzilla.suse.com/1137827 https://bugzilla.suse.com/1137865 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137959 https://bugzilla.suse.com/1137995 https://bugzilla.suse.com/1137996 https://bugzilla.suse.com/1137998 https://bugzilla.suse.com/1137999 https://bugzilla.suse.com/1138000 https://bugzilla.suse.com/1138002 https://bugzilla.suse.com/1138003 https://bugzilla.suse.com/1138005 https://bugzilla.suse.com/1138006 https://bugzilla.suse.com/1138007 https://bugzilla.suse.com/1138008 https://bugzilla.suse.com/1138009 https://bugzilla.suse.com/1138010 https://bugzilla.suse.com/1138011 https://bugzilla.suse.com/1138012 https://bugzilla.suse.com/1138013 https://bugzilla.suse.com/1138014 https://bugzilla.suse.com/1138015 https://bugzilla.suse.com/1138016 https://bugzilla.suse.com/1138017 https://bugzilla.suse.com/1138018 https://bugzilla.suse.com/1138019 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138539 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1139020 https://bugzilla.suse.com/1139021 https://bugzilla.suse.com/1139101 https://bugzilla.suse.com/1139500 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139782 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140012 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140139 https://bugzilla.suse.com/1140155 https://bugzilla.suse.com/1140322 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140426 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140487 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 https://bugzilla.suse.com/1140887 https://bugzilla.suse.com/1140888 https://bugzilla.suse.com/1140889 https://bugzilla.suse.com/1140891 https://bugzilla.suse.com/1140893 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/1140954 https://bugzilla.suse.com/1140955 https://bugzilla.suse.com/1140956 https://bugzilla.suse.com/1140957 https://bugzilla.suse.com/1140958 https://bugzilla.suse.com/1140959 https://bugzilla.suse.com/1140960 https://bugzilla.suse.com/1140961 https://bugzilla.suse.com/1140962 https://bugzilla.suse.com/1140964 https://bugzilla.suse.com/1140971 https://bugzilla.suse.com/1140972 https://bugzilla.suse.com/1140992 https://bugzilla.suse.com/1141013 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141450 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1141478 https://bugzilla.suse.com/1141543 https://bugzilla.suse.com/1141554 https://bugzilla.suse.com/1142019 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142109 https://bugzilla.suse.com/1142112 https://bugzilla.suse.com/1142117 https://bugzilla.suse.com/1142118 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142129 https://bugzilla.suse.com/1142220 https://bugzilla.suse.com/1142221 https://bugzilla.suse.com/1142350 https://bugzilla.suse.com/1142351 https://bugzilla.suse.com/1142354 https://bugzilla.suse.com/1142359 https://bugzilla.suse.com/1142450 https://bugzilla.suse.com/1142496 https://bugzilla.suse.com/1142541 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142857 https://bugzilla.suse.com/1142868 https://bugzilla.suse.com/1143003 https://bugzilla.suse.com/1143105 https://bugzilla.suse.com/1143185 https://bugzilla.suse.com/1143300 https://bugzilla.suse.com/1143466 https://bugzilla.suse.com/1143507 https://bugzilla.suse.com/1143765 https://bugzilla.suse.com/1143841 https://bugzilla.suse.com/1143843 https://bugzilla.suse.com/1144123 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1144474 https://bugzilla.suse.com/1144518 https://bugzilla.suse.com/1144718 https://bugzilla.suse.com/1144813 https://bugzilla.suse.com/1144880 https://bugzilla.suse.com/1144886 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1144920 https://bugzilla.suse.com/1144979 https://bugzilla.suse.com/1145010 https://bugzilla.suse.com/1145024 https://bugzilla.suse.com/1145051 https://bugzilla.suse.com/1145059 https://bugzilla.suse.com/1145189 https://bugzilla.suse.com/1145235 https://bugzilla.suse.com/1145300 https://bugzilla.suse.com/1145302 https://bugzilla.suse.com/1145388 https://bugzilla.suse.com/1145389 https://bugzilla.suse.com/1145390 https://bugzilla.suse.com/1145391 https://bugzilla.suse.com/1145392 https://bugzilla.suse.com/1145393 https://bugzilla.suse.com/1145394 https://bugzilla.suse.com/1145395 https://bugzilla.suse.com/1145396 https://bugzilla.suse.com/1145397 https://bugzilla.suse.com/1145408 https://bugzilla.suse.com/1145409 https://bugzilla.suse.com/1145661 https://bugzilla.suse.com/1145678 https://bugzilla.suse.com/1145687 https://bugzilla.suse.com/1145920 https://bugzilla.suse.com/1145922 https://bugzilla.suse.com/1145934 https://bugzilla.suse.com/1145937 https://bugzilla.suse.com/1145940 https://bugzilla.suse.com/1145941 https://bugzilla.suse.com/1145942 https://bugzilla.suse.com/1146042 https://bugzilla.suse.com/1146074 https://bugzilla.suse.com/1146084 https://bugzilla.suse.com/1146163 https://bugzilla.suse.com/1146285 https://bugzilla.suse.com/1146346 https://bugzilla.suse.com/1146351 https://bugzilla.suse.com/1146352 https://bugzilla.suse.com/1146361 https://bugzilla.suse.com/1146376 https://bugzilla.suse.com/1146378 https://bugzilla.suse.com/1146381 https://bugzilla.suse.com/1146391 https://bugzilla.suse.com/1146399 https://bugzilla.suse.com/1146413 https://bugzilla.suse.com/1146425 https://bugzilla.suse.com/1146512 https://bugzilla.suse.com/1146514 https://bugzilla.suse.com/1146516 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146524 https://bugzilla.suse.com/1146526 https://bugzilla.suse.com/1146529 https://bugzilla.suse.com/1146531 https://bugzilla.suse.com/1146540 https://bugzilla.suse.com/1146543 https://bugzilla.suse.com/1146547 https://bugzilla.suse.com/1146550 https://bugzilla.suse.com/1146575 https://bugzilla.suse.com/1146589 https://bugzilla.suse.com/1146664 https://bugzilla.suse.com/1146678 https://bugzilla.suse.com/1146938 https://bugzilla.suse.com/1148031 https://bugzilla.suse.com/1148032 https://bugzilla.suse.com/1148033 https://bugzilla.suse.com/1148034 https://bugzilla.suse.com/1148035 https://bugzilla.suse.com/1148093 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148192 https://bugzilla.suse.com/1148196 https://bugzilla.suse.com/1148198 https://bugzilla.suse.com/1148202 https://bugzilla.suse.com/1148303 https://bugzilla.suse.com/1148363 https://bugzilla.suse.com/1148379 https://bugzilla.suse.com/1148394 https://bugzilla.suse.com/1148527 https://bugzilla.suse.com/1148574 https://bugzilla.suse.com/1148616 https://bugzilla.suse.com/1148617 https://bugzilla.suse.com/1148619 https://bugzilla.suse.com/1148698 https://bugzilla.suse.com/1148712 https://bugzilla.suse.com/1148859 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149053 https://bugzilla.suse.com/1149083 https://bugzilla.suse.com/1149104 https://bugzilla.suse.com/1149105 https://bugzilla.suse.com/1149106 https://bugzilla.suse.com/1149197 https://bugzilla.suse.com/1149214 https://bugzilla.suse.com/1149224 https://bugzilla.suse.com/1149313 https://bugzilla.suse.com/1149325 https://bugzilla.suse.com/1149376 https://bugzilla.suse.com/1149413 https://bugzilla.suse.com/1149418 https://bugzilla.suse.com/1149424 https://bugzilla.suse.com/1149446 https://bugzilla.suse.com/1149522 https://bugzilla.suse.com/1149527 https://bugzilla.suse.com/1149539 https://bugzilla.suse.com/1149552 https://bugzilla.suse.com/1149555 https://bugzilla.suse.com/1149591 https://bugzilla.suse.com/1149602 https://bugzilla.suse.com/1149612 https://bugzilla.suse.com/1149626 https://bugzilla.suse.com/1149651 https://bugzilla.suse.com/1149652 https://bugzilla.suse.com/1149713 https://bugzilla.suse.com/1149940 https://bugzilla.suse.com/1149959 https://bugzilla.suse.com/1149963 https://bugzilla.suse.com/1149976 https://bugzilla.suse.com/1150025 https://bugzilla.suse.com/1150033 https://bugzilla.suse.com/1150112 https://bugzilla.suse.com/1150381 https://bugzilla.suse.com/1150423 https://bugzilla.suse.com/1150562 https://bugzilla.suse.com/1150727 https://bugzilla.suse.com/1150860 https://bugzilla.suse.com/1150861 https://bugzilla.suse.com/1150933 https://bugzilla.suse.com/1151350 https://bugzilla.suse.com/1151610 https://bugzilla.suse.com/1151667 https://bugzilla.suse.com/1151671 https://bugzilla.suse.com/1151891 https://bugzilla.suse.com/1151955 https://bugzilla.suse.com/1152024 https://bugzilla.suse.com/1152025 https://bugzilla.suse.com/1152026 https://bugzilla.suse.com/1152161 https://bugzilla.suse.com/1152325 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152460 https://bugzilla.suse.com/1152466 https://bugzilla.suse.com/1152972 https://bugzilla.suse.com/1152974 https://bugzilla.suse.com/1152975 From sle-security-updates at lists.suse.com Thu Oct 24 10:15:57 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 24 Oct 2019 18:15:57 +0200 (CEST) Subject: SUSE-SU-2019:2769-1: important: Security update for xen Message-ID: <20191024161557.E2A88F798@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2769-1 Rating: important References: #1126140 #1126141 #1126192 #1126195 #1126196 #1126197 #1126198 #1126201 #1127400 #1133818 #1143797 #1146874 #1149813 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17345 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Other issue fixed: - Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration (bsc#1133818). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2769=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2769=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2769=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2769=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2769=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2769=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2769=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_04-3.56.2 xen-debugsource-4.9.4_04-3.56.2 xen-doc-html-4.9.4_04-3.56.2 xen-libs-32bit-4.9.4_04-3.56.2 xen-libs-4.9.4_04-3.56.2 xen-libs-debuginfo-32bit-4.9.4_04-3.56.2 xen-libs-debuginfo-4.9.4_04-3.56.2 xen-tools-4.9.4_04-3.56.2 xen-tools-debuginfo-4.9.4_04-3.56.2 xen-tools-domU-4.9.4_04-3.56.2 xen-tools-domU-debuginfo-4.9.4_04-3.56.2 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_04-3.56.2 xen-debugsource-4.9.4_04-3.56.2 xen-doc-html-4.9.4_04-3.56.2 xen-libs-32bit-4.9.4_04-3.56.2 xen-libs-4.9.4_04-3.56.2 xen-libs-debuginfo-32bit-4.9.4_04-3.56.2 xen-libs-debuginfo-4.9.4_04-3.56.2 xen-tools-4.9.4_04-3.56.2 xen-tools-debuginfo-4.9.4_04-3.56.2 xen-tools-domU-4.9.4_04-3.56.2 xen-tools-domU-debuginfo-4.9.4_04-3.56.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_04-3.56.2 xen-debugsource-4.9.4_04-3.56.2 xen-doc-html-4.9.4_04-3.56.2 xen-libs-32bit-4.9.4_04-3.56.2 xen-libs-4.9.4_04-3.56.2 xen-libs-debuginfo-32bit-4.9.4_04-3.56.2 xen-libs-debuginfo-4.9.4_04-3.56.2 xen-tools-4.9.4_04-3.56.2 xen-tools-debuginfo-4.9.4_04-3.56.2 xen-tools-domU-4.9.4_04-3.56.2 xen-tools-domU-debuginfo-4.9.4_04-3.56.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_04-3.56.2 xen-debugsource-4.9.4_04-3.56.2 xen-doc-html-4.9.4_04-3.56.2 xen-libs-32bit-4.9.4_04-3.56.2 xen-libs-4.9.4_04-3.56.2 xen-libs-debuginfo-32bit-4.9.4_04-3.56.2 xen-libs-debuginfo-4.9.4_04-3.56.2 xen-tools-4.9.4_04-3.56.2 xen-tools-debuginfo-4.9.4_04-3.56.2 xen-tools-domU-4.9.4_04-3.56.2 xen-tools-domU-debuginfo-4.9.4_04-3.56.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_04-3.56.2 xen-debugsource-4.9.4_04-3.56.2 xen-doc-html-4.9.4_04-3.56.2 xen-libs-32bit-4.9.4_04-3.56.2 xen-libs-4.9.4_04-3.56.2 xen-libs-debuginfo-32bit-4.9.4_04-3.56.2 xen-libs-debuginfo-4.9.4_04-3.56.2 xen-tools-4.9.4_04-3.56.2 xen-tools-debuginfo-4.9.4_04-3.56.2 xen-tools-domU-4.9.4_04-3.56.2 xen-tools-domU-debuginfo-4.9.4_04-3.56.2 - SUSE Enterprise Storage 5 (x86_64): xen-4.9.4_04-3.56.2 xen-debugsource-4.9.4_04-3.56.2 xen-doc-html-4.9.4_04-3.56.2 xen-libs-32bit-4.9.4_04-3.56.2 xen-libs-4.9.4_04-3.56.2 xen-libs-debuginfo-32bit-4.9.4_04-3.56.2 xen-libs-debuginfo-4.9.4_04-3.56.2 xen-tools-4.9.4_04-3.56.2 xen-tools-debuginfo-4.9.4_04-3.56.2 xen-tools-domU-4.9.4_04-3.56.2 xen-tools-domU-debuginfo-4.9.4_04-3.56.2 - SUSE CaaS Platform 3.0 (x86_64): xen-debugsource-4.9.4_04-3.56.2 xen-libs-4.9.4_04-3.56.2 xen-libs-debuginfo-4.9.4_04-3.56.2 xen-tools-domU-4.9.4_04-3.56.2 xen-tools-domU-debuginfo-4.9.4_04-3.56.2 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_04-3.56.2 xen-debugsource-4.9.4_04-3.56.2 xen-doc-html-4.9.4_04-3.56.2 xen-libs-32bit-4.9.4_04-3.56.2 xen-libs-4.9.4_04-3.56.2 xen-libs-debuginfo-32bit-4.9.4_04-3.56.2 xen-libs-debuginfo-4.9.4_04-3.56.2 xen-tools-4.9.4_04-3.56.2 xen-tools-debuginfo-4.9.4_04-3.56.2 xen-tools-domU-4.9.4_04-3.56.2 xen-tools-domU-debuginfo-4.9.4_04-3.56.2 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-12068.html https://www.suse.com/security/cve/CVE-2019-14378.html https://www.suse.com/security/cve/CVE-2019-15890.html https://www.suse.com/security/cve/CVE-2019-17340.html https://www.suse.com/security/cve/CVE-2019-17341.html https://www.suse.com/security/cve/CVE-2019-17342.html https://www.suse.com/security/cve/CVE-2019-17343.html https://www.suse.com/security/cve/CVE-2019-17344.html https://www.suse.com/security/cve/CVE-2019-17345.html https://www.suse.com/security/cve/CVE-2019-17346.html https://www.suse.com/security/cve/CVE-2019-17347.html https://www.suse.com/security/cve/CVE-2019-17348.html https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126197 https://bugzilla.suse.com/1126198 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1127400 https://bugzilla.suse.com/1133818 https://bugzilla.suse.com/1143797 https://bugzilla.suse.com/1146874 https://bugzilla.suse.com/1149813 From sle-security-updates at lists.suse.com Thu Oct 24 10:18:06 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 24 Oct 2019 18:18:06 +0200 (CEST) Subject: SUSE-SU-2019:2771-1: moderate: Security update for nfs-utils Message-ID: <20191024161806.E2C02F798@maintenance.suse.de> SUSE Security Update: Security update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2771-1 Rating: moderate References: #1150733 Cross-References: CVE-2019-3689 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2771=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2771=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): nfs-client-1.3.0-41.3.1 nfs-client-debuginfo-1.3.0-41.3.1 nfs-doc-1.3.0-41.3.1 nfs-kernel-server-1.3.0-41.3.1 nfs-kernel-server-debuginfo-1.3.0-41.3.1 nfs-utils-debugsource-1.3.0-41.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): nfs-client-1.3.0-41.3.1 nfs-client-debuginfo-1.3.0-41.3.1 nfs-doc-1.3.0-41.3.1 nfs-kernel-server-1.3.0-41.3.1 nfs-kernel-server-debuginfo-1.3.0-41.3.1 nfs-utils-debugsource-1.3.0-41.3.1 References: https://www.suse.com/security/cve/CVE-2019-3689.html https://bugzilla.suse.com/1150733 From sle-security-updates at lists.suse.com Thu Oct 24 10:21:48 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 24 Oct 2019 18:21:48 +0200 (CEST) Subject: SUSE-SU-2019:14199-1: important: Security update for xen Message-ID: <20191024162148.9A116F798@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14199-1 Rating: important References: #1126140 #1126141 #1126192 #1126195 #1126196 #1126198 #1126201 #1127400 #1135905 #1143797 #1145652 #1146874 #1149813 Cross-References: CVE-2019-12067 CVE-2019-12068 CVE-2019-12155 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). - CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652). - CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which could have led to denial of service (bsc#1135905). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xen-14199=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-14199=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): xen-kmp-default-4.4.4_40_3.0.101_108.101-61.49.1 xen-libs-4.4.4_40-61.49.1 xen-tools-domU-4.4.4_40-61.49.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): xen-4.4.4_40-61.49.1 xen-doc-html-4.4.4_40-61.49.1 xen-libs-32bit-4.4.4_40-61.49.1 xen-tools-4.4.4_40-61.49.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): xen-kmp-pae-4.4.4_40_3.0.101_108.101-61.49.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_40-61.49.1 xen-debugsource-4.4.4_40-61.49.1 References: https://www.suse.com/security/cve/CVE-2019-12067.html https://www.suse.com/security/cve/CVE-2019-12068.html https://www.suse.com/security/cve/CVE-2019-12155.html https://www.suse.com/security/cve/CVE-2019-14378.html https://www.suse.com/security/cve/CVE-2019-15890.html https://www.suse.com/security/cve/CVE-2019-17340.html https://www.suse.com/security/cve/CVE-2019-17341.html https://www.suse.com/security/cve/CVE-2019-17342.html https://www.suse.com/security/cve/CVE-2019-17343.html https://www.suse.com/security/cve/CVE-2019-17344.html https://www.suse.com/security/cve/CVE-2019-17346.html https://www.suse.com/security/cve/CVE-2019-17347.html https://www.suse.com/security/cve/CVE-2019-17348.html https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126198 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1127400 https://bugzilla.suse.com/1135905 https://bugzilla.suse.com/1143797 https://bugzilla.suse.com/1145652 https://bugzilla.suse.com/1146874 https://bugzilla.suse.com/1149813 From sle-security-updates at lists.suse.com Thu Oct 24 13:11:18 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 24 Oct 2019 21:11:18 +0200 (CEST) Subject: SUSE-SU-2019:2779-1: moderate: Security update for binutils Message-ID: <20191024191118.13982F79E@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2779-1 Rating: moderate References: #1109412 #1109413 #1109414 #1111996 #1112534 #1112535 #1113247 #1113252 #1113255 #1116827 #1118644 #1118830 #1118831 #1120640 #1121034 #1121035 #1121056 #1133131 #1133232 #1141913 #1142772 #1152590 #1154016 #1154025 Cross-References: CVE-2018-1000876 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2019-1010180 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes 28 vulnerabilities is now available. Description: This update for binutils fixes the following issues: binutils was updated to current 2.32 branch [jsc#ECO-368]. Includes following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO build issues (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section - Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016). - Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590). Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Fix broken debug symbols (bsc#1118644) - Handle ELF compressed header alignment correctly. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2019-2779=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2779=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2779=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2779=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.32-7.5.1 binutils-debugsource-2.32-7.5.1 binutils-gold-2.32-7.5.1 binutils-gold-debuginfo-2.32-7.5.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.32-7.5.1 binutils-debugsource-2.32-7.5.1 binutils-gold-2.32-7.5.1 binutils-gold-debuginfo-2.32-7.5.1 cross-arm-binutils-2.32-7.5.1 cross-arm-binutils-debuginfo-2.32-7.5.1 cross-arm-binutils-debugsource-2.32-7.5.1 cross-avr-binutils-2.32-7.5.1 cross-avr-binutils-debuginfo-2.32-7.5.1 cross-avr-binutils-debugsource-2.32-7.5.1 cross-epiphany-binutils-2.32-7.5.1 cross-epiphany-binutils-debuginfo-2.32-7.5.1 cross-epiphany-binutils-debugsource-2.32-7.5.1 cross-hppa-binutils-2.32-7.5.1 cross-hppa-binutils-debuginfo-2.32-7.5.1 cross-hppa-binutils-debugsource-2.32-7.5.1 cross-hppa64-binutils-2.32-7.5.1 cross-hppa64-binutils-debuginfo-2.32-7.5.1 cross-hppa64-binutils-debugsource-2.32-7.5.1 cross-i386-binutils-2.32-7.5.1 cross-i386-binutils-debuginfo-2.32-7.5.1 cross-i386-binutils-debugsource-2.32-7.5.1 cross-ia64-binutils-2.32-7.5.1 cross-ia64-binutils-debuginfo-2.32-7.5.1 cross-ia64-binutils-debugsource-2.32-7.5.1 cross-m68k-binutils-2.32-7.5.1 cross-m68k-binutils-debuginfo-2.32-7.5.1 cross-m68k-binutils-debugsource-2.32-7.5.1 cross-mips-binutils-2.32-7.5.1 cross-mips-binutils-debuginfo-2.32-7.5.1 cross-mips-binutils-debugsource-2.32-7.5.1 cross-ppc-binutils-2.32-7.5.1 cross-ppc-binutils-debuginfo-2.32-7.5.1 cross-ppc-binutils-debugsource-2.32-7.5.1 cross-ppc64-binutils-2.32-7.5.1 cross-ppc64-binutils-debuginfo-2.32-7.5.1 cross-ppc64-binutils-debugsource-2.32-7.5.1 cross-riscv64-binutils-2.32-7.5.1 cross-riscv64-binutils-debuginfo-2.32-7.5.1 cross-riscv64-binutils-debugsource-2.32-7.5.1 cross-rx-binutils-2.32-7.5.1 cross-rx-binutils-debuginfo-2.32-7.5.1 cross-rx-binutils-debugsource-2.32-7.5.1 cross-s390-binutils-2.32-7.5.1 cross-s390-binutils-debuginfo-2.32-7.5.1 cross-s390-binutils-debugsource-2.32-7.5.1 cross-sparc-binutils-2.32-7.5.1 cross-sparc-binutils-debuginfo-2.32-7.5.1 cross-sparc-binutils-debugsource-2.32-7.5.1 cross-sparc64-binutils-2.32-7.5.1 cross-sparc64-binutils-debuginfo-2.32-7.5.1 cross-sparc64-binutils-debugsource-2.32-7.5.1 cross-spu-binutils-2.32-7.5.1 cross-spu-binutils-debuginfo-2.32-7.5.1 cross-spu-binutils-debugsource-2.32-7.5.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le x86_64): cross-s390x-binutils-2.32-7.5.1 cross-s390x-binutils-debuginfo-2.32-7.5.1 cross-s390x-binutils-debugsource-2.32-7.5.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x): cross-x86_64-binutils-2.32-7.5.1 cross-x86_64-binutils-debuginfo-2.32-7.5.1 cross-x86_64-binutils-debugsource-2.32-7.5.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le s390x x86_64): cross-aarch64-binutils-2.32-7.5.1 cross-aarch64-binutils-debuginfo-2.32-7.5.1 cross-aarch64-binutils-debugsource-2.32-7.5.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x x86_64): cross-ppc64le-binutils-2.32-7.5.1 cross-ppc64le-binutils-debuginfo-2.32-7.5.1 cross-ppc64le-binutils-debugsource-2.32-7.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): binutils-debugsource-2.32-7.5.1 binutils-devel-32bit-2.32-7.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): binutils-2.32-7.5.1 binutils-debuginfo-2.32-7.5.1 binutils-debugsource-2.32-7.5.1 binutils-devel-2.32-7.5.1 References: https://www.suse.com/security/cve/CVE-2018-1000876.html https://www.suse.com/security/cve/CVE-2018-17358.html https://www.suse.com/security/cve/CVE-2018-17359.html https://www.suse.com/security/cve/CVE-2018-17360.html https://www.suse.com/security/cve/CVE-2018-17985.html https://www.suse.com/security/cve/CVE-2018-18309.html https://www.suse.com/security/cve/CVE-2018-18483.html https://www.suse.com/security/cve/CVE-2018-18484.html https://www.suse.com/security/cve/CVE-2018-18605.html https://www.suse.com/security/cve/CVE-2018-18606.html https://www.suse.com/security/cve/CVE-2018-18607.html https://www.suse.com/security/cve/CVE-2018-19931.html https://www.suse.com/security/cve/CVE-2018-19932.html https://www.suse.com/security/cve/CVE-2018-20623.html https://www.suse.com/security/cve/CVE-2018-20651.html https://www.suse.com/security/cve/CVE-2018-20671.html https://www.suse.com/security/cve/CVE-2018-6323.html https://www.suse.com/security/cve/CVE-2018-6543.html https://www.suse.com/security/cve/CVE-2018-6759.html https://www.suse.com/security/cve/CVE-2018-6872.html https://www.suse.com/security/cve/CVE-2018-7208.html https://www.suse.com/security/cve/CVE-2018-7568.html https://www.suse.com/security/cve/CVE-2018-7569.html https://www.suse.com/security/cve/CVE-2018-7570.html https://www.suse.com/security/cve/CVE-2018-7642.html https://www.suse.com/security/cve/CVE-2018-7643.html https://www.suse.com/security/cve/CVE-2018-8945.html https://www.suse.com/security/cve/CVE-2019-1010180.html https://bugzilla.suse.com/1109412 https://bugzilla.suse.com/1109413 https://bugzilla.suse.com/1109414 https://bugzilla.suse.com/1111996 https://bugzilla.suse.com/1112534 https://bugzilla.suse.com/1112535 https://bugzilla.suse.com/1113247 https://bugzilla.suse.com/1113252 https://bugzilla.suse.com/1113255 https://bugzilla.suse.com/1116827 https://bugzilla.suse.com/1118644 https://bugzilla.suse.com/1118830 https://bugzilla.suse.com/1118831 https://bugzilla.suse.com/1120640 https://bugzilla.suse.com/1121034 https://bugzilla.suse.com/1121035 https://bugzilla.suse.com/1121056 https://bugzilla.suse.com/1133131 https://bugzilla.suse.com/1133232 https://bugzilla.suse.com/1141913 https://bugzilla.suse.com/1142772 https://bugzilla.suse.com/1152590 https://bugzilla.suse.com/1154016 https://bugzilla.suse.com/1154025 From sle-security-updates at lists.suse.com Thu Oct 24 13:15:22 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 24 Oct 2019 21:15:22 +0200 (CEST) Subject: SUSE-SU-2019:2776-1: moderate: Security update for nfs-utils Message-ID: <20191024191522.369C9F798@maintenance.suse.de> SUSE Security Update: Security update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2776-1 Rating: moderate References: #1150733 Cross-References: CVE-2019-3689 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2776=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-6.14.1 nfs-client-debuginfo-2.1.1-6.14.1 nfs-doc-2.1.1-6.14.1 nfs-kernel-server-2.1.1-6.14.1 nfs-kernel-server-debuginfo-2.1.1-6.14.1 nfs-utils-debuginfo-2.1.1-6.14.1 nfs-utils-debugsource-2.1.1-6.14.1 References: https://www.suse.com/security/cve/CVE-2019-3689.html https://bugzilla.suse.com/1150733 From sle-security-updates at lists.suse.com Thu Oct 24 13:16:59 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 24 Oct 2019 21:16:59 +0200 (CEST) Subject: SUSE-SU-2019:2778-1: moderate: Security update for accountsservice Message-ID: <20191024191659.61B7FF798@maintenance.suse.de> SUSE Security Update: Security update for accountsservice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2778-1 Rating: moderate References: #1099699 #1139487 Cross-References: CVE-2018-14036 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for accountsservice fixes the following issues: Security issue fixed: - CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in user_change_icon_file_authorized_cb() (bsc#1099699). Non-security issue fixed: - Improved wtmp io performance (bsc#1139487). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2778=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2778=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2778=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2778=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2778=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2778=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): accountsservice-debuginfo-0.6.42-16.8.3 accountsservice-debugsource-0.6.42-16.8.3 accountsservice-devel-0.6.42-16.8.3 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): accountsservice-debuginfo-0.6.42-16.8.3 accountsservice-debugsource-0.6.42-16.8.3 accountsservice-devel-0.6.42-16.8.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): accountsservice-0.6.42-16.8.3 accountsservice-debuginfo-0.6.42-16.8.3 accountsservice-debugsource-0.6.42-16.8.3 libaccountsservice0-0.6.42-16.8.3 libaccountsservice0-debuginfo-0.6.42-16.8.3 typelib-1_0-AccountsService-1_0-0.6.42-16.8.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): accountsservice-lang-0.6.42-16.8.3 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): accountsservice-0.6.42-16.8.3 accountsservice-debuginfo-0.6.42-16.8.3 accountsservice-debugsource-0.6.42-16.8.3 libaccountsservice0-0.6.42-16.8.3 libaccountsservice0-debuginfo-0.6.42-16.8.3 typelib-1_0-AccountsService-1_0-0.6.42-16.8.3 - SUSE Linux Enterprise Server 12-SP4 (noarch): accountsservice-lang-0.6.42-16.8.3 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): accountsservice-lang-0.6.42-16.8.3 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): accountsservice-0.6.42-16.8.3 accountsservice-debuginfo-0.6.42-16.8.3 accountsservice-debugsource-0.6.42-16.8.3 libaccountsservice0-0.6.42-16.8.3 libaccountsservice0-debuginfo-0.6.42-16.8.3 typelib-1_0-AccountsService-1_0-0.6.42-16.8.3 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): accountsservice-lang-0.6.42-16.8.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): accountsservice-0.6.42-16.8.3 accountsservice-debuginfo-0.6.42-16.8.3 accountsservice-debugsource-0.6.42-16.8.3 libaccountsservice0-0.6.42-16.8.3 libaccountsservice0-debuginfo-0.6.42-16.8.3 typelib-1_0-AccountsService-1_0-0.6.42-16.8.3 References: https://www.suse.com/security/cve/CVE-2018-14036.html https://bugzilla.suse.com/1099699 https://bugzilla.suse.com/1139487 From sle-security-updates at lists.suse.com Fri Oct 25 10:16:47 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Oct 2019 18:16:47 +0200 (CEST) Subject: SUSE-SU-2019:2782-1: moderate: Security update for nfs-utils Message-ID: <20191025161647.7E451F798@maintenance.suse.de> SUSE Security Update: Security update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2782-1 Rating: moderate References: #1150733 Cross-References: CVE-2019-3689 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2782=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-10.4.1 nfs-client-debuginfo-2.1.1-10.4.1 nfs-doc-2.1.1-10.4.1 nfs-kernel-server-2.1.1-10.4.1 nfs-kernel-server-debuginfo-2.1.1-10.4.1 nfs-utils-debuginfo-2.1.1-10.4.1 nfs-utils-debugsource-2.1.1-10.4.1 References: https://www.suse.com/security/cve/CVE-2019-3689.html https://bugzilla.suse.com/1150733 From sle-security-updates at lists.suse.com Fri Oct 25 10:17:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Oct 2019 18:17:38 +0200 (CEST) Subject: SUSE-SU-2019:14201-1: important: Security update for xen Message-ID: <20191025161738.BC071F798@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14201-1 Rating: important References: #1047675 #1126140 #1126141 #1126192 #1126195 #1126196 #1130680 #1135905 #1143797 #1145652 #1146874 #1149813 Cross-References: CVE-2017-10806 CVE-2018-20815 CVE-2019-12067 CVE-2019-12068 CVE-2019-12155 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). - CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652). - CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which could have led to denial of service (bsc#1135905). - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - CVE-2017-10806: Fixed a stack buffer overflow in debug logging (bsc#1047675). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-14201=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-14201=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.33.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.33.1 xen-libs-4.2.5_21-45.33.1 xen-tools-domU-4.2.5_21-45.33.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_21-45.33.1 xen-debugsource-4.2.5_21-45.33.1 References: https://www.suse.com/security/cve/CVE-2017-10806.html https://www.suse.com/security/cve/CVE-2018-20815.html https://www.suse.com/security/cve/CVE-2019-12067.html https://www.suse.com/security/cve/CVE-2019-12068.html https://www.suse.com/security/cve/CVE-2019-12155.html https://www.suse.com/security/cve/CVE-2019-14378.html https://www.suse.com/security/cve/CVE-2019-15890.html https://www.suse.com/security/cve/CVE-2019-17340.html https://www.suse.com/security/cve/CVE-2019-17341.html https://www.suse.com/security/cve/CVE-2019-17342.html https://www.suse.com/security/cve/CVE-2019-17343.html https://www.suse.com/security/cve/CVE-2019-17344.html https://bugzilla.suse.com/1047675 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1130680 https://bugzilla.suse.com/1135905 https://bugzilla.suse.com/1143797 https://bugzilla.suse.com/1145652 https://bugzilla.suse.com/1146874 https://bugzilla.suse.com/1149813 From sle-security-updates at lists.suse.com Fri Oct 25 10:19:51 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Oct 2019 18:19:51 +0200 (CEST) Subject: SUSE-SU-2019:2783-1: important: Security update for xen Message-ID: <20191025161951.10D8EF798@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2783-1 Rating: important References: #1126140 #1126141 #1126192 #1126195 #1126196 #1126198 #1126201 #1127400 #1143797 #1146874 #1149813 Cross-References: CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2783=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2783=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2783=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2783=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2783=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_06-43.54.2 xen-debugsource-4.7.6_06-43.54.2 xen-doc-html-4.7.6_06-43.54.2 xen-libs-32bit-4.7.6_06-43.54.2 xen-libs-4.7.6_06-43.54.2 xen-libs-debuginfo-32bit-4.7.6_06-43.54.2 xen-libs-debuginfo-4.7.6_06-43.54.2 xen-tools-4.7.6_06-43.54.2 xen-tools-debuginfo-4.7.6_06-43.54.2 xen-tools-domU-4.7.6_06-43.54.2 xen-tools-domU-debuginfo-4.7.6_06-43.54.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.6_06-43.54.2 xen-debugsource-4.7.6_06-43.54.2 xen-doc-html-4.7.6_06-43.54.2 xen-libs-32bit-4.7.6_06-43.54.2 xen-libs-4.7.6_06-43.54.2 xen-libs-debuginfo-32bit-4.7.6_06-43.54.2 xen-libs-debuginfo-4.7.6_06-43.54.2 xen-tools-4.7.6_06-43.54.2 xen-tools-debuginfo-4.7.6_06-43.54.2 xen-tools-domU-4.7.6_06-43.54.2 xen-tools-domU-debuginfo-4.7.6_06-43.54.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.6_06-43.54.2 xen-debugsource-4.7.6_06-43.54.2 xen-doc-html-4.7.6_06-43.54.2 xen-libs-32bit-4.7.6_06-43.54.2 xen-libs-4.7.6_06-43.54.2 xen-libs-debuginfo-32bit-4.7.6_06-43.54.2 xen-libs-debuginfo-4.7.6_06-43.54.2 xen-tools-4.7.6_06-43.54.2 xen-tools-debuginfo-4.7.6_06-43.54.2 xen-tools-domU-4.7.6_06-43.54.2 xen-tools-domU-debuginfo-4.7.6_06-43.54.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_06-43.54.2 xen-debugsource-4.7.6_06-43.54.2 xen-doc-html-4.7.6_06-43.54.2 xen-libs-32bit-4.7.6_06-43.54.2 xen-libs-4.7.6_06-43.54.2 xen-libs-debuginfo-32bit-4.7.6_06-43.54.2 xen-libs-debuginfo-4.7.6_06-43.54.2 xen-tools-4.7.6_06-43.54.2 xen-tools-debuginfo-4.7.6_06-43.54.2 xen-tools-domU-4.7.6_06-43.54.2 xen-tools-domU-debuginfo-4.7.6_06-43.54.2 - SUSE Enterprise Storage 4 (x86_64): xen-4.7.6_06-43.54.2 xen-debugsource-4.7.6_06-43.54.2 xen-doc-html-4.7.6_06-43.54.2 xen-libs-32bit-4.7.6_06-43.54.2 xen-libs-4.7.6_06-43.54.2 xen-libs-debuginfo-32bit-4.7.6_06-43.54.2 xen-libs-debuginfo-4.7.6_06-43.54.2 xen-tools-4.7.6_06-43.54.2 xen-tools-debuginfo-4.7.6_06-43.54.2 xen-tools-domU-4.7.6_06-43.54.2 xen-tools-domU-debuginfo-4.7.6_06-43.54.2 References: https://www.suse.com/security/cve/CVE-2019-12068.html https://www.suse.com/security/cve/CVE-2019-14378.html https://www.suse.com/security/cve/CVE-2019-15890.html https://www.suse.com/security/cve/CVE-2019-17340.html https://www.suse.com/security/cve/CVE-2019-17341.html https://www.suse.com/security/cve/CVE-2019-17342.html https://www.suse.com/security/cve/CVE-2019-17343.html https://www.suse.com/security/cve/CVE-2019-17344.html https://www.suse.com/security/cve/CVE-2019-17346.html https://www.suse.com/security/cve/CVE-2019-17347.html https://www.suse.com/security/cve/CVE-2019-17348.html https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126198 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1127400 https://bugzilla.suse.com/1143797 https://bugzilla.suse.com/1146874 https://bugzilla.suse.com/1149813 From sle-security-updates at lists.suse.com Fri Oct 25 10:21:59 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Oct 2019 18:21:59 +0200 (CEST) Subject: SUSE-SU-2019:2785-1: moderate: Security update for ImageMagick Message-ID: <20191025162159.03835F798@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2785-1 Rating: moderate References: #1146068 #1146211 #1146212 #1146213 #1151781 #1151782 #1151783 #1151784 #1151785 #1151786 Cross-References: CVE-2019-14980 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16712 CVE-2019-16713 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-15139: Fixed a denial-of-service vulnerability in ReadXWDImage. (bsc#1146213) - CVE-2019-15140: Fixed a use-after-free bug in the Matlab image parser. (bsc#1146212) - CVE-2019-15141: Fixed a divide-by-zero vulnerability in the MeanShiftImage function. (bsc#1146211) - CVE-2019-14980: Fixed an application crash resulting from a heap-based buffer over-read in WriteTIFFImage. (bsc#1146068) - CVE-2019-16708: Fixed a memory leak in magick/xwindow.c (bsc#1151781). - CVE-2019-16709: Fixed a memory leak in coders/dps.c (bsc#1151782). - CVE-2019-16710: Fixed a memory leak in coders/dot.c (bsc#1151783). - CVE-2019-16711: Fixed a memory leak in Huffman2DEncodeImage in coders/ps2.c (bsc#1151784). - CVE-2019-16712: Fixed a memory leak in Huffman2DEncodeImage in coders/ps3.c (bsc#1151785). - CVE-2019-16713: Fixed a memory leak in coders/dot.c (bsc#1151786). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2785=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2785=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2785=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2785=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): ImageMagick-6.8.8.1-71.131.1 ImageMagick-config-6-SUSE-6.8.8.1-71.131.1 ImageMagick-config-6-upstream-6.8.8.1-71.131.1 ImageMagick-debuginfo-6.8.8.1-71.131.1 ImageMagick-debugsource-6.8.8.1-71.131.1 libMagick++-6_Q16-3-6.8.8.1-71.131.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.131.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.131.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.131.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.131.1 ImageMagick-debuginfo-6.8.8.1-71.131.1 ImageMagick-debugsource-6.8.8.1-71.131.1 ImageMagick-devel-6.8.8.1-71.131.1 libMagick++-6_Q16-3-6.8.8.1-71.131.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.131.1 libMagick++-devel-6.8.8.1-71.131.1 perl-PerlMagick-6.8.8.1-71.131.1 perl-PerlMagick-debuginfo-6.8.8.1-71.131.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.131.1 ImageMagick-config-6-upstream-6.8.8.1-71.131.1 ImageMagick-debuginfo-6.8.8.1-71.131.1 ImageMagick-debugsource-6.8.8.1-71.131.1 libMagickCore-6_Q16-1-6.8.8.1-71.131.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.131.1 libMagickWand-6_Q16-1-6.8.8.1-71.131.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.131.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ImageMagick-6.8.8.1-71.131.1 ImageMagick-config-6-SUSE-6.8.8.1-71.131.1 ImageMagick-config-6-upstream-6.8.8.1-71.131.1 ImageMagick-debuginfo-6.8.8.1-71.131.1 ImageMagick-debugsource-6.8.8.1-71.131.1 libMagick++-6_Q16-3-6.8.8.1-71.131.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.131.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.131.1 libMagickCore-6_Q16-1-6.8.8.1-71.131.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.131.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.131.1 libMagickWand-6_Q16-1-6.8.8.1-71.131.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.131.1 References: https://www.suse.com/security/cve/CVE-2019-14980.html https://www.suse.com/security/cve/CVE-2019-15139.html https://www.suse.com/security/cve/CVE-2019-15140.html https://www.suse.com/security/cve/CVE-2019-15141.html https://www.suse.com/security/cve/CVE-2019-16708.html https://www.suse.com/security/cve/CVE-2019-16709.html https://www.suse.com/security/cve/CVE-2019-16710.html https://www.suse.com/security/cve/CVE-2019-16711.html https://www.suse.com/security/cve/CVE-2019-16712.html https://www.suse.com/security/cve/CVE-2019-16713.html https://bugzilla.suse.com/1146068 https://bugzilla.suse.com/1146211 https://bugzilla.suse.com/1146212 https://bugzilla.suse.com/1146213 https://bugzilla.suse.com/1151781 https://bugzilla.suse.com/1151782 https://bugzilla.suse.com/1151783 https://bugzilla.suse.com/1151784 https://bugzilla.suse.com/1151785 https://bugzilla.suse.com/1151786 From sle-security-updates at lists.suse.com Fri Oct 25 10:13:08 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Oct 2019 18:13:08 +0200 (CEST) Subject: SUSE-SU-2019:2780-1: moderate: Security update for binutils Message-ID: <20191025161308.31FAEF7BE@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2780-1 Rating: moderate References: #1109412 #1109413 #1109414 #1111996 #1112534 #1112535 #1113247 #1113252 #1113255 #1116827 #1118644 #1118830 #1118831 #1120640 #1121034 #1121035 #1121056 #1133131 #1133232 #1141913 #1142772 #1152590 #1154016 #1154025 Cross-References: CVE-2018-1000876 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2019-1010180 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 28 vulnerabilities is now available. Description: This update for binutils fixes the following issues: binutils was updated to current 2.32 branch [jsc#ECO-368]. Includes following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO build issues (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section - Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016). - Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590). Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Fix broken debug symbols (bsc#1118644) - Handle ELF compressed header alignment correctly. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2780=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2780=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2780=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2780=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.32-6.8.1 binutils-debugsource-2.32-6.8.1 binutils-gold-2.32-6.8.1 binutils-gold-debuginfo-2.32-6.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.32-6.8.1 binutils-debugsource-2.32-6.8.1 binutils-gold-2.32-6.8.1 binutils-gold-debuginfo-2.32-6.8.1 cross-arm-binutils-2.32-6.8.1 cross-arm-binutils-debuginfo-2.32-6.8.1 cross-arm-binutils-debugsource-2.32-6.8.1 cross-avr-binutils-2.32-6.8.1 cross-avr-binutils-debuginfo-2.32-6.8.1 cross-avr-binutils-debugsource-2.32-6.8.1 cross-epiphany-binutils-2.32-6.8.1 cross-epiphany-binutils-debuginfo-2.32-6.8.1 cross-epiphany-binutils-debugsource-2.32-6.8.1 cross-hppa-binutils-2.32-6.8.1 cross-hppa-binutils-debuginfo-2.32-6.8.1 cross-hppa-binutils-debugsource-2.32-6.8.1 cross-hppa64-binutils-2.32-6.8.1 cross-hppa64-binutils-debuginfo-2.32-6.8.1 cross-hppa64-binutils-debugsource-2.32-6.8.1 cross-i386-binutils-2.32-6.8.1 cross-i386-binutils-debuginfo-2.32-6.8.1 cross-i386-binutils-debugsource-2.32-6.8.1 cross-ia64-binutils-2.32-6.8.1 cross-ia64-binutils-debuginfo-2.32-6.8.1 cross-ia64-binutils-debugsource-2.32-6.8.1 cross-m68k-binutils-2.32-6.8.1 cross-m68k-binutils-debuginfo-2.32-6.8.1 cross-m68k-binutils-debugsource-2.32-6.8.1 cross-mips-binutils-2.32-6.8.1 cross-mips-binutils-debuginfo-2.32-6.8.1 cross-mips-binutils-debugsource-2.32-6.8.1 cross-ppc-binutils-2.32-6.8.1 cross-ppc-binutils-debuginfo-2.32-6.8.1 cross-ppc-binutils-debugsource-2.32-6.8.1 cross-ppc64-binutils-2.32-6.8.1 cross-ppc64-binutils-debuginfo-2.32-6.8.1 cross-ppc64-binutils-debugsource-2.32-6.8.1 cross-riscv64-binutils-2.32-6.8.1 cross-riscv64-binutils-debuginfo-2.32-6.8.1 cross-riscv64-binutils-debugsource-2.32-6.8.1 cross-rx-binutils-2.32-6.8.1 cross-rx-binutils-debuginfo-2.32-6.8.1 cross-rx-binutils-debugsource-2.32-6.8.1 cross-s390-binutils-2.32-6.8.1 cross-s390-binutils-debuginfo-2.32-6.8.1 cross-s390-binutils-debugsource-2.32-6.8.1 cross-sparc-binutils-2.32-6.8.1 cross-sparc-binutils-debuginfo-2.32-6.8.1 cross-sparc-binutils-debugsource-2.32-6.8.1 cross-sparc64-binutils-2.32-6.8.1 cross-sparc64-binutils-debuginfo-2.32-6.8.1 cross-sparc64-binutils-debugsource-2.32-6.8.1 cross-spu-binutils-2.32-6.8.1 cross-spu-binutils-debuginfo-2.32-6.8.1 cross-spu-binutils-debugsource-2.32-6.8.1 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): binutils-debugsource-2.32-6.8.1 binutils-devel-32bit-2.32-6.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): binutils-2.32-6.8.1 binutils-debuginfo-2.32-6.8.1 binutils-debugsource-2.32-6.8.1 binutils-devel-2.32-6.8.1 References: https://www.suse.com/security/cve/CVE-2018-1000876.html https://www.suse.com/security/cve/CVE-2018-17358.html https://www.suse.com/security/cve/CVE-2018-17359.html https://www.suse.com/security/cve/CVE-2018-17360.html https://www.suse.com/security/cve/CVE-2018-17985.html https://www.suse.com/security/cve/CVE-2018-18309.html https://www.suse.com/security/cve/CVE-2018-18483.html https://www.suse.com/security/cve/CVE-2018-18484.html https://www.suse.com/security/cve/CVE-2018-18605.html https://www.suse.com/security/cve/CVE-2018-18606.html https://www.suse.com/security/cve/CVE-2018-18607.html https://www.suse.com/security/cve/CVE-2018-19931.html https://www.suse.com/security/cve/CVE-2018-19932.html https://www.suse.com/security/cve/CVE-2018-20623.html https://www.suse.com/security/cve/CVE-2018-20651.html https://www.suse.com/security/cve/CVE-2018-20671.html https://www.suse.com/security/cve/CVE-2018-6323.html https://www.suse.com/security/cve/CVE-2018-6543.html https://www.suse.com/security/cve/CVE-2018-6759.html https://www.suse.com/security/cve/CVE-2018-6872.html https://www.suse.com/security/cve/CVE-2018-7208.html https://www.suse.com/security/cve/CVE-2018-7568.html https://www.suse.com/security/cve/CVE-2018-7569.html https://www.suse.com/security/cve/CVE-2018-7570.html https://www.suse.com/security/cve/CVE-2018-7642.html https://www.suse.com/security/cve/CVE-2018-7643.html https://www.suse.com/security/cve/CVE-2018-8945.html https://www.suse.com/security/cve/CVE-2019-1010180.html https://bugzilla.suse.com/1109412 https://bugzilla.suse.com/1109413 https://bugzilla.suse.com/1109414 https://bugzilla.suse.com/1111996 https://bugzilla.suse.com/1112534 https://bugzilla.suse.com/1112535 https://bugzilla.suse.com/1113247 https://bugzilla.suse.com/1113252 https://bugzilla.suse.com/1113255 https://bugzilla.suse.com/1116827 https://bugzilla.suse.com/1118644 https://bugzilla.suse.com/1118830 https://bugzilla.suse.com/1118831 https://bugzilla.suse.com/1120640 https://bugzilla.suse.com/1121034 https://bugzilla.suse.com/1121035 https://bugzilla.suse.com/1121056 https://bugzilla.suse.com/1133131 https://bugzilla.suse.com/1133232 https://bugzilla.suse.com/1141913 https://bugzilla.suse.com/1142772 https://bugzilla.suse.com/1152590 https://bugzilla.suse.com/1154016 https://bugzilla.suse.com/1154025 From sle-security-updates at lists.suse.com Fri Oct 25 10:24:00 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Oct 2019 18:24:00 +0200 (CEST) Subject: SUSE-SU-2019:2781-1: moderate: Security update for nfs-utils Message-ID: <20191025162400.990B2F798@maintenance.suse.de> SUSE Security Update: Security update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2781-1 Rating: moderate References: #1150733 Cross-References: CVE-2019-3689 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2781=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2781=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2781=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2781=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2781=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2781=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2781=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2781=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2781=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2781=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2781=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2781=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2781=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2781=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2781=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2781=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE OpenStack Cloud 8 (x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE OpenStack Cloud 7 (s390x x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE Enterprise Storage 4 (x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - SUSE CaaS Platform 3.0 (x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 - HPE Helion Openstack 8 (x86_64): nfs-client-1.3.0-34.22.1 nfs-client-debuginfo-1.3.0-34.22.1 nfs-doc-1.3.0-34.22.1 nfs-kernel-server-1.3.0-34.22.1 nfs-kernel-server-debuginfo-1.3.0-34.22.1 nfs-utils-debugsource-1.3.0-34.22.1 References: https://www.suse.com/security/cve/CVE-2019-3689.html https://bugzilla.suse.com/1150733 From sle-security-updates at lists.suse.com Fri Oct 25 13:11:45 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Oct 2019 21:11:45 +0200 (CEST) Subject: SUSE-SU-2019:2787-1: moderate: Security update for docker-runc Message-ID: <20191025191145.5657AF798@maintenance.suse.de> SUSE Security Update: Security update for docker-runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2787-1 Rating: moderate References: #1152308 Cross-References: CVE-2019-16884 Affected Products: SUSE Linux Enterprise Module for Containers 12 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for docker-runc fixes the following issues: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-2787=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): docker-runc-1.0.0rc8+gitr3826_425e105d5a03-1.32.1 - SUSE CaaS Platform 3.0 (x86_64): docker-runc-kubic-1.0.0rc8+gitr3826_425e105d5a03-1.32.1 docker-runc-kubic-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-1.32.1 References: https://www.suse.com/security/cve/CVE-2019-16884.html https://bugzilla.suse.com/1152308 From sle-security-updates at lists.suse.com Fri Oct 25 13:12:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Oct 2019 21:12:31 +0200 (CEST) Subject: SUSE-SU-2019:2786-1: moderate: Security update for docker-runc Message-ID: <20191025191231.26803F798@maintenance.suse.de> SUSE Security Update: Security update for docker-runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2786-1 Rating: moderate References: #1152308 Cross-References: CVE-2019-16884 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Containers 15-SP1 SUSE Linux Enterprise Module for Containers 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for docker-runc fixes the following issues: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2786=1 - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2019-2786=1 - SUSE Linux Enterprise Module for Containers 15: zypper in -t patch SUSE-SLE-Module-Containers-15-2019-2786=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): docker-runc-kubic-1.0.0rc8+gitr3826_425e105d5a03-6.24.1 docker-runc-kubic-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-6.24.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): docker-runc-1.0.0rc8+gitr3826_425e105d5a03-6.24.1 docker-runc-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-6.24.1 - SUSE Linux Enterprise Module for Containers 15 (ppc64le s390x x86_64): docker-runc-1.0.0rc8+gitr3826_425e105d5a03-6.24.1 docker-runc-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-6.24.1 References: https://www.suse.com/security/cve/CVE-2019-16884.html https://bugzilla.suse.com/1152308 From sle-security-updates at lists.suse.com Mon Oct 28 14:14:37 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 28 Oct 2019 21:14:37 +0100 (CET) Subject: SUSE-SU-2019:2798-1: moderate: Security update for python3 Message-ID: <20191028201437.7DF6FF798@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2798-1 Rating: moderate References: #1141853 #1149955 Cross-References: CVE-2018-20852 CVE-2019-16056 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python3 fixes the following issues: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2018-20852: Fixed an incorrect domain validation that could lead to cookies being sent to the wrong server. (bsc#1141853) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2798=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2798=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2798=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2798=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-2798=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2798=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.34.2 python3-base-debugsource-3.4.6-25.34.2 python3-dbm-3.4.6-25.34.2 python3-dbm-debuginfo-3.4.6-25.34.2 python3-debuginfo-3.4.6-25.34.2 python3-debugsource-3.4.6-25.34.2 python3-devel-3.4.6-25.34.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.34.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.34.2 python3-base-debugsource-3.4.6-25.34.2 python3-dbm-3.4.6-25.34.2 python3-dbm-debuginfo-3.4.6-25.34.2 python3-debuginfo-3.4.6-25.34.2 python3-debugsource-3.4.6-25.34.2 python3-devel-3.4.6-25.34.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.34.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.34.2 libpython3_4m1_0-debuginfo-3.4.6-25.34.2 python3-3.4.6-25.34.2 python3-base-3.4.6-25.34.2 python3-base-debuginfo-3.4.6-25.34.2 python3-base-debugsource-3.4.6-25.34.2 python3-curses-3.4.6-25.34.2 python3-curses-debuginfo-3.4.6-25.34.2 python3-debuginfo-3.4.6-25.34.2 python3-debugsource-3.4.6-25.34.2 python3-tk-3.4.6-25.34.2 python3-tk-debuginfo-3.4.6-25.34.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_4m1_0-32bit-3.4.6-25.34.2 libpython3_4m1_0-debuginfo-32bit-3.4.6-25.34.2 python3-base-debuginfo-32bit-3.4.6-25.34.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.34.2 libpython3_4m1_0-debuginfo-3.4.6-25.34.2 python3-3.4.6-25.34.2 python3-base-3.4.6-25.34.2 python3-base-debuginfo-3.4.6-25.34.2 python3-base-debugsource-3.4.6-25.34.2 python3-curses-3.4.6-25.34.2 python3-curses-debuginfo-3.4.6-25.34.2 python3-debuginfo-3.4.6-25.34.2 python3-debugsource-3.4.6-25.34.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.34.2 libpython3_4m1_0-debuginfo-3.4.6-25.34.2 python3-3.4.6-25.34.2 python3-base-3.4.6-25.34.2 python3-base-debuginfo-3.4.6-25.34.2 python3-base-debugsource-3.4.6-25.34.2 python3-debuginfo-3.4.6-25.34.2 python3-debugsource-3.4.6-25.34.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython3_4m1_0-3.4.6-25.34.2 libpython3_4m1_0-debuginfo-3.4.6-25.34.2 python3-3.4.6-25.34.2 python3-base-3.4.6-25.34.2 python3-base-debuginfo-3.4.6-25.34.2 python3-base-debugsource-3.4.6-25.34.2 python3-curses-3.4.6-25.34.2 python3-curses-debuginfo-3.4.6-25.34.2 python3-debuginfo-3.4.6-25.34.2 python3-debugsource-3.4.6-25.34.2 References: https://www.suse.com/security/cve/CVE-2018-20852.html https://www.suse.com/security/cve/CVE-2019-16056.html https://bugzilla.suse.com/1141853 https://bugzilla.suse.com/1149955 From sle-security-updates at lists.suse.com Tue Oct 29 08:14:24 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 29 Oct 2019 15:14:24 +0100 (CET) Subject: SUSE-SU-2019:2802-1: moderate: Security update for python3 Message-ID: <20191029141424.76902F798@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2802-1 Rating: moderate References: #1149121 #1149792 #1149955 #1151490 #1153238 Cross-References: CVE-2019-16056 CVE-2019-16935 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Non-security issues fixed: - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490) - Improved locale handling by implementing PEP 538. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2802=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2802=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2802=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2802=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2802=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2802=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.9-3.39.1 python3-base-debugsource-3.6.9-3.39.1 python3-testsuite-3.6.9-3.39.1 python3-testsuite-debuginfo-3.6.9-3.39.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python3-doc-3.6.9-3.39.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libpython3_6m1_0-32bit-3.6.9-3.39.1 libpython3_6m1_0-32bit-debuginfo-3.6.9-3.39.1 python3-32bit-3.6.9-3.39.1 python3-32bit-debuginfo-3.6.9-3.39.1 python3-base-32bit-3.6.9-3.39.1 python3-base-32bit-debuginfo-3.6.9-3.39.1 python3-debugsource-3.6.9-3.39.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.9-3.39.1 python3-base-debugsource-3.6.9-3.39.1 python3-testsuite-3.6.9-3.39.1 python3-testsuite-debuginfo-3.6.9-3.39.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (x86_64): libpython3_6m1_0-32bit-3.6.9-3.39.1 python3-32bit-3.6.9-3.39.1 python3-base-32bit-3.6.9-3.39.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python3-doc-3.6.9-3.39.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.9-3.39.1 python3-base-debugsource-3.6.9-3.39.1 python3-tools-3.6.9-3.39.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.9-3.39.1 python3-base-debugsource-3.6.9-3.39.1 python3-tools-3.6.9-3.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.9-3.39.1 libpython3_6m1_0-debuginfo-3.6.9-3.39.1 python3-3.6.9-3.39.1 python3-base-3.6.9-3.39.1 python3-base-debuginfo-3.6.9-3.39.1 python3-base-debugsource-3.6.9-3.39.1 python3-curses-3.6.9-3.39.1 python3-curses-debuginfo-3.6.9-3.39.1 python3-dbm-3.6.9-3.39.1 python3-dbm-debuginfo-3.6.9-3.39.1 python3-debuginfo-3.6.9-3.39.1 python3-debugsource-3.6.9-3.39.1 python3-devel-3.6.9-3.39.1 python3-devel-debuginfo-3.6.9-3.39.1 python3-idle-3.6.9-3.39.1 python3-tk-3.6.9-3.39.1 python3-tk-debuginfo-3.6.9-3.39.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.9-3.39.1 libpython3_6m1_0-debuginfo-3.6.9-3.39.1 python3-3.6.9-3.39.1 python3-base-3.6.9-3.39.1 python3-base-debuginfo-3.6.9-3.39.1 python3-base-debugsource-3.6.9-3.39.1 python3-curses-3.6.9-3.39.1 python3-curses-debuginfo-3.6.9-3.39.1 python3-dbm-3.6.9-3.39.1 python3-dbm-debuginfo-3.6.9-3.39.1 python3-debuginfo-3.6.9-3.39.1 python3-debugsource-3.6.9-3.39.1 python3-devel-3.6.9-3.39.1 python3-devel-debuginfo-3.6.9-3.39.1 python3-idle-3.6.9-3.39.1 python3-tk-3.6.9-3.39.1 python3-tk-debuginfo-3.6.9-3.39.1 References: https://www.suse.com/security/cve/CVE-2019-16056.html https://www.suse.com/security/cve/CVE-2019-16935.html https://bugzilla.suse.com/1149121 https://bugzilla.suse.com/1149792 https://bugzilla.suse.com/1149955 https://bugzilla.suse.com/1151490 https://bugzilla.suse.com/1153238 From sle-security-updates at lists.suse.com Tue Oct 29 08:17:07 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 29 Oct 2019 15:17:07 +0100 (CET) Subject: SUSE-SU-2019:2803-1: moderate: Security update for graphite-web Message-ID: <20191029141707.07529F798@maintenance.suse.de> SUSE Security Update: Security update for graphite-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2803-1 Rating: moderate References: #1154007 Cross-References: CVE-2017-18638 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphite-web fixes the following issues: - CVE-2017-18638: Fixed an SSRF vulnerability in send_email (bsc#1154007). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2803=1 Package List: - SUSE Enterprise Storage 4 (noarch): graphite-web-0.9.12-5.3.1 References: https://www.suse.com/security/cve/CVE-2017-18638.html https://bugzilla.suse.com/1154007 From sle-security-updates at lists.suse.com Tue Oct 29 08:19:21 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 29 Oct 2019 15:19:21 +0100 (CET) Subject: SUSE-SU-2019:14202-1: important: Security update for samba Message-ID: <20191029141921.6D45AF798@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14202-1 Rating: important References: #1144902 Cross-References: CVE-2019-10218 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-samba-14202=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-samba-14202=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-14202=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-14202=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): ldapsmb-1.34b-94.23.1 libldb1-3.6.3-94.23.1 libsmbclient0-3.6.3-94.23.1 libtalloc2-3.6.3-94.23.1 libtdb1-3.6.3-94.23.1 libtevent0-3.6.3-94.23.1 libwbclient0-3.6.3-94.23.1 samba-3.6.3-94.23.1 samba-client-3.6.3-94.23.1 samba-krb-printing-3.6.3-94.23.1 samba-winbind-3.6.3-94.23.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-94.23.1 libtalloc2-32bit-3.6.3-94.23.1 libtdb1-32bit-3.6.3-94.23.1 libtevent0-32bit-3.6.3-94.23.1 libwbclient0-32bit-3.6.3-94.23.1 samba-32bit-3.6.3-94.23.1 samba-client-32bit-3.6.3-94.23.1 samba-winbind-32bit-3.6.3-94.23.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): samba-doc-3.6.3-94.23.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): samba-doc-3.6.3-94.23.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ldapsmb-1.34b-94.23.1 libldb1-3.6.3-94.23.1 libsmbclient0-3.6.3-94.23.1 libtalloc2-3.6.3-94.23.1 libtdb1-3.6.3-94.23.1 libtevent0-3.6.3-94.23.1 libwbclient0-3.6.3-94.23.1 samba-3.6.3-94.23.1 samba-client-3.6.3-94.23.1 samba-krb-printing-3.6.3-94.23.1 samba-winbind-3.6.3-94.23.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): samba-debuginfo-3.6.3-94.23.1 samba-debugsource-3.6.3-94.23.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-94.23.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): samba-debuginfo-3.6.3-94.23.1 samba-debugsource-3.6.3-94.23.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): samba-debuginfo-32bit-3.6.3-94.23.1 References: https://www.suse.com/security/cve/CVE-2019-10218.html https://bugzilla.suse.com/1144902 From sle-security-updates at lists.suse.com Tue Oct 29 11:23:00 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 29 Oct 2019 18:23:00 +0100 (CET) Subject: SUSE-SU-2019:2808-1: moderate: Security update for libtomcrypt Message-ID: <20191029172300.B7F46F798@maintenance.suse.de> SUSE Security Update: Security update for libtomcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2808-1 Rating: moderate References: #1153433 Cross-References: CVE-2019-17362 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtomcrypt fixes the following issue: CVE-2019-17362: Fixed an improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data (bsc#1153433). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2808=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2808=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libtomcrypt-debugsource-1.17-3.3.1 libtomcrypt-devel-1.17-3.3.1 libtomcrypt-examples-1.17-3.3.1 libtomcrypt0-1.17-3.3.1 libtomcrypt0-debuginfo-1.17-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libtomcrypt-debugsource-1.17-3.3.1 libtomcrypt-devel-1.17-3.3.1 libtomcrypt-examples-1.17-3.3.1 libtomcrypt0-1.17-3.3.1 libtomcrypt0-debuginfo-1.17-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-17362.html https://bugzilla.suse.com/1153433 From sle-security-updates at lists.suse.com Tue Oct 29 11:24:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 29 Oct 2019 18:24:38 +0100 (CET) Subject: SUSE-SU-2019:2810-1: moderate: Security update for runc Message-ID: <20191029172438.75B5EF798@maintenance.suse.de> SUSE Security Update: Security update for runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2810-1 Rating: moderate References: #1131314 #1131553 #1152308 Cross-References: CVE-2019-16884 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Containers 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for runc fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) Non-security issues fixed: - Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2810=1 - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2019-2810=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): runc-test-1.0.0~rc8-1.6.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): runc-1.0.0~rc8-1.6.1 runc-debuginfo-1.0.0~rc8-1.6.1 References: https://www.suse.com/security/cve/CVE-2019-16884.html https://bugzilla.suse.com/1131314 https://bugzilla.suse.com/1131553 https://bugzilla.suse.com/1152308 From sle-security-updates at lists.suse.com Tue Oct 29 11:14:09 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 29 Oct 2019 18:14:09 +0100 (CET) Subject: SUSE-SU-2019:2809-1: important: Security update for php7 Message-ID: <20191029171409.DC24EF798@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2809-1 Rating: important References: #1154999 Cross-References: CVE-2019-11043 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2809=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2809=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-2809=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.88.1 php7-debugsource-7.0.7-50.88.1 php7-devel-7.0.7-50.88.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.88.1 php7-debugsource-7.0.7-50.88.1 php7-devel-7.0.7-50.88.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.88.1 apache2-mod_php7-debuginfo-7.0.7-50.88.1 php7-7.0.7-50.88.1 php7-bcmath-7.0.7-50.88.1 php7-bcmath-debuginfo-7.0.7-50.88.1 php7-bz2-7.0.7-50.88.1 php7-bz2-debuginfo-7.0.7-50.88.1 php7-calendar-7.0.7-50.88.1 php7-calendar-debuginfo-7.0.7-50.88.1 php7-ctype-7.0.7-50.88.1 php7-ctype-debuginfo-7.0.7-50.88.1 php7-curl-7.0.7-50.88.1 php7-curl-debuginfo-7.0.7-50.88.1 php7-dba-7.0.7-50.88.1 php7-dba-debuginfo-7.0.7-50.88.1 php7-debuginfo-7.0.7-50.88.1 php7-debugsource-7.0.7-50.88.1 php7-dom-7.0.7-50.88.1 php7-dom-debuginfo-7.0.7-50.88.1 php7-enchant-7.0.7-50.88.1 php7-enchant-debuginfo-7.0.7-50.88.1 php7-exif-7.0.7-50.88.1 php7-exif-debuginfo-7.0.7-50.88.1 php7-fastcgi-7.0.7-50.88.1 php7-fastcgi-debuginfo-7.0.7-50.88.1 php7-fileinfo-7.0.7-50.88.1 php7-fileinfo-debuginfo-7.0.7-50.88.1 php7-fpm-7.0.7-50.88.1 php7-fpm-debuginfo-7.0.7-50.88.1 php7-ftp-7.0.7-50.88.1 php7-ftp-debuginfo-7.0.7-50.88.1 php7-gd-7.0.7-50.88.1 php7-gd-debuginfo-7.0.7-50.88.1 php7-gettext-7.0.7-50.88.1 php7-gettext-debuginfo-7.0.7-50.88.1 php7-gmp-7.0.7-50.88.1 php7-gmp-debuginfo-7.0.7-50.88.1 php7-iconv-7.0.7-50.88.1 php7-iconv-debuginfo-7.0.7-50.88.1 php7-imap-7.0.7-50.88.1 php7-imap-debuginfo-7.0.7-50.88.1 php7-intl-7.0.7-50.88.1 php7-intl-debuginfo-7.0.7-50.88.1 php7-json-7.0.7-50.88.1 php7-json-debuginfo-7.0.7-50.88.1 php7-ldap-7.0.7-50.88.1 php7-ldap-debuginfo-7.0.7-50.88.1 php7-mbstring-7.0.7-50.88.1 php7-mbstring-debuginfo-7.0.7-50.88.1 php7-mcrypt-7.0.7-50.88.1 php7-mcrypt-debuginfo-7.0.7-50.88.1 php7-mysql-7.0.7-50.88.1 php7-mysql-debuginfo-7.0.7-50.88.1 php7-odbc-7.0.7-50.88.1 php7-odbc-debuginfo-7.0.7-50.88.1 php7-opcache-7.0.7-50.88.1 php7-opcache-debuginfo-7.0.7-50.88.1 php7-openssl-7.0.7-50.88.1 php7-openssl-debuginfo-7.0.7-50.88.1 php7-pcntl-7.0.7-50.88.1 php7-pcntl-debuginfo-7.0.7-50.88.1 php7-pdo-7.0.7-50.88.1 php7-pdo-debuginfo-7.0.7-50.88.1 php7-pgsql-7.0.7-50.88.1 php7-pgsql-debuginfo-7.0.7-50.88.1 php7-phar-7.0.7-50.88.1 php7-phar-debuginfo-7.0.7-50.88.1 php7-posix-7.0.7-50.88.1 php7-posix-debuginfo-7.0.7-50.88.1 php7-pspell-7.0.7-50.88.1 php7-pspell-debuginfo-7.0.7-50.88.1 php7-shmop-7.0.7-50.88.1 php7-shmop-debuginfo-7.0.7-50.88.1 php7-snmp-7.0.7-50.88.1 php7-snmp-debuginfo-7.0.7-50.88.1 php7-soap-7.0.7-50.88.1 php7-soap-debuginfo-7.0.7-50.88.1 php7-sockets-7.0.7-50.88.1 php7-sockets-debuginfo-7.0.7-50.88.1 php7-sqlite-7.0.7-50.88.1 php7-sqlite-debuginfo-7.0.7-50.88.1 php7-sysvmsg-7.0.7-50.88.1 php7-sysvmsg-debuginfo-7.0.7-50.88.1 php7-sysvsem-7.0.7-50.88.1 php7-sysvsem-debuginfo-7.0.7-50.88.1 php7-sysvshm-7.0.7-50.88.1 php7-sysvshm-debuginfo-7.0.7-50.88.1 php7-tokenizer-7.0.7-50.88.1 php7-tokenizer-debuginfo-7.0.7-50.88.1 php7-wddx-7.0.7-50.88.1 php7-wddx-debuginfo-7.0.7-50.88.1 php7-xmlreader-7.0.7-50.88.1 php7-xmlreader-debuginfo-7.0.7-50.88.1 php7-xmlrpc-7.0.7-50.88.1 php7-xmlrpc-debuginfo-7.0.7-50.88.1 php7-xmlwriter-7.0.7-50.88.1 php7-xmlwriter-debuginfo-7.0.7-50.88.1 php7-xsl-7.0.7-50.88.1 php7-xsl-debuginfo-7.0.7-50.88.1 php7-zip-7.0.7-50.88.1 php7-zip-debuginfo-7.0.7-50.88.1 php7-zlib-7.0.7-50.88.1 php7-zlib-debuginfo-7.0.7-50.88.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.88.1 php7-pear-Archive_Tar-7.0.7-50.88.1 References: https://www.suse.com/security/cve/CVE-2019-11043.html https://bugzilla.suse.com/1154999 From sle-security-updates at lists.suse.com Wed Oct 30 08:11:56 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 Oct 2019 15:11:56 +0100 (CET) Subject: SUSE-SU-2019:2819-1: important: Security update for php7 Message-ID: <20191030141156.155AFF798@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2819-1 Rating: important References: #1154999 Cross-References: CVE-2019-11043 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2819=1 - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-2819=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2819=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2819=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2819=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.46.1 apache2-mod_php7-debuginfo-7.2.5-4.46.1 php7-7.2.5-4.46.1 php7-bcmath-7.2.5-4.46.1 php7-bcmath-debuginfo-7.2.5-4.46.1 php7-bz2-7.2.5-4.46.1 php7-bz2-debuginfo-7.2.5-4.46.1 php7-calendar-7.2.5-4.46.1 php7-calendar-debuginfo-7.2.5-4.46.1 php7-ctype-7.2.5-4.46.1 php7-ctype-debuginfo-7.2.5-4.46.1 php7-curl-7.2.5-4.46.1 php7-curl-debuginfo-7.2.5-4.46.1 php7-dba-7.2.5-4.46.1 php7-dba-debuginfo-7.2.5-4.46.1 php7-debuginfo-7.2.5-4.46.1 php7-debugsource-7.2.5-4.46.1 php7-devel-7.2.5-4.46.1 php7-dom-7.2.5-4.46.1 php7-dom-debuginfo-7.2.5-4.46.1 php7-enchant-7.2.5-4.46.1 php7-enchant-debuginfo-7.2.5-4.46.1 php7-exif-7.2.5-4.46.1 php7-exif-debuginfo-7.2.5-4.46.1 php7-fastcgi-7.2.5-4.46.1 php7-fastcgi-debuginfo-7.2.5-4.46.1 php7-fileinfo-7.2.5-4.46.1 php7-fileinfo-debuginfo-7.2.5-4.46.1 php7-fpm-7.2.5-4.46.1 php7-fpm-debuginfo-7.2.5-4.46.1 php7-ftp-7.2.5-4.46.1 php7-ftp-debuginfo-7.2.5-4.46.1 php7-gd-7.2.5-4.46.1 php7-gd-debuginfo-7.2.5-4.46.1 php7-gettext-7.2.5-4.46.1 php7-gettext-debuginfo-7.2.5-4.46.1 php7-gmp-7.2.5-4.46.1 php7-gmp-debuginfo-7.2.5-4.46.1 php7-iconv-7.2.5-4.46.1 php7-iconv-debuginfo-7.2.5-4.46.1 php7-intl-7.2.5-4.46.1 php7-intl-debuginfo-7.2.5-4.46.1 php7-json-7.2.5-4.46.1 php7-json-debuginfo-7.2.5-4.46.1 php7-ldap-7.2.5-4.46.1 php7-ldap-debuginfo-7.2.5-4.46.1 php7-mbstring-7.2.5-4.46.1 php7-mbstring-debuginfo-7.2.5-4.46.1 php7-mysql-7.2.5-4.46.1 php7-mysql-debuginfo-7.2.5-4.46.1 php7-odbc-7.2.5-4.46.1 php7-odbc-debuginfo-7.2.5-4.46.1 php7-opcache-7.2.5-4.46.1 php7-opcache-debuginfo-7.2.5-4.46.1 php7-openssl-7.2.5-4.46.1 php7-openssl-debuginfo-7.2.5-4.46.1 php7-pcntl-7.2.5-4.46.1 php7-pcntl-debuginfo-7.2.5-4.46.1 php7-pdo-7.2.5-4.46.1 php7-pdo-debuginfo-7.2.5-4.46.1 php7-pgsql-7.2.5-4.46.1 php7-pgsql-debuginfo-7.2.5-4.46.1 php7-phar-7.2.5-4.46.1 php7-phar-debuginfo-7.2.5-4.46.1 php7-posix-7.2.5-4.46.1 php7-posix-debuginfo-7.2.5-4.46.1 php7-shmop-7.2.5-4.46.1 php7-shmop-debuginfo-7.2.5-4.46.1 php7-snmp-7.2.5-4.46.1 php7-snmp-debuginfo-7.2.5-4.46.1 php7-soap-7.2.5-4.46.1 php7-soap-debuginfo-7.2.5-4.46.1 php7-sockets-7.2.5-4.46.1 php7-sockets-debuginfo-7.2.5-4.46.1 php7-sqlite-7.2.5-4.46.1 php7-sqlite-debuginfo-7.2.5-4.46.1 php7-sysvmsg-7.2.5-4.46.1 php7-sysvmsg-debuginfo-7.2.5-4.46.1 php7-sysvsem-7.2.5-4.46.1 php7-sysvsem-debuginfo-7.2.5-4.46.1 php7-sysvshm-7.2.5-4.46.1 php7-sysvshm-debuginfo-7.2.5-4.46.1 php7-tokenizer-7.2.5-4.46.1 php7-tokenizer-debuginfo-7.2.5-4.46.1 php7-wddx-7.2.5-4.46.1 php7-wddx-debuginfo-7.2.5-4.46.1 php7-xmlreader-7.2.5-4.46.1 php7-xmlreader-debuginfo-7.2.5-4.46.1 php7-xmlrpc-7.2.5-4.46.1 php7-xmlrpc-debuginfo-7.2.5-4.46.1 php7-xmlwriter-7.2.5-4.46.1 php7-xmlwriter-debuginfo-7.2.5-4.46.1 php7-xsl-7.2.5-4.46.1 php7-xsl-debuginfo-7.2.5-4.46.1 php7-zip-7.2.5-4.46.1 php7-zip-debuginfo-7.2.5-4.46.1 php7-zlib-7.2.5-4.46.1 php7-zlib-debuginfo-7.2.5-4.46.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): php7-pear-7.2.5-4.46.1 php7-pear-Archive_Tar-7.2.5-4.46.1 - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.46.1 apache2-mod_php7-debuginfo-7.2.5-4.46.1 php7-7.2.5-4.46.1 php7-bcmath-7.2.5-4.46.1 php7-bcmath-debuginfo-7.2.5-4.46.1 php7-bz2-7.2.5-4.46.1 php7-bz2-debuginfo-7.2.5-4.46.1 php7-calendar-7.2.5-4.46.1 php7-calendar-debuginfo-7.2.5-4.46.1 php7-ctype-7.2.5-4.46.1 php7-ctype-debuginfo-7.2.5-4.46.1 php7-curl-7.2.5-4.46.1 php7-curl-debuginfo-7.2.5-4.46.1 php7-dba-7.2.5-4.46.1 php7-dba-debuginfo-7.2.5-4.46.1 php7-debuginfo-7.2.5-4.46.1 php7-debugsource-7.2.5-4.46.1 php7-devel-7.2.5-4.46.1 php7-dom-7.2.5-4.46.1 php7-dom-debuginfo-7.2.5-4.46.1 php7-enchant-7.2.5-4.46.1 php7-enchant-debuginfo-7.2.5-4.46.1 php7-exif-7.2.5-4.46.1 php7-exif-debuginfo-7.2.5-4.46.1 php7-fastcgi-7.2.5-4.46.1 php7-fastcgi-debuginfo-7.2.5-4.46.1 php7-fileinfo-7.2.5-4.46.1 php7-fileinfo-debuginfo-7.2.5-4.46.1 php7-fpm-7.2.5-4.46.1 php7-fpm-debuginfo-7.2.5-4.46.1 php7-ftp-7.2.5-4.46.1 php7-ftp-debuginfo-7.2.5-4.46.1 php7-gd-7.2.5-4.46.1 php7-gd-debuginfo-7.2.5-4.46.1 php7-gettext-7.2.5-4.46.1 php7-gettext-debuginfo-7.2.5-4.46.1 php7-gmp-7.2.5-4.46.1 php7-gmp-debuginfo-7.2.5-4.46.1 php7-iconv-7.2.5-4.46.1 php7-iconv-debuginfo-7.2.5-4.46.1 php7-intl-7.2.5-4.46.1 php7-intl-debuginfo-7.2.5-4.46.1 php7-json-7.2.5-4.46.1 php7-json-debuginfo-7.2.5-4.46.1 php7-ldap-7.2.5-4.46.1 php7-ldap-debuginfo-7.2.5-4.46.1 php7-mbstring-7.2.5-4.46.1 php7-mbstring-debuginfo-7.2.5-4.46.1 php7-mysql-7.2.5-4.46.1 php7-mysql-debuginfo-7.2.5-4.46.1 php7-odbc-7.2.5-4.46.1 php7-odbc-debuginfo-7.2.5-4.46.1 php7-opcache-7.2.5-4.46.1 php7-opcache-debuginfo-7.2.5-4.46.1 php7-openssl-7.2.5-4.46.1 php7-openssl-debuginfo-7.2.5-4.46.1 php7-pcntl-7.2.5-4.46.1 php7-pcntl-debuginfo-7.2.5-4.46.1 php7-pdo-7.2.5-4.46.1 php7-pdo-debuginfo-7.2.5-4.46.1 php7-pgsql-7.2.5-4.46.1 php7-pgsql-debuginfo-7.2.5-4.46.1 php7-phar-7.2.5-4.46.1 php7-phar-debuginfo-7.2.5-4.46.1 php7-posix-7.2.5-4.46.1 php7-posix-debuginfo-7.2.5-4.46.1 php7-shmop-7.2.5-4.46.1 php7-shmop-debuginfo-7.2.5-4.46.1 php7-snmp-7.2.5-4.46.1 php7-snmp-debuginfo-7.2.5-4.46.1 php7-soap-7.2.5-4.46.1 php7-soap-debuginfo-7.2.5-4.46.1 php7-sockets-7.2.5-4.46.1 php7-sockets-debuginfo-7.2.5-4.46.1 php7-sodium-7.2.5-4.46.1 php7-sodium-debuginfo-7.2.5-4.46.1 php7-sqlite-7.2.5-4.46.1 php7-sqlite-debuginfo-7.2.5-4.46.1 php7-sysvmsg-7.2.5-4.46.1 php7-sysvmsg-debuginfo-7.2.5-4.46.1 php7-sysvsem-7.2.5-4.46.1 php7-sysvsem-debuginfo-7.2.5-4.46.1 php7-sysvshm-7.2.5-4.46.1 php7-sysvshm-debuginfo-7.2.5-4.46.1 php7-tokenizer-7.2.5-4.46.1 php7-tokenizer-debuginfo-7.2.5-4.46.1 php7-wddx-7.2.5-4.46.1 php7-wddx-debuginfo-7.2.5-4.46.1 php7-xmlreader-7.2.5-4.46.1 php7-xmlreader-debuginfo-7.2.5-4.46.1 php7-xmlrpc-7.2.5-4.46.1 php7-xmlrpc-debuginfo-7.2.5-4.46.1 php7-xmlwriter-7.2.5-4.46.1 php7-xmlwriter-debuginfo-7.2.5-4.46.1 php7-xsl-7.2.5-4.46.1 php7-xsl-debuginfo-7.2.5-4.46.1 php7-zip-7.2.5-4.46.1 php7-zip-debuginfo-7.2.5-4.46.1 php7-zlib-7.2.5-4.46.1 php7-zlib-debuginfo-7.2.5-4.46.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): php7-pear-7.2.5-4.46.1 php7-pear-Archive_Tar-7.2.5-4.46.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.46.1 php7-debugsource-7.2.5-4.46.1 php7-embed-7.2.5-4.46.1 php7-embed-debuginfo-7.2.5-4.46.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.46.1 php7-debugsource-7.2.5-4.46.1 php7-embed-7.2.5-4.46.1 php7-embed-debuginfo-7.2.5-4.46.1 php7-readline-7.2.5-4.46.1 php7-readline-debuginfo-7.2.5-4.46.1 php7-sodium-7.2.5-4.46.1 php7-sodium-debuginfo-7.2.5-4.46.1 php7-tidy-7.2.5-4.46.1 php7-tidy-debuginfo-7.2.5-4.46.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.46.1 php7-debugsource-7.2.5-4.46.1 php7-embed-7.2.5-4.46.1 php7-embed-debuginfo-7.2.5-4.46.1 php7-readline-7.2.5-4.46.1 php7-readline-debuginfo-7.2.5-4.46.1 php7-sodium-7.2.5-4.46.1 php7-sodium-debuginfo-7.2.5-4.46.1 php7-tidy-7.2.5-4.46.1 php7-tidy-debuginfo-7.2.5-4.46.1 References: https://www.suse.com/security/cve/CVE-2019-11043.html https://bugzilla.suse.com/1154999 From sle-security-updates at lists.suse.com Wed Oct 30 08:12:39 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 Oct 2019 15:12:39 +0100 (CET) Subject: SUSE-SU-2019:2821-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP1) Message-ID: <20191030141239.2A786F798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2821-1 Rating: important References: #1102682 #1103203 #1133191 #1136446 #1137597 #1140747 #1144903 #1151021 #1153108 #1153158 #1153161 #904970 #907150 #920615 #920633 #930408 Cross-References: CVE-2018-5390 CVE-2019-10220 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-14835 CVE-2019-17133 CVE-2019-3846 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 8 fixes is now available. Description: This update for the Linux Kernel 3.12.74-60_64_110 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2821=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2821=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_110-default-6-2.1 kgraft-patch-3_12_74-60_64_110-xen-6-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_110-default-6-2.1 kgraft-patch-3_12_74-60_64_110-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2018-5390.html https://www.suse.com/security/cve/CVE-2019-10220.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-14835.html https://www.suse.com/security/cve/CVE-2019-17133.html https://www.suse.com/security/cve/CVE-2019-3846.html https://bugzilla.suse.com/1102682 https://bugzilla.suse.com/1103203 https://bugzilla.suse.com/1133191 https://bugzilla.suse.com/1136446 https://bugzilla.suse.com/1137597 https://bugzilla.suse.com/1140747 https://bugzilla.suse.com/1144903 https://bugzilla.suse.com/1151021 https://bugzilla.suse.com/1153108 https://bugzilla.suse.com/1153158 https://bugzilla.suse.com/1153161 https://bugzilla.suse.com/904970 https://bugzilla.suse.com/907150 https://bugzilla.suse.com/920615 https://bugzilla.suse.com/920633 https://bugzilla.suse.com/930408 From sle-security-updates at lists.suse.com Wed Oct 30 08:15:50 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 Oct 2019 15:15:50 +0100 (CET) Subject: SUSE-SU-2019:2820-1: important: Security update for dbus-1 Message-ID: <20191030141550.19586F798@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2820-1 Rating: important References: #1137832 Cross-References: CVE-2019-12749 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2820=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2820=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2820=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2820=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2820=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): dbus-1-debuginfo-1.8.22-29.17.12 dbus-1-debugsource-1.8.22-29.17.7 dbus-1-devel-1.8.22-29.17.7 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): dbus-1-devel-doc-1.8.22-29.17.12 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dbus-1-1.8.22-29.17.12 dbus-1-debuginfo-1.8.22-29.17.12 dbus-1-debugsource-1.8.22-29.17.7 dbus-1-x11-1.8.22-29.17.12 dbus-1-x11-debuginfo-1.8.22-29.17.12 dbus-1-x11-debugsource-1.8.22-29.17.12 libdbus-1-3-1.8.22-29.17.7 libdbus-1-3-debuginfo-1.8.22-29.17.7 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): dbus-1-debuginfo-32bit-1.8.22-29.17.12 libdbus-1-3-32bit-1.8.22-29.17.7 libdbus-1-3-debuginfo-32bit-1.8.22-29.17.7 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): dbus-1-1.8.22-29.17.12 dbus-1-debuginfo-1.8.22-29.17.12 dbus-1-debugsource-1.8.22-29.17.7 dbus-1-x11-1.8.22-29.17.12 dbus-1-x11-debuginfo-1.8.22-29.17.12 dbus-1-x11-debugsource-1.8.22-29.17.12 libdbus-1-3-1.8.22-29.17.7 libdbus-1-3-debuginfo-1.8.22-29.17.7 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libdbus-1-3-32bit-1.8.22-29.17.7 libdbus-1-3-debuginfo-32bit-1.8.22-29.17.7 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): dbus-1-1.8.22-29.17.12 dbus-1-debuginfo-1.8.22-29.17.12 dbus-1-debugsource-1.8.22-29.17.7 dbus-1-x11-1.8.22-29.17.12 dbus-1-x11-debuginfo-1.8.22-29.17.12 dbus-1-x11-debugsource-1.8.22-29.17.12 libdbus-1-3-1.8.22-29.17.7 libdbus-1-3-32bit-1.8.22-29.17.7 libdbus-1-3-debuginfo-1.8.22-29.17.7 libdbus-1-3-debuginfo-32bit-1.8.22-29.17.7 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): dbus-1-1.8.22-29.17.12 dbus-1-debuginfo-1.8.22-29.17.12 dbus-1-debuginfo-32bit-1.8.22-29.17.12 dbus-1-debugsource-1.8.22-29.17.7 dbus-1-x11-1.8.22-29.17.12 dbus-1-x11-debuginfo-1.8.22-29.17.12 dbus-1-x11-debugsource-1.8.22-29.17.12 libdbus-1-3-1.8.22-29.17.7 libdbus-1-3-32bit-1.8.22-29.17.7 libdbus-1-3-debuginfo-1.8.22-29.17.7 libdbus-1-3-debuginfo-32bit-1.8.22-29.17.7 - SUSE CaaS Platform 3.0 (x86_64): dbus-1-1.8.22-29.17.12 dbus-1-debuginfo-1.8.22-29.17.12 dbus-1-debugsource-1.8.22-29.17.7 dbus-1-nox11-1.8.22-29.17.7 dbus-1-nox11-debuginfo-1.8.22-29.17.7 dbus-1-x11-debuginfo-1.8.22-29.17.12 dbus-1-x11-debugsource-1.8.22-29.17.12 libdbus-1-3-1.8.22-29.17.7 libdbus-1-3-debuginfo-1.8.22-29.17.7 References: https://www.suse.com/security/cve/CVE-2019-12749.html https://bugzilla.suse.com/1137832 From sle-security-updates at lists.suse.com Wed Oct 30 11:13:53 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 Oct 2019 18:13:53 +0100 (CET) Subject: SUSE-SU-2019:2864-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP1) Message-ID: <20191030171353.8C2F9F798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2864-1 Rating: important References: #1103203 #1144903 #1149841 #1151021 #1153108 #1153158 #1153161 #904970 #907150 #920615 #920633 #930408 Cross-References: CVE-2019-10220 CVE-2019-14835 CVE-2019-17133 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 9 fixes is now available. Description: This update for the Linux Kernel 4.12.14-197_15 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-2864=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_15-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2019-10220.html https://www.suse.com/security/cve/CVE-2019-14835.html https://www.suse.com/security/cve/CVE-2019-17133.html https://bugzilla.suse.com/1103203 https://bugzilla.suse.com/1144903 https://bugzilla.suse.com/1149841 https://bugzilla.suse.com/1151021 https://bugzilla.suse.com/1153108 https://bugzilla.suse.com/1153158 https://bugzilla.suse.com/1153161 https://bugzilla.suse.com/904970 https://bugzilla.suse.com/907150 https://bugzilla.suse.com/920615 https://bugzilla.suse.com/920633 https://bugzilla.suse.com/930408 From sle-security-updates at lists.suse.com Wed Oct 30 11:17:49 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 Oct 2019 18:17:49 +0100 (CET) Subject: SUSE-SU-2019:2829-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP1) Message-ID: <20191030171749.3E3F7F798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2829-1 Rating: important References: #1144903 #1153108 #1153158 #1153161 Cross-References: CVE-2019-10220 CVE-2019-17133 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.74-60_64_118 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2832=1 SUSE-SLE-SAP-12-SP3-2019-2833=1 SUSE-SLE-SAP-12-SP3-2019-2834=1 SUSE-SLE-SAP-12-SP3-2019-2835=1 SUSE-SLE-SAP-12-SP3-2019-2836=1 SUSE-SLE-SAP-12-SP3-2019-2837=1 SUSE-SLE-SAP-12-SP3-2019-2838=1 SUSE-SLE-SAP-12-SP3-2019-2839=1 SUSE-SLE-SAP-12-SP3-2019-2840=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2825=1 SUSE-SLE-SAP-12-SP2-2019-2826=1 SUSE-SLE-SAP-12-SP2-2019-2827=1 SUSE-SLE-SAP-12-SP2-2019-2828=1 SUSE-SLE-SAP-12-SP2-2019-2829=1 SUSE-SLE-SAP-12-SP2-2019-2830=1 SUSE-SLE-SAP-12-SP2-2019-2831=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2822=1 SUSE-SLE-SAP-12-SP1-2019-2823=1 SUSE-SLE-SAP-12-SP1-2019-2824=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2832=1 SUSE-SLE-SERVER-12-SP3-2019-2833=1 SUSE-SLE-SERVER-12-SP3-2019-2834=1 SUSE-SLE-SERVER-12-SP3-2019-2835=1 SUSE-SLE-SERVER-12-SP3-2019-2836=1 SUSE-SLE-SERVER-12-SP3-2019-2837=1 SUSE-SLE-SERVER-12-SP3-2019-2838=1 SUSE-SLE-SERVER-12-SP3-2019-2839=1 SUSE-SLE-SERVER-12-SP3-2019-2840=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2825=1 SUSE-SLE-SERVER-12-SP2-2019-2826=1 SUSE-SLE-SERVER-12-SP2-2019-2827=1 SUSE-SLE-SERVER-12-SP2-2019-2828=1 SUSE-SLE-SERVER-12-SP2-2019-2829=1 SUSE-SLE-SERVER-12-SP2-2019-2830=1 SUSE-SLE-SERVER-12-SP2-2019-2831=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2822=1 SUSE-SLE-SERVER-12-SP1-2019-2823=1 SUSE-SLE-SERVER-12-SP1-2019-2824=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-2850=1 SUSE-SLE-Module-Live-Patching-15-SP1-2019-2851=1 SUSE-SLE-Module-Live-Patching-15-SP1-2019-2861=1 SUSE-SLE-Module-Live-Patching-15-SP1-2019-2862=1 SUSE-SLE-Module-Live-Patching-15-SP1-2019-2863=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-2852=1 SUSE-SLE-Module-Live-Patching-15-2019-2853=1 SUSE-SLE-Module-Live-Patching-15-2019-2854=1 SUSE-SLE-Module-Live-Patching-15-2019-2855=1 SUSE-SLE-Module-Live-Patching-15-2019-2856=1 SUSE-SLE-Module-Live-Patching-15-2019-2857=1 SUSE-SLE-Module-Live-Patching-15-2019-2858=1 SUSE-SLE-Module-Live-Patching-15-2019-2860=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-2841=1 SUSE-SLE-Live-Patching-12-SP4-2019-2842=1 SUSE-SLE-Live-Patching-12-SP4-2019-2843=1 SUSE-SLE-Live-Patching-12-SP4-2019-2844=1 SUSE-SLE-Live-Patching-12-SP4-2019-2845=1 SUSE-SLE-Live-Patching-12-SP4-2019-2846=1 SUSE-SLE-Live-Patching-12-SP4-2019-2847=1 SUSE-SLE-Live-Patching-12-SP4-2019-2848=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_156-94_64-default-8-2.1 kgraft-patch-4_4_156-94_64-default-debuginfo-8-2.1 kgraft-patch-4_4_162-94_69-default-7-2.1 kgraft-patch-4_4_162-94_69-default-debuginfo-7-2.1 kgraft-patch-4_4_162-94_72-default-7-2.1 kgraft-patch-4_4_162-94_72-default-debuginfo-7-2.1 kgraft-patch-4_4_175-94_79-default-6-2.1 kgraft-patch-4_4_175-94_79-default-debuginfo-6-2.1 kgraft-patch-4_4_176-94_88-default-5-2.1 kgraft-patch-4_4_176-94_88-default-debuginfo-5-2.1 kgraft-patch-4_4_178-94_91-default-5-2.1 kgraft-patch-4_4_178-94_91-default-debuginfo-5-2.1 kgraft-patch-4_4_180-94_100-default-3-2.1 kgraft-patch-4_4_180-94_100-default-debuginfo-3-2.1 kgraft-patch-4_4_180-94_103-default-3-2.1 kgraft-patch-4_4_180-94_103-default-debuginfo-3-2.1 kgraft-patch-4_4_180-94_97-default-5-2.1 kgraft-patch-4_4_180-94_97-default-debuginfo-5-2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_101-default-6-2.1 kgraft-patch-4_4_121-92_104-default-6-2.1 kgraft-patch-4_4_121-92_109-default-6-2.1 kgraft-patch-4_4_121-92_114-default-5-2.1 kgraft-patch-4_4_121-92_117-default-4-2.1 kgraft-patch-4_4_121-92_120-default-3-2.1 kgraft-patch-4_4_121-92_98-default-8-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_115-default-5-2.1 kgraft-patch-3_12_74-60_64_115-xen-5-2.1 kgraft-patch-3_12_74-60_64_118-default-3-2.1 kgraft-patch-3_12_74-60_64_118-xen-3-2.1 kgraft-patch-3_12_74-60_64_121-default-3-2.1 kgraft-patch-3_12_74-60_64_121-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_156-94_64-default-8-2.1 kgraft-patch-4_4_156-94_64-default-debuginfo-8-2.1 kgraft-patch-4_4_162-94_69-default-7-2.1 kgraft-patch-4_4_162-94_69-default-debuginfo-7-2.1 kgraft-patch-4_4_162-94_72-default-7-2.1 kgraft-patch-4_4_162-94_72-default-debuginfo-7-2.1 kgraft-patch-4_4_175-94_79-default-6-2.1 kgraft-patch-4_4_175-94_79-default-debuginfo-6-2.1 kgraft-patch-4_4_176-94_88-default-5-2.1 kgraft-patch-4_4_176-94_88-default-debuginfo-5-2.1 kgraft-patch-4_4_178-94_91-default-5-2.1 kgraft-patch-4_4_178-94_91-default-debuginfo-5-2.1 kgraft-patch-4_4_180-94_100-default-3-2.1 kgraft-patch-4_4_180-94_100-default-debuginfo-3-2.1 kgraft-patch-4_4_180-94_103-default-3-2.1 kgraft-patch-4_4_180-94_103-default-debuginfo-3-2.1 kgraft-patch-4_4_180-94_97-default-5-2.1 kgraft-patch-4_4_180-94_97-default-debuginfo-5-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_101-default-6-2.1 kgraft-patch-4_4_121-92_104-default-6-2.1 kgraft-patch-4_4_121-92_109-default-6-2.1 kgraft-patch-4_4_121-92_114-default-5-2.1 kgraft-patch-4_4_121-92_117-default-4-2.1 kgraft-patch-4_4_121-92_120-default-3-2.1 kgraft-patch-4_4_121-92_98-default-8-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_115-default-5-2.1 kgraft-patch-3_12_74-60_64_115-xen-5-2.1 kgraft-patch-3_12_74-60_64_118-default-3-2.1 kgraft-patch-3_12_74-60_64_118-xen-3-2.1 kgraft-patch-3_12_74-60_64_121-default-3-2.1 kgraft-patch-3_12_74-60_64_121-xen-3-2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-195-default-7-19.1 kernel-livepatch-4_12_14-197_10-default-3-2.1 kernel-livepatch-4_12_14-197_21-default-2-2.1 kernel-livepatch-4_12_14-197_4-default-6-2.1 kernel-livepatch-4_12_14-197_7-default-5-2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_14-default-5-2.1 kernel-livepatch-4_12_14-150_14-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-150_17-default-5-2.1 kernel-livepatch-4_12_14-150_17-default-debuginfo-5-2.1 kernel-livepatch-4_12_14-150_22-default-4-2.1 kernel-livepatch-4_12_14-150_22-default-debuginfo-4-2.1 kernel-livepatch-4_12_14-150_27-default-3-2.1 kernel-livepatch-4_12_14-150_27-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-150_32-default-3-2.1 kernel-livepatch-4_12_14-150_32-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-150_38-default-2-2.1 kernel-livepatch-4_12_14-150_38-default-debuginfo-2-2.1 kernel-livepatch-4_12_14-25_25-default-7-2.1 kernel-livepatch-4_12_14-25_25-default-debuginfo-7-2.1 kernel-livepatch-4_12_14-25_28-default-6-2.1 kernel-livepatch-4_12_14-25_28-default-debuginfo-6-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-94_41-default-8-2.22.1 kgraft-patch-4_12_14-94_41-default-debuginfo-8-2.22.1 kgraft-patch-4_12_14-95_13-default-5-2.1 kgraft-patch-4_12_14-95_16-default-5-2.1 kgraft-patch-4_12_14-95_19-default-4-2.1 kgraft-patch-4_12_14-95_24-default-3-2.1 kgraft-patch-4_12_14-95_29-default-3-2.1 kgraft-patch-4_12_14-95_3-default-7-2.1 kgraft-patch-4_12_14-95_6-default-6-2.1 kgraft-patch-SLE12-SP4_Update_0-debugsource-8-2.22.1 References: https://www.suse.com/security/cve/CVE-2019-10220.html https://www.suse.com/security/cve/CVE-2019-17133.html https://bugzilla.suse.com/1144903 https://bugzilla.suse.com/1153108 https://bugzilla.suse.com/1153158 https://bugzilla.suse.com/1153161 From sle-security-updates at lists.suse.com Wed Oct 30 14:13:02 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 Oct 2019 21:13:02 +0100 (CET) Subject: SUSE-SU-2019:2866-1: important: Security update for samba Message-ID: <20191030201302.89583F798@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2866-1 Rating: important References: #1144902 #1148539 #1152143 #1154289 #1154598 Cross-References: CVE-2019-10218 CVE-2019-14833 CVE-2019-14847 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for provides the following fixes: Following security issues were fixed: - CVE-2019-14847: User with "get changes" permission could have crashed AD DC LDAP server via dirsync (bsc#1154598). - CVE-2019-10218: Client code could have returned filenames containing path separators (bsc#1144902). - CVE-2019-14833: Accent with "check script password" where Samba AD DC check password script did not receive the full password (bsc#1154289). Also following non-security issues were fixed: - Fix auth problems when printing via smbspool backend with kerberos. (bsc#1148539) - Fix broken username/password authentication with CUPS and smbspool. (bsc#1152143) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-2866=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2866=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2866=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-2866=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2866=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): libsamba-policy0-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-policy0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-ad-dc-4.9.5+git.210.ab0549acb05-3.14.1 samba-ad-dc-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-debugsource-4.9.5+git.210.ab0549acb05-3.14.1 samba-dsdb-modules-4.9.5+git.210.ab0549acb05-3.14.1 samba-dsdb-modules-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-libs-python-4.9.5+git.210.ab0549acb05-3.14.1 samba-libs-python-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-python-4.9.5+git.210.ab0549acb05-3.14.1 samba-python-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-pcp-pmda-4.9.5+git.210.ab0549acb05-3.14.1 ctdb-pcp-pmda-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 ctdb-tests-4.9.5+git.210.ab0549acb05-3.14.1 ctdb-tests-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-policy-python-devel-4.9.5+git.210.ab0549acb05-3.14.1 samba-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-debugsource-4.9.5+git.210.ab0549acb05-3.14.1 samba-test-4.9.5+git.210.ab0549acb05-3.14.1 samba-test-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 x86_64): samba-ceph-4.9.5+git.210.ab0549acb05-3.14.1 samba-ceph-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): samba-doc-4.9.5+git.210.ab0549acb05-3.14.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libdcerpc-samr0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libdcerpc-samr0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-policy0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-policy0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-policy0-python3-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-policy0-python3-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsmbclient0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libsmbclient0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-ad-dc-32bit-4.9.5+git.210.ab0549acb05-3.14.1 samba-ad-dc-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-client-32bit-4.9.5+git.210.ab0549acb05-3.14.1 samba-client-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-libs-python-32bit-4.9.5+git.210.ab0549acb05-3.14.1 samba-libs-python-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-libs-python3-32bit-4.9.5+git.210.ab0549acb05-3.14.1 samba-libs-python3-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.210.ab0549acb05-3.14.1 libdcerpc-binding0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libdcerpc-devel-4.9.5+git.210.ab0549acb05-3.14.1 libdcerpc-samr-devel-4.9.5+git.210.ab0549acb05-3.14.1 libdcerpc-samr0-4.9.5+git.210.ab0549acb05-3.14.1 libdcerpc-samr0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libdcerpc0-4.9.5+git.210.ab0549acb05-3.14.1 libdcerpc0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libndr-devel-4.9.5+git.210.ab0549acb05-3.14.1 libndr-krb5pac-devel-4.9.5+git.210.ab0549acb05-3.14.1 libndr-krb5pac0-4.9.5+git.210.ab0549acb05-3.14.1 libndr-krb5pac0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libndr-nbt-devel-4.9.5+git.210.ab0549acb05-3.14.1 libndr-nbt0-4.9.5+git.210.ab0549acb05-3.14.1 libndr-nbt0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libndr-standard-devel-4.9.5+git.210.ab0549acb05-3.14.1 libndr-standard0-4.9.5+git.210.ab0549acb05-3.14.1 libndr-standard0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libndr0-4.9.5+git.210.ab0549acb05-3.14.1 libndr0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libnetapi-devel-4.9.5+git.210.ab0549acb05-3.14.1 libnetapi0-4.9.5+git.210.ab0549acb05-3.14.1 libnetapi0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-credentials-devel-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-credentials0-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-credentials0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-errors-devel-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-errors0-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-errors0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-hostconfig-devel-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-hostconfig0-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-hostconfig0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-passdb-devel-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-passdb0-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-passdb0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-policy-devel-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-policy-python3-devel-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-policy0-python3-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-policy0-python3-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-util-devel-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-util0-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-util0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamdb-devel-4.9.5+git.210.ab0549acb05-3.14.1 libsamdb0-4.9.5+git.210.ab0549acb05-3.14.1 libsamdb0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsmbclient-devel-4.9.5+git.210.ab0549acb05-3.14.1 libsmbclient0-4.9.5+git.210.ab0549acb05-3.14.1 libsmbclient0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsmbconf-devel-4.9.5+git.210.ab0549acb05-3.14.1 libsmbconf0-4.9.5+git.210.ab0549acb05-3.14.1 libsmbconf0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsmbldap-devel-4.9.5+git.210.ab0549acb05-3.14.1 libsmbldap2-4.9.5+git.210.ab0549acb05-3.14.1 libsmbldap2-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libtevent-util-devel-4.9.5+git.210.ab0549acb05-3.14.1 libtevent-util0-4.9.5+git.210.ab0549acb05-3.14.1 libtevent-util0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libwbclient-devel-4.9.5+git.210.ab0549acb05-3.14.1 libwbclient0-4.9.5+git.210.ab0549acb05-3.14.1 libwbclient0-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-4.9.5+git.210.ab0549acb05-3.14.1 samba-client-4.9.5+git.210.ab0549acb05-3.14.1 samba-client-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-core-devel-4.9.5+git.210.ab0549acb05-3.14.1 samba-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-debugsource-4.9.5+git.210.ab0549acb05-3.14.1 samba-libs-4.9.5+git.210.ab0549acb05-3.14.1 samba-libs-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-libs-python3-4.9.5+git.210.ab0549acb05-3.14.1 samba-libs-python3-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-python3-4.9.5+git.210.ab0549acb05-3.14.1 samba-python3-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-winbind-4.9.5+git.210.ab0549acb05-3.14.1 samba-winbind-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libdcerpc0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libdcerpc0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libndr-krb5pac0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libndr-nbt0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libndr-standard0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libndr-standard0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libndr0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libndr0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libnetapi0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libnetapi0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-credentials0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-errors0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-hostconfig0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-passdb0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-util0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libsamba-util0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsamdb0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libsamdb0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsmbconf0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libsmbconf0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libsmbldap2-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libsmbldap2-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libtevent-util0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libtevent-util0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 libwbclient0-32bit-4.9.5+git.210.ab0549acb05-3.14.1 libwbclient0-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-libs-32bit-4.9.5+git.210.ab0549acb05-3.14.1 samba-libs-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-winbind-32bit-4.9.5+git.210.ab0549acb05-3.14.1 samba-winbind-32bit-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-4.9.5+git.210.ab0549acb05-3.14.1 ctdb-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-debugsource-4.9.5+git.210.ab0549acb05-3.14.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): samba-ceph-4.9.5+git.210.ab0549acb05-3.14.1 samba-ceph-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-debuginfo-4.9.5+git.210.ab0549acb05-3.14.1 samba-debugsource-4.9.5+git.210.ab0549acb05-3.14.1 References: https://www.suse.com/security/cve/CVE-2019-10218.html https://www.suse.com/security/cve/CVE-2019-14833.html https://www.suse.com/security/cve/CVE-2019-14847.html https://bugzilla.suse.com/1144902 https://bugzilla.suse.com/1148539 https://bugzilla.suse.com/1152143 https://bugzilla.suse.com/1154289 https://bugzilla.suse.com/1154598 From sle-security-updates at lists.suse.com Wed Oct 30 14:14:27 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 Oct 2019 21:14:27 +0100 (CET) Subject: SUSE-SU-2019:2868-1: important: Security update for samba Message-ID: <20191030201427.D165FF798@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2868-1 Rating: important References: #1125601 #1127153 #1130245 #1134452 #1144902 #1154289 #1154598 Cross-References: CVE-2019-10218 CVE-2019-14833 CVE-2019-14847 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync (bsc#1154598). - CVE-2019-10218: Client code can return filenames containing path separators (bsc#1144902). - CVE-2019-14833: Fixed Accent with "check script password" where the Samba AD DC check password script does not receive the full password (bsc#1154289). Other issues fixed: - Fix vfs_ceph realpath (bsc#1134452). - MacOS credit accounting breaks with async SESSION SETUP (bsc#1125601). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection - Explicitly enable libcephfs POSIX ACL support (bsc#1130245). - Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2868=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2868=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2868=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-2868=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): samba-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 samba-debugsource-4.7.11+git.186.d75219614c3-4.30.1 samba-python-4.7.11+git.186.d75219614c3-4.30.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ctdb-pcp-pmda-4.7.11+git.186.d75219614c3-4.30.1 ctdb-pcp-pmda-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 ctdb-tests-4.7.11+git.186.d75219614c3-4.30.1 ctdb-tests-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 samba-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 samba-debugsource-4.7.11+git.186.d75219614c3-4.30.1 samba-python-4.7.11+git.186.d75219614c3-4.30.1 samba-test-4.7.11+git.186.d75219614c3-4.30.1 samba-test-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): samba-doc-4.7.11+git.186.d75219614c3-4.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.7.11+git.186.d75219614c3-4.30.1 libdcerpc-binding0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libdcerpc-devel-4.7.11+git.186.d75219614c3-4.30.1 libdcerpc-samr-devel-4.7.11+git.186.d75219614c3-4.30.1 libdcerpc-samr0-4.7.11+git.186.d75219614c3-4.30.1 libdcerpc-samr0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libdcerpc0-4.7.11+git.186.d75219614c3-4.30.1 libdcerpc0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libndr-devel-4.7.11+git.186.d75219614c3-4.30.1 libndr-krb5pac-devel-4.7.11+git.186.d75219614c3-4.30.1 libndr-krb5pac0-4.7.11+git.186.d75219614c3-4.30.1 libndr-krb5pac0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libndr-nbt-devel-4.7.11+git.186.d75219614c3-4.30.1 libndr-nbt0-4.7.11+git.186.d75219614c3-4.30.1 libndr-nbt0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libndr-standard-devel-4.7.11+git.186.d75219614c3-4.30.1 libndr-standard0-4.7.11+git.186.d75219614c3-4.30.1 libndr-standard0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libndr0-4.7.11+git.186.d75219614c3-4.30.1 libndr0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libnetapi-devel-4.7.11+git.186.d75219614c3-4.30.1 libnetapi0-4.7.11+git.186.d75219614c3-4.30.1 libnetapi0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsamba-credentials-devel-4.7.11+git.186.d75219614c3-4.30.1 libsamba-credentials0-4.7.11+git.186.d75219614c3-4.30.1 libsamba-credentials0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsamba-errors-devel-4.7.11+git.186.d75219614c3-4.30.1 libsamba-errors0-4.7.11+git.186.d75219614c3-4.30.1 libsamba-errors0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsamba-hostconfig-devel-4.7.11+git.186.d75219614c3-4.30.1 libsamba-hostconfig0-4.7.11+git.186.d75219614c3-4.30.1 libsamba-hostconfig0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsamba-passdb-devel-4.7.11+git.186.d75219614c3-4.30.1 libsamba-passdb0-4.7.11+git.186.d75219614c3-4.30.1 libsamba-passdb0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsamba-policy-devel-4.7.11+git.186.d75219614c3-4.30.1 libsamba-policy0-4.7.11+git.186.d75219614c3-4.30.1 libsamba-util-devel-4.7.11+git.186.d75219614c3-4.30.1 libsamba-util0-4.7.11+git.186.d75219614c3-4.30.1 libsamba-util0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsamdb-devel-4.7.11+git.186.d75219614c3-4.30.1 libsamdb0-4.7.11+git.186.d75219614c3-4.30.1 libsamdb0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsmbclient-devel-4.7.11+git.186.d75219614c3-4.30.1 libsmbclient0-4.7.11+git.186.d75219614c3-4.30.1 libsmbclient0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsmbconf-devel-4.7.11+git.186.d75219614c3-4.30.1 libsmbconf0-4.7.11+git.186.d75219614c3-4.30.1 libsmbconf0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsmbldap-devel-4.7.11+git.186.d75219614c3-4.30.1 libsmbldap2-4.7.11+git.186.d75219614c3-4.30.1 libsmbldap2-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libtevent-util-devel-4.7.11+git.186.d75219614c3-4.30.1 libtevent-util0-4.7.11+git.186.d75219614c3-4.30.1 libtevent-util0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libwbclient-devel-4.7.11+git.186.d75219614c3-4.30.1 libwbclient0-4.7.11+git.186.d75219614c3-4.30.1 libwbclient0-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 samba-4.7.11+git.186.d75219614c3-4.30.1 samba-client-4.7.11+git.186.d75219614c3-4.30.1 samba-client-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 samba-core-devel-4.7.11+git.186.d75219614c3-4.30.1 samba-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 samba-debugsource-4.7.11+git.186.d75219614c3-4.30.1 samba-libs-4.7.11+git.186.d75219614c3-4.30.1 samba-libs-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 samba-winbind-4.7.11+git.186.d75219614c3-4.30.1 samba-winbind-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libdcerpc-binding0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libdcerpc0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libdcerpc0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libndr-krb5pac0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libndr-nbt0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libndr-standard0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libndr-standard0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libndr0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libndr0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libnetapi0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libnetapi0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsamba-credentials0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsamba-errors0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsamba-hostconfig0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsamba-passdb0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsamba-util0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libsamba-util0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsamdb0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libsamdb0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsmbclient0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libsmbclient0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsmbconf0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libsmbconf0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libsmbldap2-32bit-4.7.11+git.186.d75219614c3-4.30.1 libsmbldap2-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libtevent-util0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libtevent-util0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 libwbclient0-32bit-4.7.11+git.186.d75219614c3-4.30.1 libwbclient0-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 samba-client-32bit-4.7.11+git.186.d75219614c3-4.30.1 samba-client-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 samba-libs-32bit-4.7.11+git.186.d75219614c3-4.30.1 samba-libs-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 samba-winbind-32bit-4.7.11+git.186.d75219614c3-4.30.1 samba-winbind-32bit-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ctdb-4.7.11+git.186.d75219614c3-4.30.1 ctdb-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 samba-debuginfo-4.7.11+git.186.d75219614c3-4.30.1 samba-debugsource-4.7.11+git.186.d75219614c3-4.30.1 References: https://www.suse.com/security/cve/CVE-2019-10218.html https://www.suse.com/security/cve/CVE-2019-14833.html https://www.suse.com/security/cve/CVE-2019-14847.html https://bugzilla.suse.com/1125601 https://bugzilla.suse.com/1127153 https://bugzilla.suse.com/1130245 https://bugzilla.suse.com/1134452 https://bugzilla.suse.com/1144902 https://bugzilla.suse.com/1154289 https://bugzilla.suse.com/1154598 From sle-security-updates at lists.suse.com Wed Oct 30 14:16:09 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 Oct 2019 21:16:09 +0100 (CET) Subject: SUSE-SU-2019:2867-1: moderate: Security update for ardana-ansible, ardana-glance, ardana-horizon, ardana-input-model, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, galera-3, grafana, mariadb, mariadb-connector-c, novnc, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-keystone, openstack-monasca-installer, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, python-amqp, python-ovs, python-pysaml2, python-python-engineio, python-urllib3, release-notes-suse-openstack-cloud, rubygem-easy_diff, rubygem-rest-client-1_6, venv-openstack-keystone Message-ID: <20191030201609.DBBEBF798@maintenance.suse.de> SUSE Security Update: Security update for ardana-ansible, ardana-glance, ardana-horizon, ardana-input-model, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, galera-3, grafana, mariadb, mariadb-connector-c, novnc, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-keystone, openstack-monasca-installer, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, python-amqp, python-ovs, python-pysaml2, python-python-engineio, python-urllib3, release-notes-suse-openstack-cloud, rubygem-easy_diff, rubygem-rest-client-1_6, venv-openstack-keystone ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2867-1 Rating: moderate References: #1019074 #1096985 #1106515 #1115960 #1116846 #1118900 #1120657 #1125893 #1126088 #1132593 #1132666 #1136035 #1141121 #1141676 #1143215 #1145796 #1146578 #1148158 #1148383 #1150895 #917802 Cross-References: CVE-2015-3448 CVE-2016-10127 CVE-2018-15727 CVE-2018-19039 CVE-2018-558213 CVE-2019-13611 CVE-2019-15043 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 CVE-2019-5477 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 10 fixes is now available. Description: This update for ardana-ansible, ardana-glance, ardana-horizon, ardana-input-model, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, galera-3, grafana, mariadb, mariadb-connector-c, novnc, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-keystone, openstack-monasca-installer, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, python-amqp, python-ovs, python-pysaml2, python-python-engineio, python-urllib3, release-notes-suse-openstack-cloud, rubygem-easy_diff, rubygem-rest-client-1_6, venv-openstack-keystone contains the following fixes: - Update to version 8.0+git.1566374355.c509923: * Use raw image format when using SES backend on Nova (SOC-9285) - Update to version 8.0+git.1566376789.be0fe01: * Configure glance image_direct_url/multiple_locations (SOC-9285) - Update to version 8.0+git.1565816064.5d4f73f: * Removed None condition from rule (SOC-10003) - Update to version 8.0+git.1566517401.98450e6: * Add neutron-fwaas.json when neutron-l3-agent is deployed (SOC-10280) - Update to version 8.0+git.1568835837.2452e7a: * Ensure Manila services don't auto start on reboot (SOC-10641) - Update to version 8.0+git.1568220097.74ee4b4: * API extension paths separated by colon (SOC-10447) - Update to version 8.0+git.1567555448.5ecd5b0: * Add dependent services to neutron services (SOC-8746) - Update to version 8.0+git.1566517377.f2a8c54: * Add policy.d/neutron-fwaas.json.j2 (SOC-10280) - Update to version 8.0+git.1566902754.c58ff69: * Install libosinfo package (SOC-10295) - Update to version 8.0+git.1565946419.a76c00e: * Set diskcachemode and disk discard when using RBD (SOC-10182) - Update to version 8.0+git.1568373448.bcaee7e: * Make octavia heartbeat frequency options configurable (SOC-9285) - Update to version 8.0+git.1566374572.a3c91d9: * Include SES variables when configuring image (SOC-9285) - Update to version 8.0+git.1566208257.5213d93: * Use default values for amphora connection retries/timeout (SOC-9285) - Update to version 8.0+git.1566471887.fd2fec7: * Delete existing run filter before deploying it (SOC-10287) - Update to version 5.0+git.1569597589.1f025c557: * barclamp_lib: Sync timeout with other barclamps (SOC-10513, SOC-10011) - Update to version 5.0+git.1569231378.ac645b753: * Revert "batch: Use easy_merge for merging (SOC-10505)" - Update to version 5.0+git.1569103607.ee4a6cbc9: * upgrade: Fix pie chart colors on dashboard (SOC-10619) - Update to version 5.0+git.1568983947.70c39b8c7: * batch: Use easy_merge for merging (SOC-10505) - Update to version 5.0+git.1568317972.dfb856def: * upgrade: Fix pre-checks tests (SOC-9868) * Allow designate rndc for all nodes (SOC-10339) - Update to version 5.0+git.1568210854.4f87b86f8: * gems: Update easy_diff to 1.0.0 (SOC-10505) - Update to version 5.0+git.1567531836.e06d68030: * Public ips for dns nodes when designate integration is in use (SOC-9635) - Update to version 5.0+git.1567513044.e9ef28b03: * crowbar: Do not read /etc/crowbar.install.key in non-SUSE init script * transition.sh: Do not read /etc/crowbar.install.key * gather_logs: Make it a bit useful again * gather_logs: Do not read /etc/crowbar.install.key * network: Check existing upper layers before bond setup (bsc#1120657) * network: never plug two interface into the same ovs bridge (bsc#1120657) * network: Avoid plugging the same interface to two ovs bridges (bsc#1120657) * nic library: some helper for identifying base interface (bsc#1120657) * network: Rework the vlan port replugging code (bsc#1120657) * network: DRY out "kill_nic_files" (noref) - Update to version 5.0+git.1567161136.fa34ac9f2: * Add CVE-2019-5477 the to travis ignore list (SOC-9635) - Update to version 5.0+git.1567094388.48f2be817: * upgrade: Add more prechecks for 8->9 (SOC-9868) - Update to version 5.0+git.1567673535.607aada: * Fix typo in error message - add cirros-0.4.0-x86_64-disk.img (SOC-9298, SOC-10844) * the disk img is required to run the barbican tempest test - Update to version 5.0+git.1570141351.058c8bd44: * tempest:install designate tempest plugin for SOC8 (SOC-10288) - Update to version 5.0+git.1569972328.9d475ceb9: * [5.0] Designate: Add dns_domain_ports config (SOC-10740) - Update to version 5.0+git.1569933916.d38d07e2d: * Install barbican tempest plugin for SOC8 (SOC-10191) * Designate: Filter out the admin node (SOC-10658) - Update to version 5.0+git.1569885207.573f090bd: * 5.0: designate: Fix the keys syntax error on migrations (SOC-10660) - Update to version 5.0+git.1569620621.21c6c5459: * helper:move config_for_role_exists from horizon to crowbar-openstack(SOC-10191) - Update to version 5.0+git.1569431597.02675553d: * tempest: don't rely on service catalogue (SOC-10633) * glance: don't reuse sync mark names (SOC-10348) * enable LDAP chase_referrals configuration (SOC-7364) * nova: set default attribute for max_threads_per_process - Update to version 5.0+git.1569053854.bb65c0fd1: * Make ovs of_inactivity_probe configurable from neutron barclamp - Update to version 5.0+git.1568904694.4d6e71fd1: * Revert "designate: Mark as user managed (SOC-10233)" - Update to version 5.0+git.1568762121.5889ee9c4: * Octavia: Hide UI until complete (SOC-10550) - Update to version 5.0+git.1568721569.5927d34b8: * designate: Mark as user managed (SOC-10233) - Update to version 5.0+git.1568593066.8a7e963dd: * designate: cleanup producer HA deployment (SOC-9766) - Update to version 5.0+git.1568373930.d508e93f7: * designate: Correct missing variable (SOC-10549) - Update to version 5.0+git.1568323106.c080edcc1: * neutron: Add 'insecure' to old cli calls (SOC-10453) - Update to version 5.0+git.1568303804.bd258bef6: * designate: No longer care about master/slave (SOC-10456) - Update to version 5.0+git.1568173760.4a32699b1: * nova: raise neutron client timeout to 5 minutes * neutron: Small cleanup to neutron_lbaas.conf template - Update to version 5.0+git.1568117991.15d77c6ea: * Designate default Bind9 pool config (SOC-10339) - Update to version 5.0+git.1568034797.254b8fb85: * tempest: Skip manila and ceilometer tests (SOC-9799) - Update to version 5.0+git.1567660321.885064382: * nova: Don't put nova-compute roles on monasca node (SOC-10373) - Update to version 5.0+git.1567513535.f2939eeed: * designate: Update ns_records with all nameservers (SOC-9636) * designate: Deploy producer on a server node (SOC-9766) - Update to version 5.0+git.1567165725.8d5b4fa26: * horizon: fix Grafana in HA clouds (bsc#1116846) - Update to version 5.0+git.1567094879.c918a5e23: * Fix barbican SSL support (SOC-9298) * Add/fix run_filters * Add tempest filters based on services (SOC-9298) - Update to version 5.0+git.1566858336.891ddbf31: * Fix magnum tempest tests (SOC-9298) * tempest: only assign creator role if needed * database: Hardcode ruby version for package installation (SOC-10010) - Update to version 5.0+git.1566838653.efe3b147d: * memcache: lookup memcached servers port only on local node (SOC-10173) * designate: initialize email in default designate proposal * horizon: Install designate plugin when configured (SOC-9695) - Update to version 5.0+git.1566629404.88dae370a: * Designate: Update DB pools configuration (SOC-9767) - Update to version 5.0+git.1566256160.59ebd76c0: * designate: Configure resource settings (SOC-9633) - Update to version 1.2.0+git.1568396400.0344a727: * upgrade: Add missing precheck titles - Update to 25.3.25: * A new Galera configuration parameter cert.optimistic_pa was added. If the parameter value is set to true, full parallellization in applying write sets is allowed as determined by certification algorithm. If set to false, no more parallellism is allowed in applying than seen on the master. * Support for ECDH OpenSSL engines on CentOS 6 (galera#520) * Fixed compilation on Debian testing and unstable (galera#516, galera#528) - Add unescape_IPv6_bind_ip.patch * https://github.com/dciabrin/galera-1/commit/0f6f8aeeb09809280c956514cfd5844 b8acad4f9 - Add CVE-2019-15043.patch (SOC-10357) * Adds authentication to a few rest endpoints see: https://github.com/grafana/grafana/compare/v5.4.4...v5.4.5 - Update to version 4.6.5: * release 4.6.5 CVE-2018-19039 (jsc#SOC-9976) File Exfiltration vulnerability Security fix * Updated version to 4.6.4. CVE-2018-558213/CVE-2018-558213 (jsc#SOC-9980) Important fix for LDAP & OAuth login vulnerability * Updated version to 4.6.4. * sql: added code migration type * release 4.6.3 * fix default alias * fixes broken alert eval when first condition is using OR * fix: alert list panel now works correctly after adding manual annotation on dashboard, fixes #9951 * fix: fix for avatar images when gzip is turned on, fixes #5952 * sets version to 4.6.2 * prom: add support for default step param (#9866) * build: fixed jshint error * fix: Html escaping caused issue in InfluxDB query editor, could not pick greater than or less then operators, fixes #9871 * heatmap: fix tooltip in "Time series bucket" mode, #9332 (#9867) * fix cloudwatch ec2_instance_attribute (#9718) * colorpicker: fix color string change #9769 (#9780) * changes version to 4.6.1 * fix: panel view now wraps, no scrolling required, fixes #9746 * plugins: fix for loading external plugins behind auth proxy, fixes #9509 * fix: color picker bug at series overrides page, #9715 (#9738) * tech: switch to golang 1.9.2 * tech: add missing include * save as should only delete threshold for panels with alerts * fix: graphite annotation tooltip included undefined, fixes #9707 * build: updated version to v4.6.0 * plugins: added backward compatible path for rxjs * ux: updated singlestat default colors * prometheus: fixed unsaved changes warning when changing time range due to step option on query model was changed in datasource.query code, fixes #9675 * fix: firefox can now create region annotations, fixes #9638 * alerting: only editors can pause rules * fix: another fix for playlist view state, #9639 * fix: fixed playlist controls and view state, fixes #9639 * prom: adds pre built grafana dashboard * bump version for publish_testing.sh * update version to 4.6.0-beta3 * plugins: expose dashboard impression store * modify $__timeGroup macro so it can be used in select clause (#9527) * plugins: fixes path issue on Windows * prometheus: enable gzip for /metrics endpoint * fix: fixed save to file button in export modal, fixes #9586 * mysql: add usage stats for mysql * pluginloader: esModule true for systemjs config * Fix heatmap Y axis rendering (#9580) * fix vector range * prometheus: add builtin template variable as range vectors * fix: fixed prometheus step issue that caused browser crash, fixes #9575 * fix: getting started panel and mark adding data source as done, fixes #9568 * Fixes for annotations API (#9577) * bump packagecloud script * build: added imports of rxjs utility functions * prepare for v4.6.0-beta2 release * fix template variable expanding * annotations: quote reserved fields (#9550) * ux: align alert and btn colors * fix: fixed color pickers that were broken in minified builds, fixes #9549 * textpanel: fixes #9491 * csv: fix import for saveAs shim * plugins: expose more util and flot dependencies * alert_tab: clear test result when testing rules * (cloudwatch) fix cloudwatch query error over 24h (#9536) * show error message when cloudwatch datasource can't add * update packagecloud script for 4.6.0-beta1 * changelog: adds note about closing #9516 * alerting: add count_non_null reducer * Update rpm.md * fix: can now remove annotation tags without popover closing * tech: add backward compatibility for directive (#9510) * fix: fixed links on new 404 page, fixes #9493 * logging: dont use cli logger in http_server * oauth: raise error if session state is missing * oauth: provide more logging for failed oauth requests * prepare for 4.6.0-beta1 release * docs: updated whats new article * docs: initial draft release v46 * graph: fix y-axis decimalTick check. Fixes #9405 * minor docs update * docs: annotation docs update * changelog: adds note about closing #7104 * changelog: adds note about closing #9373 * metrics: disable gzip for /metrics endpoint (#9468) * Annotation docs (#9506) * Update CHANGELOG.md * Update PLUGIN_DEV.md * Update PLUGIN_DEV.md * Update README.md * Fixed link issue in CHANGELOG * Create PLUGIN_DEV.md * changelog: adds note about closing #9371,#5334,#8812 * ds_edit: placeholder should only be cert header * fixed minor styling issus (#9497) * fix: alert api limit param did not work and caused SQL syntax error, fixes #9492 * annotations: add endpoint for writing graphite-like events (#9495) * Update unsaved_changes_modal.ts * fix: set lastSeenAt date when creating users to then years in past insteasd of empty date, fixes #9260 * ux: minor ux fix * Retain old name for TLS client auth * Return error if datasource TLS CA not parsed * Datasource settings: Make HTTP all caps * Datasource HTTP settings: Add TLS skip verify * Make URL capitalisation consistent in UI * Alias macron package in app_routes.go * Verify datasource TLS and split client auth and CA * Tidy spacing in datasource TLS settings * Tests: Clarify what InsecureSkipVerify does * postgres: add missing ngInject decorator * docs: initial docs for new annotation features, #9483 * Adds note for #9209 to changelog * Postgres Data Source (#9475) * tech: expose more to plugins, closes #9456 * Fix NaN handling (#9469) * snapshots: improve snapshot listing performance, #9314 (#9477) * mysql: fix interpolation for numbers in temp vars * Added docs for Kafka alerting * Fixed failing go tests * gofmt fixes * Added tests * Kafka REST Proxy works with Grafana * added insrtuctions for oauth2 okta bitbucket (#9471) * Unified Color picker fixes (#9466) * Show min interval query option for mixed datasource (#9467) * gzip: plugin readme content set explicitly * ignore pattern for vendored libs * fix: escape metric segment auto complete, fixes #9423 * Corrected a PostgreSQL SELECT statement. (#9460) * tests: found the unhandled promise issue in the dash import tests * testing: fixing tests * annotations: minor change to default/edit annotation color * Create annotations (#8197) * OAuth: Rename sslcli * OAuth: Separate TLS client auth and CA config * OAuth: Check both TLS client cert and key * Always verify TLS unless explicitly told otherwise * fix: threshold's colors in table panels (#9445) (#9453) * singlestat: fix sizing bug #9337 (#9448) * Revert "Fix coloring in singlestat if null value (#9438)" (#9443) * Fix coloring in singlestat if null value (#9438) * fix: missing semicolon * changed jsontree to use jsonexplorer (#9416) * docs page for authproxy (#9420) * Update codebox (#9430) * Series color picker fix (#9442) * fix type in readme * removed commented line * changelog: adds note about closing #9110 * Fixed typo * Change empty string checks and improve logging * changelog: adds note about closing #9208 * Fix spelling on 404 page. * Lint fix * Update kbn.js * Add Norwegian Krone denominator for currency * fixed layout for column options, changed dropdown for date format kept old code * build: add noUnusedLocals to tsc parameters * build: install go based on env variable * changes go version to 1.9.1 * changelog: adds note about closing #9226 * changelog: add note about closing #9429 * changelog: adds note about closing #9399 * Fix formatting issue * Add milliseconds format in table panel's config * support for s3 path (#9151) * Remove apparently unnecessary .flush() calls. * Fix empty message and toolong attribute names Use default state message if no message is provided by the user Slice attribute name to maximum of 50 chars * Address review comments. * changelog: add note about closing #7175 * plugin_loader: expose app_events to plugins * Add the missing comma * colorpicker: refactoring the new unififed colorpicker, #9347 * Unified colorpicker (#9347) * fix missing column headers in excel export (#9413) * build: remove clean plugin from dev build * build: fixed broken elastic unit test * shore: cleanup unused stuff in common.d.ts * Build URL for close alert request differently * some restyling (#9409) * Docs text fixes (#9408) * Checkbox fixes (#9400) * fix: ensure panel.datasource is null as default * plugibs: expose more to plugins * properly parse & pass upload image bool from config * break out slack upload into separate function * tech: minor npm scripts update * build: fixed build * refactoring: minor refactoring of PR #8916 * Update script to make it use OpsGenie's REST API * docs: minor docs fix * Merge branch 'master' of github.com:grafana/grafana * build: minor webpack fix * docs: updated building from source docs * playlist: play and edit should use same width * shore: fixed html indentation, #9368 * tech: updated yarn.lock * shore: minor cleanup * Webpack (#9391) * fixing json for CI * adding support for token-based slack file.upload API call for posting images to slack * changelog: adds note about closing #8479 * changelog: adds note about closing #8050 * changelog: adds note about closing #9386 * change pdiff to percent_diff for conditions * panel: rename label on csv export modal * add diff and pdiff for conditions * fix, add targetContainsTemplate() * fix cloudwatch alert bug * add debug log * move extend statistics handling code to backend * fix assume role * improve cloudwatch tsdb * refactor cloudwatch code * remove obsolete code * move cloudwatch crendential related code * remove old handler * fix annotation query * fix time * fix dimension convertion * re-implement annotation query * fix parameter format * fix alert feature * fix parameter format * refactor cloudwatch to support new tsdb interface * refactor cloudwatch frontend code * refactor cloudwatch frontend code * fix test * re-implement dimension_values() * fix error message * remove performEC2DescribeInstances() * re-implement ec2_instance_attribute() * re-implement ebs_volume_ids() * import the change, https://github.com/grafana/grafana/pull/9268 * fix conflict * fix test * remove obsolete GetMetricStatistics() * fix test * move test code * fix conflict * porting other suggestion * re-implement get regions * move the metric find query code * (cloudwatch) move query parameter to 'parameters' * parse duration * remove offset for startTime * cache creds for keys/credentials auth type * fix test * fix invalid query filter * count up metrics * (cloudwatch) alerting * add brazil currency * tech: upgrade of systemjs to 0.20.x working * tech: reverted to systemjs * tech: migrating elasticsearch to typescript * changelog: add note about using golang 1.9 * change go version to 1.9 * changelog: adds note about closing #9367 * tech: systemjs upgrade * made a text-panel page, maybe we don't need it * cleaned up html/sass and added final touches * Enable dualstack in every net.Dialer, fixes #9364 * jaeger: capitalize tracer name * jaeger: logging improvement * tech: systemjs upgrade * Have include intervalFactor in its calculation, so always equal to the step query parameter. * alertlist: toggle play/pause button * updated css and html for recent state changes for alert lists * Fix export_modal message (#9353) * s3: minor fix for PR #9223 * internal metrics: add grafana version * changelog: adds note about closing 5765 * Update latest.json * typescript: stricter typescript option * prom_docker: give targets correct job name * testdata: add bucket scenarios for heatmap * dev-docker: add grafana as target * changelog: add note ablout closing #9319 * introduce smtp config option for EHLO identity * changelog: note about closing #9250 * go fmt * new page for text, needs more work * replaced img in graph, created alert list page * docs: update docs * Update CHANGELOG.md * changelog: adds note about closing #5873 * replaced image * Docs new updates (#9324) * Update CHANGELOG.md * Update latest.json * cleanup: removed unused file * tech: remove bower and moved remaining bower dependencies to npm * tech: cleanup and fixed build issue * tech: upgraded angularjs and moved dependency from bower to npm, closes #9327 * follow go idiom and return error as second param * tech: updated tsconfig * docker: adds alertmanager to prometheus fig * tech: more tslint rules * another img update * tech: removing unused variables from typescript files, and making tslint rules more strict * deleted old shortcuts instruction * text uppdates for dashlist and singlestat(+img). updated the keyboard shortcuts * context is reserved for go's context * make ds a param for Query * remove batch abstraction * rename executor into tsdbqueryendpoint * remove unused structs * refactor response flow * tech: removed test component * ux: minor singlestat update * singlestat: minor change * Update CHANGELOG.md * Singlestat time (#9298) * tech: progress on react poc * adds note about closing #9213 * Update _navbar.scss * replaced images, updating text(not finished) * fix: close for 'Unsaved Changes' modal, #9284 (#9313) * Initial graphite tags support (#9239) * tech: initial react poc * Make details more clean in PD description * bug: enable HEAD requests again * Add `DbClusterIdentifier` to CloudWatch dimensions (#9297) * templating: fix dependent variable updating (#9306) * Fix adhoc filters restoration (#9303) * Explicitly refer to Github 'OAuth' applications * config bucket and region for s3 uploader * fixes bug introduced with prom namespaces * fixing spelling of millesecond -> millisecond * fixing spelling of millesecond -> millisecond * Remove duplicate bus.AddHandler() (#9289) * Update CHANGELOG.md * use same key as mt * tag alert queries that return no_data * updated error page html+css, added ds_store to ignore (#9285) * public/app/plugins/panel/graph/specs/graph_specs.ts: relax tests to be "within" instead of "equal", so they won't fail on i686 (#9286) * Fix path to icon (#9276) * adds note about fix in v4.5.2 * skip NaN values when writing to graphite * addded mass units, #9265 (#9273) * Fully fill out nulls in cloudfront data source (#9268) * make it possible to configure sampler type * mark >=400 responses as error * change port for jaeger dev container * logwrapper for jaeger * make samplerconfig.param configurable * adds custom tags from settings * use route as span name * add trace headers for outgoing requests * docker file for running jaeger * better formating for error trace * attach context with span to *http.Request * add traces for datasource reverse proxy requests * trace failed executions * use tags instead of logs * use opentracing ext package when possible * set example port to zipkin default * adds codahale to vendor * makes jaeger tracing configurable * add trace parameters for outgoing requests * adds basic traces using open traces * require dashboard panels to have id * fix: jsonData should not be allowed to be null, fixes #9258 * packaging: reduce package size * Update upgrading.md (#9263) * Added --pluginUrl option to grafana-cli for local network plugin installation * adds note about closing #1395 * add locale format * update changelog * fixes broken tests :boom: * minor code adjusetments * pass context to image uploaders * remove unused deps * Reduced OAuth scope to read_write * GCS support via JSON API * gofmt fixes * Added GCS support #8370 * move more known datasources from others * Remove alert thresholds on panel duplicate, issue #9178 (#9257) * 4.5.1 docs + update version to 5.0.0-pre1 * publish_both.sh update for 4.5.1 * Update CHANGELOG.md * docs: updated changelog * packaging: reducing package size be only including public vendor stuff we need * docs: update download links * allow ssl renegotiation for datasources * check args for query * add test for completer * fix * follow token name change * (prometheus) support label value completion * (prometheus) support label name completion * get s3 url via aws-sdk-go, fix #9189 * Prometheus: Rework the interaction between auto interval (computed based on graph resolution), min interval (where specified, per query) and intervalFactor (AKA resolution, where specified, per query). As a bonus, have and reflect the actual interval (not the auto interval), taking into account min interval and Prometheus' 11k data points limit. * minor fix * (prometheus) support instant query for table format, use checkbox to switch query type * (prometheus) instant query support * Add thumbnail to card * Add values to the hipchat card * Reorder editorconfig * Enable datasources to be able to round off to a UTC day properly * Include triggering metrics to pagerduty alerts - Add 0001-fix-XSS-vulnerabilities-in-dashboard-links.patch (bsc#1096985) - adjust mysql-systemd-helper ("shutdown protected MySQL" section) so it checks both ping response and the pid in a process list as it can take some time till the process is terminated. Otherwise it can lead to "found left-over process" situation when regular mariadb is started [bsc#1143215] - update suse_skipped_tests.list - remove client_ed25519.so plugin because it's shipped in mariadb-connector-c package (libmariadb_plugins) - update suse_skipped_tests.list - update to 10.2.25 GA * Fixes for the following security vulnerabilities: * 10.2.23: none * 10.2.24: CVE-2019-2628, CVE-2019-2627, CVE-2019-2614 * 10.2.25: none * release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10223-release-notes https://mariadb.com/kb/en/library/mariadb-10223-changelog https://mariadb.com/kb/en/library/mariadb-10224-release-notes https://mariadb.com/kb/en/library/mariadb-10224-changelog https://mariadb.com/kb/en/library/mariadb-10225-release-notes https://mariadb.com/kb/en/library/mariadb-10225-changelog - remove mariadb-10.2.22-fix_path.patch that was applied upstream in mariadb 10.2.23 - remove caching_sha2_password.so because it's shipped in mariadb-connector-c package (libmariadb_plugins) - remove xtrabackup scripts as it was replaced by mariabackup (we already removed xtrabackup requires in the first phase) - fix reading options for multiple instances if my${INSTANCE}.cnf is used. Also remove "umask 077" from mysql-systemd-helper that causes that new datadirs are created with wrong permissions. Set correct permissions for files created by us (mysql_upgrade_info, .run-mysql_upgrade) [bsc#1132666] - fix build comment to not refer to openSUSE - tracker bug [bsc#1136035] - New upstream version 3.1.2 [bsc#1136035] * CONC-383: client plugins can't be loaded due to missing prefix * Fixed version setting in GnuTLS by moving "NORMAL" at the end of priority string * CONC-386: Added support for pem files which contain certificate and private key. * Replication/Binlog API: The main mechanism used in replication is the binary log. * CONC-395: Dashes and underscores are not interchangeable in options in my.cnf * CONC-384: Incorrect packet when a connection attribute name or value is equal to or greater than 251 * CONC-388: field->def_length is always set to 0 * Getter should get and the setter should set CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS * Disable LOAD DATA LOCAL INFILE suport by default and auto-enable it for the duration of one query, if the query string starts with the word "load". In all other cases the application should enable LOAD DATA LOCAL INFILE support explicitly. * Changed return code for mysql_optionv/mysql_get_optionv to 1 (was -1) and added CR_NOT_IMPLEMENTED error message if a option is unknown or not supported. * mingw fix: use lowercase names for include files * CONC-375: Fixed handshake errors when mixing TLSv1.3 cipher suites with cipher suites from other TLS protocols * CONC-312: Added new caching_sha2_password authentication plugin for authentication with MySQL 8.0 - refresh mariadb-connector-c-2.3.1_unresolved_symbols.patch and private_library.patch - pack caching_sha2_password.so and client_ed25519.so - move libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 [bsc#1126088] - Fixes bugs bsc#1145796: Add tightPNG encoding * Apply novnc-1.0.0-add-encoding-support-for-TightPNG.patch This patch cherry-picks commit 2c813a33f to novnc 1.0.0 to enable tightPNG encoding. This encoding is needed to allow noVNC to work with instances that run on ESX hypervisors. It is not possible to update the Pike package to noVNC 1.1.0 as that version is not supported with openstack-nova until Rocky. - Update to version cinder-11.2.3.dev16: * RBD: remove redundant exception log to reduce noise - Update to version cinder-11.2.3.dev14: * Fix NFS volume retype with migrate - Update to version cinder-11.2.3.dev12: * Remove Sheepdog tests from zuul config * NetApp: Return all iSCSI targets-portals - Update to version cinder-11.2.3.dev8: * Remove experimental openSUSE 42.3 job - Update to version cinder-11.2.3.dev16: * RBD: remove redundant exception log to reduce noise - Update to version cinder-11.2.3.dev14: * Fix NFS volume retype with migrate - Update to version cinder-11.2.3.dev12: * Remove Sheepdog tests from zuul config * NetApp: Return all iSCSI targets-portals - Update to version cinder-11.2.3.dev8: * Remove experimental openSUSE 42.3 job - Update to version glance-15.0.3.dev3: * Remove experimental openSUSE 42.3 job - Update to version glance-15.0.3.dev3: * Remove experimental openSUSE 42.3 job - Update to version heat-9.0.8.dev13: * Unlimited cinder quotas throws exception - Update to version heat-9.0.8.dev12: * Do not perform the tenant stack limit check for admin user - Update to version heat-9.0.8.dev13: * Unlimited cinder quotas throws exception - Update to version heat-9.0.8.dev12: * Do not perform the tenant stack limit check for admin user - don't exclude pyc files to fix update/upgrade (SOC-9339) - Update to version keystone-12.0.4.dev4: * Remove experimental openSUSE 42.3 job * Cap bandit - Update to version keystone-12.0.4.dev4: * Remove experimental openSUSE 42.3 job * Cap bandit - Update to version keystone-12.0.4.dev4: * Remove experimental openSUSE 42.3 job * Cap bandit - Update to version keystone-12.0.4.dev4: * Remove experimental openSUSE 42.3 job * Cap bandit - Update to version Build_20190923_16.32 (bsc#1148158) * Create path.repo directory for Elasticseach - Update to version neutron-11.0.9.dev51: * Check for agent restarted after checking for DVR port - Update to version neutron-11.0.9.dev49: * Allow first address in an IPv6 subnet as valid unicast - Update to version neutron-11.0.9.dev47: * Remove experimental openSUSE 42.3 job - Update to version neutron-11.0.9.dev45: * Clear skb mark on encapsulating packets * fix update port bug - Update to version neutron-11.0.9.dev51: * Check for agent restarted after checking for DVR port - Update to version neutron-11.0.9.dev49: * Allow first address in an IPv6 subnet as valid unicast - Update to version neutron-11.0.9.dev47: * Remove experimental openSUSE 42.3 job - Update to version neutron-11.0.9.dev45: * Clear skb mark on encapsulating packets * fix update port bug - Update to version group-based-policy-7.3.1.dev56: * [AIM] Fix HAIP RPC query - Update to version group-based-policy-7.3.1.dev55: * Fix implicit ICMPv6 Security Group Rules - Update to version group-based-policy-7.3.1.dev54: * Fixed snat port status to be ACTIVE and UP - Update to version group-based-policy-7.3.1.dev53: * Verify aim\_epg exists before proceeding * Revert "Make DHCP provisioning blocks conditional" * Some refactoring regarding merge aim statuses - Update to version group-based-policy-7.3.1.dev47: * Bulk extension support for routers - Update to version group-based-policy-7.3.1.dev46: * [AIM] Eliminate redundant router extension content - add 0001-Remove-DDT-tests-from-tempest-plugin.patch - add 0001-Fix-unable-to-delete-subnet-in-API-tests.patch - Update to version nova-16.1.9.dev7: * Remove experimental job on openSUSE 42.3 - Update to version nova-16.1.9.dev6: * Fix misuse of nova.objects.base.obj\_equal\_prims - Update to version nova-16.1.9.dev5: * Replace non-nova server fault message - Allow to attach more than 26 volumes (bsc#1118900) * This is a forward port from SOC7 * Add 0001-Add-method-to-generate-device-names-universally.patch * Add 0002-Raise-403-instead-of-500-error-from-attach-volume-AP.patch * Add 0003-Add-configuration-of-maximum-disk-devices-to-attach.patch - Update to version nova-16.1.9.dev7: * Remove experimental job on openSUSE 42.3 - Update to version nova-16.1.9.dev6: * Fix misuse of nova.objects.base.obj\_equal\_prims - Update to version nova-16.1.9.dev5: * Replace non-nova server fault message - add 0002-Do_not_send_AAAA_DNS_request_when_domain_resolved_to_IPv4_address.patc h (SOC-9144) - update to 2.7.2: * includes fix for controller connection over SSL * enable build against openvswitch-devel to get C extensions enabled (bsc#1141121) - Added fix-xxe-in-xml-parsing.patch (CVE-2016-10127, bsc#1019074) - Add patch CVE-2019-13611.patch (SOC-9989, bsc#1141676) * python-python-engineio: An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server - Add missing dependency on python-six (bsc#1150895) - Update to version 8.20190911: * Fixing broken markup (noref) - Update to version 8.20190909: * Adding networking loop known issue (SOC-10150) * add Keystone default is still UUID (noref) * remove Known Issue-WebSSO not working (bsc#1132593) * Remove de-de from the URL again. * transfer C8 revision history from MF wiki (SCRD-7737) * Typo/grammar fixes + URL fix * remove Crowbar deprecation date (bsc#1125893) * remove comment that ovsvapp is not functional - Update to version 8.20190909: * Adding networking loop known issue (SOC-10150) * add Keystone default is still UUID (noref) * remove Known Issue-WebSSO not working (bsc#1132593) - Add python-defusedxml (bsc#1019074) rubygem-easy_diff, rubygem-rest-client-1_6: - CVE-2015-3448: Fixed a plain text local password disclosure. (bsc#917802) Non-security issue fixed: - rubygem-easy_diff was updated to version 1.0.0. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2867=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2867=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2867=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): crowbar-ha-5.0+git.1567673535.607aada-3.26.2 crowbar-openstack-5.0+git.1570141351.058c8bd44-4.31.2 crowbar-ui-1.2.0+git.1568396400.0344a727-3.12.3 mariadb-errormessages-10.2.25-4.14.2 novnc-1.0.0-3.6.3 openstack-cinder-11.2.3~dev16-3.21.4 openstack-cinder-api-11.2.3~dev16-3.21.4 openstack-cinder-backup-11.2.3~dev16-3.21.4 openstack-cinder-doc-11.2.3~dev16-3.21.3 openstack-cinder-scheduler-11.2.3~dev16-3.21.4 openstack-cinder-volume-11.2.3~dev16-3.21.4 openstack-glance-15.0.3~dev3-3.12.4 openstack-glance-api-15.0.3~dev3-3.12.4 openstack-glance-doc-15.0.3~dev3-3.12.3 openstack-glance-registry-15.0.3~dev3-3.12.4 openstack-heat-9.0.8~dev13-3.24.4 openstack-heat-api-9.0.8~dev13-3.24.4 openstack-heat-api-cfn-9.0.8~dev13-3.24.4 openstack-heat-api-cloudwatch-9.0.8~dev13-3.24.4 openstack-heat-doc-9.0.8~dev13-3.24.3 openstack-heat-engine-9.0.8~dev13-3.24.4 openstack-heat-plugin-heat_docker-9.0.8~dev13-3.24.4 openstack-heat-test-9.0.8~dev13-3.24.4 openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4 openstack-keystone-12.0.4~dev4-5.27.4 openstack-keystone-doc-12.0.4~dev4-5.27.3 openstack-monasca-installer-20190923_16.32-3.9.3 openstack-neutron-11.0.9~dev51-3.24.5 openstack-neutron-dhcp-agent-11.0.9~dev51-3.24.5 openstack-neutron-doc-11.0.9~dev51-3.24.4 openstack-neutron-gbp-7.3.1~dev56-3.9.4 openstack-neutron-ha-tool-11.0.9~dev51-3.24.5 openstack-neutron-l3-agent-11.0.9~dev51-3.24.5 openstack-neutron-lbaas-11.0.4~dev6-3.15.4 openstack-neutron-lbaas-agent-11.0.4~dev6-3.15.4 openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4 openstack-neutron-linuxbridge-agent-11.0.9~dev51-3.24.5 openstack-neutron-macvtap-agent-11.0.9~dev51-3.24.5 openstack-neutron-metadata-agent-11.0.9~dev51-3.24.5 openstack-neutron-metering-agent-11.0.9~dev51-3.24.5 openstack-neutron-openvswitch-agent-11.0.9~dev51-3.24.5 openstack-neutron-server-11.0.9~dev51-3.24.5 openstack-nova-16.1.9~dev7-3.29.3 openstack-nova-api-16.1.9~dev7-3.29.3 openstack-nova-cells-16.1.9~dev7-3.29.3 openstack-nova-compute-16.1.9~dev7-3.29.3 openstack-nova-conductor-16.1.9~dev7-3.29.3 openstack-nova-console-16.1.9~dev7-3.29.3 openstack-nova-consoleauth-16.1.9~dev7-3.29.3 openstack-nova-doc-16.1.9~dev7-3.29.3 openstack-nova-novncproxy-16.1.9~dev7-3.29.3 openstack-nova-placement-api-16.1.9~dev7-3.29.3 openstack-nova-scheduler-16.1.9~dev7-3.29.3 openstack-nova-serialproxy-16.1.9~dev7-3.29.3 openstack-nova-vncproxy-16.1.9~dev7-3.29.3 python-amqp-2.2.2-3.6.3 python-cinder-11.2.3~dev16-3.21.4 python-glance-15.0.3~dev3-3.12.4 python-heat-9.0.8~dev13-3.24.4 python-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4 python-keystone-12.0.4~dev4-5.27.4 python-neutron-11.0.9~dev51-3.24.5 python-neutron-gbp-7.3.1~dev56-3.9.4 python-neutron-lbaas-11.0.4~dev6-3.15.4 python-nova-16.1.9~dev7-3.29.3 python-pysaml2-4.0.2-5.3.3 python-urllib3-1.22-5.9.3 release-notes-suse-openstack-cloud-8.20190911-3.20.3 - SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1569597589.1f025c557-3.32.2 crowbar-core-branding-upstream-5.0+git.1569597589.1f025c557-3.32.2 galera-3-debuginfo-25.3.25-4.6.3 galera-3-debugsource-25.3.25-4.6.3 galera-3-wsrep-provider-25.3.25-4.6.3 galera-3-wsrep-provider-debuginfo-25.3.25-4.6.3 grafana-4.6.5-4.6.3 grafana-debuginfo-4.6.5-4.6.3 grafana-debugsource-4.6.5-4.6.3 libmariadb3-3.1.2-3.12.3 libmariadb3-debuginfo-3.1.2-3.12.3 mariadb-10.2.25-4.14.2 mariadb-client-10.2.25-4.14.2 mariadb-client-debuginfo-10.2.25-4.14.2 mariadb-connector-c-debugsource-3.1.2-3.12.3 mariadb-debuginfo-10.2.25-4.14.2 mariadb-debugsource-10.2.25-4.14.2 mariadb-galera-10.2.25-4.14.2 mariadb-tools-10.2.25-4.14.2 mariadb-tools-debuginfo-10.2.25-4.14.2 python-ovs-2.7.2-3.6.1 ruby2.1-rubygem-easy_diff-1.0.0-3.4.2 - SUSE OpenStack Cloud 8 (x86_64): galera-3-debuginfo-25.3.25-4.6.3 galera-3-debugsource-25.3.25-4.6.3 galera-3-wsrep-provider-25.3.25-4.6.3 galera-3-wsrep-provider-debuginfo-25.3.25-4.6.3 grafana-4.6.5-4.6.3 grafana-debuginfo-4.6.5-4.6.3 grafana-debugsource-4.6.5-4.6.3 libmariadb3-3.1.2-3.12.3 libmariadb3-debuginfo-3.1.2-3.12.3 mariadb-10.2.25-4.14.2 mariadb-client-10.2.25-4.14.2 mariadb-client-debuginfo-10.2.25-4.14.2 mariadb-connector-c-debugsource-3.1.2-3.12.3 mariadb-debuginfo-10.2.25-4.14.2 mariadb-debugsource-10.2.25-4.14.2 mariadb-galera-10.2.25-4.14.2 mariadb-tools-10.2.25-4.14.2 mariadb-tools-debuginfo-10.2.25-4.14.2 python-ovs-2.7.2-3.6.1 - SUSE OpenStack Cloud 8 (noarch): ardana-ansible-8.0+git.1566374355.c509923-3.67.3 ardana-glance-8.0+git.1566376789.be0fe01-3.17.3 ardana-horizon-8.0+git.1565816064.5d4f73f-3.18.3 ardana-input-model-8.0+git.1566517401.98450e6-3.33.3 ardana-manila-8.0+git.1568835837.2452e7a-1.21.3 ardana-neutron-8.0+git.1568220097.74ee4b4-3.33.3 ardana-nova-8.0+git.1566902754.c58ff69-3.35.3 ardana-octavia-8.0+git.1568373448.bcaee7e-3.20.3 ardana-tempest-8.0+git.1566471887.fd2fec7-3.27.3 mariadb-errormessages-10.2.25-4.14.2 novnc-1.0.0-3.6.3 openstack-cinder-11.2.3~dev16-3.21.4 openstack-cinder-api-11.2.3~dev16-3.21.4 openstack-cinder-backup-11.2.3~dev16-3.21.4 openstack-cinder-doc-11.2.3~dev16-3.21.3 openstack-cinder-scheduler-11.2.3~dev16-3.21.4 openstack-cinder-volume-11.2.3~dev16-3.21.4 openstack-glance-15.0.3~dev3-3.12.4 openstack-glance-api-15.0.3~dev3-3.12.4 openstack-glance-doc-15.0.3~dev3-3.12.3 openstack-glance-registry-15.0.3~dev3-3.12.4 openstack-heat-9.0.8~dev13-3.24.4 openstack-heat-api-9.0.8~dev13-3.24.4 openstack-heat-api-cfn-9.0.8~dev13-3.24.4 openstack-heat-api-cloudwatch-9.0.8~dev13-3.24.4 openstack-heat-doc-9.0.8~dev13-3.24.3 openstack-heat-engine-9.0.8~dev13-3.24.4 openstack-heat-plugin-heat_docker-9.0.8~dev13-3.24.4 openstack-heat-test-9.0.8~dev13-3.24.4 openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4 openstack-keystone-12.0.4~dev4-5.27.4 openstack-keystone-doc-12.0.4~dev4-5.27.3 openstack-monasca-installer-20190923_16.32-3.9.3 openstack-neutron-11.0.9~dev51-3.24.5 openstack-neutron-dhcp-agent-11.0.9~dev51-3.24.5 openstack-neutron-doc-11.0.9~dev51-3.24.4 openstack-neutron-gbp-7.3.1~dev56-3.9.4 openstack-neutron-ha-tool-11.0.9~dev51-3.24.5 openstack-neutron-l3-agent-11.0.9~dev51-3.24.5 openstack-neutron-lbaas-11.0.4~dev6-3.15.4 openstack-neutron-lbaas-agent-11.0.4~dev6-3.15.4 openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4 openstack-neutron-linuxbridge-agent-11.0.9~dev51-3.24.5 openstack-neutron-macvtap-agent-11.0.9~dev51-3.24.5 openstack-neutron-metadata-agent-11.0.9~dev51-3.24.5 openstack-neutron-metering-agent-11.0.9~dev51-3.24.5 openstack-neutron-openvswitch-agent-11.0.9~dev51-3.24.5 openstack-neutron-server-11.0.9~dev51-3.24.5 openstack-nova-16.1.9~dev7-3.29.3 openstack-nova-api-16.1.9~dev7-3.29.3 openstack-nova-cells-16.1.9~dev7-3.29.3 openstack-nova-compute-16.1.9~dev7-3.29.3 openstack-nova-conductor-16.1.9~dev7-3.29.3 openstack-nova-console-16.1.9~dev7-3.29.3 openstack-nova-consoleauth-16.1.9~dev7-3.29.3 openstack-nova-doc-16.1.9~dev7-3.29.3 openstack-nova-novncproxy-16.1.9~dev7-3.29.3 openstack-nova-placement-api-16.1.9~dev7-3.29.3 openstack-nova-scheduler-16.1.9~dev7-3.29.3 openstack-nova-serialproxy-16.1.9~dev7-3.29.3 openstack-nova-vncproxy-16.1.9~dev7-3.29.3 python-amqp-2.2.2-3.6.3 python-cinder-11.2.3~dev16-3.21.4 python-glance-15.0.3~dev3-3.12.4 python-heat-9.0.8~dev13-3.24.4 python-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4 python-keystone-12.0.4~dev4-5.27.4 python-neutron-11.0.9~dev51-3.24.5 python-neutron-gbp-7.3.1~dev56-3.9.4 python-neutron-lbaas-11.0.4~dev6-3.15.4 python-nova-16.1.9~dev7-3.29.3 python-pysaml2-4.0.2-5.3.3 python-python-engineio-2.0.2-3.3.3 python-urllib3-1.22-5.9.3 release-notes-suse-openstack-cloud-8.20190911-3.20.3 venv-openstack-aodh-x86_64-5.1.1~dev7-12.20.2 venv-openstack-barbican-x86_64-5.0.2~dev3-12.21.2 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.18.2 venv-openstack-cinder-x86_64-11.2.3~dev16-14.21.2 venv-openstack-designate-x86_64-5.0.3~dev7-12.19.2 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.16.2 venv-openstack-glance-x86_64-15.0.3~dev3-12.19.2 venv-openstack-heat-x86_64-9.0.8~dev13-12.21.2 venv-openstack-horizon-x86_64-12.0.4~dev6-14.26.2 venv-openstack-ironic-x86_64-9.1.8~dev7-12.21.2 venv-openstack-keystone-x86_64-12.0.4~dev4-11.22.3 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.20.2 venv-openstack-manila-x86_64-5.1.1~dev2-12.23.2 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.16.2 venv-openstack-monasca-x86_64-2.2.2~dev1-11.18.2 venv-openstack-murano-x86_64-4.0.2~dev2-12.16.2 venv-openstack-neutron-x86_64-11.0.9~dev51-13.24.3 venv-openstack-nova-x86_64-16.1.9~dev7-11.22.3 venv-openstack-octavia-x86_64-1.0.6~dev2-12.21.2 venv-openstack-sahara-x86_64-7.0.4~dev1-11.20.2 venv-openstack-swift-x86_64-2.15.2-11.13.3 venv-openstack-trove-x86_64-8.0.1~dev13-11.20.2 - HPE Helion Openstack 8 (x86_64): galera-3-debuginfo-25.3.25-4.6.3 galera-3-debugsource-25.3.25-4.6.3 galera-3-wsrep-provider-25.3.25-4.6.3 galera-3-wsrep-provider-debuginfo-25.3.25-4.6.3 grafana-4.6.5-4.6.3 grafana-debuginfo-4.6.5-4.6.3 grafana-debugsource-4.6.5-4.6.3 libmariadb3-3.1.2-3.12.3 libmariadb3-debuginfo-3.1.2-3.12.3 mariadb-10.2.25-4.14.2 mariadb-client-10.2.25-4.14.2 mariadb-client-debuginfo-10.2.25-4.14.2 mariadb-connector-c-debugsource-3.1.2-3.12.3 mariadb-debuginfo-10.2.25-4.14.2 mariadb-debugsource-10.2.25-4.14.2 mariadb-galera-10.2.25-4.14.2 mariadb-tools-10.2.25-4.14.2 mariadb-tools-debuginfo-10.2.25-4.14.2 - HPE Helion Openstack 8 (noarch): ardana-ansible-8.0+git.1566374355.c509923-3.67.3 ardana-glance-8.0+git.1566376789.be0fe01-3.17.3 ardana-horizon-8.0+git.1565816064.5d4f73f-3.18.3 ardana-input-model-8.0+git.1566517401.98450e6-3.33.3 ardana-manila-8.0+git.1568835837.2452e7a-1.21.3 ardana-neutron-8.0+git.1568220097.74ee4b4-3.33.3 ardana-nova-8.0+git.1566902754.c58ff69-3.35.3 ardana-octavia-8.0+git.1568373448.bcaee7e-3.20.3 ardana-tempest-8.0+git.1566471887.fd2fec7-3.27.3 mariadb-errormessages-10.2.25-4.14.2 novnc-1.0.0-3.6.3 openstack-cinder-11.2.3~dev16-3.21.4 openstack-cinder-api-11.2.3~dev16-3.21.4 openstack-cinder-backup-11.2.3~dev16-3.21.4 openstack-cinder-doc-11.2.3~dev16-3.21.3 openstack-cinder-scheduler-11.2.3~dev16-3.21.4 openstack-cinder-volume-11.2.3~dev16-3.21.4 openstack-glance-15.0.3~dev3-3.12.4 openstack-glance-api-15.0.3~dev3-3.12.4 openstack-glance-doc-15.0.3~dev3-3.12.3 openstack-glance-registry-15.0.3~dev3-3.12.4 openstack-heat-9.0.8~dev13-3.24.4 openstack-heat-api-9.0.8~dev13-3.24.4 openstack-heat-api-cfn-9.0.8~dev13-3.24.4 openstack-heat-api-cloudwatch-9.0.8~dev13-3.24.4 openstack-heat-doc-9.0.8~dev13-3.24.3 openstack-heat-engine-9.0.8~dev13-3.24.4 openstack-heat-plugin-heat_docker-9.0.8~dev13-3.24.4 openstack-heat-test-9.0.8~dev13-3.24.4 openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4 openstack-keystone-12.0.4~dev4-5.27.4 openstack-keystone-doc-12.0.4~dev4-5.27.3 openstack-monasca-installer-20190923_16.32-3.9.3 openstack-neutron-11.0.9~dev51-3.24.5 openstack-neutron-dhcp-agent-11.0.9~dev51-3.24.5 openstack-neutron-doc-11.0.9~dev51-3.24.4 openstack-neutron-gbp-7.3.1~dev56-3.9.4 openstack-neutron-ha-tool-11.0.9~dev51-3.24.5 openstack-neutron-l3-agent-11.0.9~dev51-3.24.5 openstack-neutron-lbaas-11.0.4~dev6-3.15.4 openstack-neutron-lbaas-agent-11.0.4~dev6-3.15.4 openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4 openstack-neutron-linuxbridge-agent-11.0.9~dev51-3.24.5 openstack-neutron-macvtap-agent-11.0.9~dev51-3.24.5 openstack-neutron-metadata-agent-11.0.9~dev51-3.24.5 openstack-neutron-metering-agent-11.0.9~dev51-3.24.5 openstack-neutron-openvswitch-agent-11.0.9~dev51-3.24.5 openstack-neutron-server-11.0.9~dev51-3.24.5 openstack-nova-16.1.9~dev7-3.29.3 openstack-nova-api-16.1.9~dev7-3.29.3 openstack-nova-cells-16.1.9~dev7-3.29.3 openstack-nova-compute-16.1.9~dev7-3.29.3 openstack-nova-conductor-16.1.9~dev7-3.29.3 openstack-nova-console-16.1.9~dev7-3.29.3 openstack-nova-consoleauth-16.1.9~dev7-3.29.3 openstack-nova-doc-16.1.9~dev7-3.29.3 openstack-nova-novncproxy-16.1.9~dev7-3.29.3 openstack-nova-placement-api-16.1.9~dev7-3.29.3 openstack-nova-scheduler-16.1.9~dev7-3.29.3 openstack-nova-serialproxy-16.1.9~dev7-3.29.3 openstack-nova-vncproxy-16.1.9~dev7-3.29.3 python-amqp-2.2.2-3.6.3 python-cinder-11.2.3~dev16-3.21.4 python-glance-15.0.3~dev3-3.12.4 python-heat-9.0.8~dev13-3.24.4 python-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4 python-keystone-12.0.4~dev4-5.27.4 python-neutron-11.0.9~dev51-3.24.5 python-neutron-gbp-7.3.1~dev56-3.9.4 python-neutron-lbaas-11.0.4~dev6-3.15.4 python-nova-16.1.9~dev7-3.29.3 python-pysaml2-4.0.2-5.3.3 python-python-engineio-2.0.2-3.3.3 python-urllib3-1.22-5.9.3 release-notes-hpe-helion-openstack-8.20190911-3.20.3 venv-openstack-aodh-x86_64-5.1.1~dev7-12.20.2 venv-openstack-barbican-x86_64-5.0.2~dev3-12.21.2 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.18.2 venv-openstack-cinder-x86_64-11.2.3~dev16-14.21.2 venv-openstack-designate-x86_64-5.0.3~dev7-12.19.2 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.16.2 venv-openstack-glance-x86_64-15.0.3~dev3-12.19.2 venv-openstack-heat-x86_64-9.0.8~dev13-12.21.2 venv-openstack-horizon-hpe-x86_64-12.0.4~dev6-14.26.2 venv-openstack-ironic-x86_64-9.1.8~dev7-12.21.2 venv-openstack-keystone-x86_64-12.0.4~dev4-11.22.3 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.20.2 venv-openstack-manila-x86_64-5.1.1~dev2-12.23.2 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.16.2 venv-openstack-monasca-x86_64-2.2.2~dev1-11.18.2 venv-openstack-murano-x86_64-4.0.2~dev2-12.16.2 venv-openstack-neutron-x86_64-11.0.9~dev51-13.24.3 venv-openstack-nova-x86_64-16.1.9~dev7-11.22.3 venv-openstack-octavia-x86_64-1.0.6~dev2-12.21.2 venv-openstack-sahara-x86_64-7.0.4~dev1-11.20.2 venv-openstack-swift-x86_64-2.15.2-11.13.3 venv-openstack-trove-x86_64-8.0.1~dev13-11.20.2 References: https://www.suse.com/security/cve/CVE-2015-3448.html https://www.suse.com/security/cve/CVE-2016-10127.html https://www.suse.com/security/cve/CVE-2018-15727.html https://www.suse.com/security/cve/CVE-2018-19039.html https://www.suse.com/security/cve/CVE-2018-558213.html https://www.suse.com/security/cve/CVE-2019-13611.html https://www.suse.com/security/cve/CVE-2019-15043.html https://www.suse.com/security/cve/CVE-2019-2614.html https://www.suse.com/security/cve/CVE-2019-2627.html https://www.suse.com/security/cve/CVE-2019-2628.html https://www.suse.com/security/cve/CVE-2019-5477.html https://bugzilla.suse.com/1019074 https://bugzilla.suse.com/1096985 https://bugzilla.suse.com/1106515 https://bugzilla.suse.com/1115960 https://bugzilla.suse.com/1116846 https://bugzilla.suse.com/1118900 https://bugzilla.suse.com/1120657 https://bugzilla.suse.com/1125893 https://bugzilla.suse.com/1126088 https://bugzilla.suse.com/1132593 https://bugzilla.suse.com/1132666 https://bugzilla.suse.com/1136035 https://bugzilla.suse.com/1141121 https://bugzilla.suse.com/1141676 https://bugzilla.suse.com/1143215 https://bugzilla.suse.com/1145796 https://bugzilla.suse.com/1146578 https://bugzilla.suse.com/1148158 https://bugzilla.suse.com/1148383 https://bugzilla.suse.com/1150895 https://bugzilla.suse.com/917802 From sle-security-updates at lists.suse.com Wed Oct 30 11:16:03 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 Oct 2019 18:16:03 +0100 (CET) Subject: SUSE-SU-2019:2859-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15) Message-ID: <20191030171603.DB19FF798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2859-1 Rating: important References: #1144903 #1149841 #1153108 #1153158 #1153161 Cross-References: CVE-2019-10220 CVE-2019-17133 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for the Linux Kernel 4.12.14-150_35 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-2865=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-2859=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-2849=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_18-default-2-2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_35-default-2-2.1 kernel-livepatch-4_12_14-150_35-default-debuginfo-2-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_32-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-10220.html https://www.suse.com/security/cve/CVE-2019-17133.html https://bugzilla.suse.com/1144903 https://bugzilla.suse.com/1149841 https://bugzilla.suse.com/1153108 https://bugzilla.suse.com/1153158 https://bugzilla.suse.com/1153161 From sle-security-updates at lists.suse.com Thu Oct 31 05:17:18 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 31 Oct 2019 12:17:18 +0100 (CET) Subject: SUSE-SU-2019:2872-1: important: Security update for MozillaFirefox Message-ID: <20191031111718.09982F798@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2872-1 Rating: important References: #1010399 #1010405 #1010406 #1010408 #1010409 #1010421 #1010423 #1010424 #1010425 #1010426 #1025108 #1043008 #1047281 #1074235 #1092611 #1120374 #1137990 #1149429 #1154738 #959933 #983922 Cross-References: CVE-2016-2830 CVE-2016-5289 CVE-2016-5292 CVE-2016-9063 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2017-7789 CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5165 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5174 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5178 CVE-2018-5179 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 CVE-2018-5183 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 51 vulnerabilities is now available. Description: This update for MozillaFirefox to 68.2.0 ESR fixes the following issues: Mozilla Firefox was updated to version 68.2.0 ESR (bsc#1154738). Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: - Firefox 60.7 ESR changed the user interface language (bsc#1137990). - Wrong Firefox GUI Language (bsc#1120374). - Fixed an inadvertent crash report transmission without user opt-in (bsc#1074235). - Firefox hangs randomly when browsing and scrolling (bsc#1043008). - Firefox stops loading page until mouse is moved (bsc#1025108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2872=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2872=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2872=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2872=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2872=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2872=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2872=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2872=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2872=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2872=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2872=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2872=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2872=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2872=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2872=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2872=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2872=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2872=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-devel-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-devel-68.2.0-109.95.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-devel-68.2.0-109.95.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-devel-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-devel-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-devel-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-devel-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-devel-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-68.2.0-109.95.2 MozillaFirefox-debuginfo-68.2.0-109.95.2 MozillaFirefox-debugsource-68.2.0-109.95.2 MozillaFirefox-translations-common-68.2.0-109.95.2 References: https://www.suse.com/security/cve/CVE-2016-2830.html https://www.suse.com/security/cve/CVE-2016-5289.html https://www.suse.com/security/cve/CVE-2016-5292.html https://www.suse.com/security/cve/CVE-2016-9063.html https://www.suse.com/security/cve/CVE-2016-9067.html https://www.suse.com/security/cve/CVE-2016-9068.html https://www.suse.com/security/cve/CVE-2016-9069.html https://www.suse.com/security/cve/CVE-2016-9071.html https://www.suse.com/security/cve/CVE-2016-9073.html https://www.suse.com/security/cve/CVE-2016-9075.html https://www.suse.com/security/cve/CVE-2016-9076.html https://www.suse.com/security/cve/CVE-2016-9077.html https://www.suse.com/security/cve/CVE-2017-7789.html https://www.suse.com/security/cve/CVE-2018-5150.html https://www.suse.com/security/cve/CVE-2018-5151.html https://www.suse.com/security/cve/CVE-2018-5152.html https://www.suse.com/security/cve/CVE-2018-5153.html https://www.suse.com/security/cve/CVE-2018-5154.html https://www.suse.com/security/cve/CVE-2018-5155.html https://www.suse.com/security/cve/CVE-2018-5157.html https://www.suse.com/security/cve/CVE-2018-5158.html https://www.suse.com/security/cve/CVE-2018-5159.html https://www.suse.com/security/cve/CVE-2018-5160.html https://www.suse.com/security/cve/CVE-2018-5163.html https://www.suse.com/security/cve/CVE-2018-5164.html https://www.suse.com/security/cve/CVE-2018-5165.html https://www.suse.com/security/cve/CVE-2018-5166.html https://www.suse.com/security/cve/CVE-2018-5167.html https://www.suse.com/security/cve/CVE-2018-5168.html https://www.suse.com/security/cve/CVE-2018-5169.html https://www.suse.com/security/cve/CVE-2018-5172.html https://www.suse.com/security/cve/CVE-2018-5173.html https://www.suse.com/security/cve/CVE-2018-5174.html https://www.suse.com/security/cve/CVE-2018-5175.html https://www.suse.com/security/cve/CVE-2018-5176.html https://www.suse.com/security/cve/CVE-2018-5177.html https://www.suse.com/security/cve/CVE-2018-5178.html https://www.suse.com/security/cve/CVE-2018-5179.html https://www.suse.com/security/cve/CVE-2018-5180.html https://www.suse.com/security/cve/CVE-2018-5181.html https://www.suse.com/security/cve/CVE-2018-5182.html https://www.suse.com/security/cve/CVE-2018-5183.html https://www.suse.com/security/cve/CVE-2019-11757.html https://www.suse.com/security/cve/CVE-2019-11758.html https://www.suse.com/security/cve/CVE-2019-11759.html https://www.suse.com/security/cve/CVE-2019-11760.html https://www.suse.com/security/cve/CVE-2019-11761.html https://www.suse.com/security/cve/CVE-2019-11762.html https://www.suse.com/security/cve/CVE-2019-11763.html https://www.suse.com/security/cve/CVE-2019-11764.html https://www.suse.com/security/cve/CVE-2019-15903.html https://bugzilla.suse.com/1010399 https://bugzilla.suse.com/1010405 https://bugzilla.suse.com/1010406 https://bugzilla.suse.com/1010408 https://bugzilla.suse.com/1010409 https://bugzilla.suse.com/1010421 https://bugzilla.suse.com/1010423 https://bugzilla.suse.com/1010424 https://bugzilla.suse.com/1010425 https://bugzilla.suse.com/1010426 https://bugzilla.suse.com/1025108 https://bugzilla.suse.com/1043008 https://bugzilla.suse.com/1047281 https://bugzilla.suse.com/1074235 https://bugzilla.suse.com/1092611 https://bugzilla.suse.com/1120374 https://bugzilla.suse.com/1137990 https://bugzilla.suse.com/1149429 https://bugzilla.suse.com/1154738 https://bugzilla.suse.com/959933 https://bugzilla.suse.com/983922 From sle-security-updates at lists.suse.com Thu Oct 31 05:22:47 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 31 Oct 2019 12:22:47 +0100 (CET) Subject: SUSE-SU-2019:2871-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE Message-ID: <20191031112247.662BFF798@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2871-1 Rating: important References: #1104841 #1129528 #1137990 #1149429 #1151186 #1153423 #1153869 #1154738 Cross-References: CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox: Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: - Added Provides-line for translations-common (bsc#1153423) . - Moved some settings from branding-package here (bsc#1153869). - Disabled DoH by default. Changes in MozillaFirefox-branding-SLE: - Moved extensions preferences to core package (bsc#1153869). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2871=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2871=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2871=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2871=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-68.2.0-3.59.1 MozillaFirefox-debuginfo-68.2.0-3.59.1 MozillaFirefox-debugsource-68.2.0-3.59.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): MozillaFirefox-buildsymbols-68.2.0-3.59.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): MozillaFirefox-devel-68.2.0-3.59.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-68.2.0-3.59.1 MozillaFirefox-debuginfo-68.2.0-3.59.1 MozillaFirefox-debugsource-68.2.0-3.59.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.2.0-3.59.1 MozillaFirefox-branding-SLE-68-4.11.2 MozillaFirefox-debuginfo-68.2.0-3.59.1 MozillaFirefox-debugsource-68.2.0-3.59.1 MozillaFirefox-translations-common-68.2.0-3.59.1 MozillaFirefox-translations-other-68.2.0-3.59.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-68.2.0-3.59.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-68.2.0-3.59.1 MozillaFirefox-branding-SLE-68-4.11.2 MozillaFirefox-debuginfo-68.2.0-3.59.1 MozillaFirefox-debugsource-68.2.0-3.59.1 MozillaFirefox-devel-68.2.0-3.59.1 MozillaFirefox-translations-common-68.2.0-3.59.1 MozillaFirefox-translations-other-68.2.0-3.59.1 References: https://www.suse.com/security/cve/CVE-2019-11757.html https://www.suse.com/security/cve/CVE-2019-11758.html https://www.suse.com/security/cve/CVE-2019-11759.html https://www.suse.com/security/cve/CVE-2019-11760.html https://www.suse.com/security/cve/CVE-2019-11761.html https://www.suse.com/security/cve/CVE-2019-11762.html https://www.suse.com/security/cve/CVE-2019-11763.html https://www.suse.com/security/cve/CVE-2019-11764.html https://www.suse.com/security/cve/CVE-2019-15903.html https://bugzilla.suse.com/1104841 https://bugzilla.suse.com/1129528 https://bugzilla.suse.com/1137990 https://bugzilla.suse.com/1149429 https://bugzilla.suse.com/1151186 https://bugzilla.suse.com/1153423 https://bugzilla.suse.com/1153869 https://bugzilla.suse.com/1154738 From sle-security-updates at lists.suse.com Thu Oct 31 14:13:12 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 31 Oct 2019 21:13:12 +0100 (CET) Subject: SUSE-SU-2019:2879-1: important: Security update for the Linux Kernel Message-ID: <20191031201312.178D9F798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2879-1 Rating: important References: #1046299 #1046303 #1046305 #1050244 #1050536 #1050545 #1051510 #1054914 #1055117 #1055186 #1061840 #1064802 #1065600 #1065729 #1066129 #1071995 #1073513 #1082555 #1086323 #1087092 #1089644 #1093205 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1098291 #1101674 #1104967 #1109158 #1113722 #1114279 #1117665 #1119086 #1122363 #1123034 #1123080 #1127155 #1127988 #1131304 #1133140 #1134303 #1135642 #1135854 #1135873 #1137799 #1137861 #1137865 #1137959 #1140155 #1140729 #1140845 #1140883 #1141600 #1142076 #1142635 #1142667 #1144375 #1144449 #1145099 #1146042 #1146519 #1146540 #1146664 #1148133 #1148410 #1148712 #1148868 #1149313 #1149446 #1149555 #1149651 #1150381 #1150423 #1150452 #1150465 #1150875 #1151350 #1151508 #1151610 #1151667 #1151671 #1151680 #1151891 #1151955 #1152024 #1152025 #1152026 #1152161 #1152325 #1152457 #1152460 #1152466 #1152788 #1152791 #1152972 #1152974 #1152975 #1153112 #1153158 #1153236 #1153263 #1153646 #1153713 #1153717 #1153718 #1153719 #1153811 #1154108 #1154189 #1154354 #1154372 #1154578 #1154607 #1154608 #1154610 #1154611 #1154651 #1154747 Cross-References: CVE-2017-18595 CVE-2019-14821 CVE-2019-15291 CVE-2019-16232 CVE-2019-16234 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-9506 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 112 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka "KNOB") that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-16232: Fixed a NULL pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.c, which did not check the alloc_workqueue return value (bnc#1150465). - CVE-2019-16234: Fixed a NULL pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c, which did not check the alloc_workqueue return value (bnc#1150452). - CVE-2019-17056: Added enforcement of CAP_NET_RAW in llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module, the lack of which allowed unprivileged users to create a raw socket, aka CID-3a359798b176 (bnc#1152788). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). - CVE-2019-17666: Added an upper-bound check in rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c, the lack of which could have led to a buffer overflow (bnc#1154372). The following non-security bugs were fixed: - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - ACPI / CPPC: do not require the _PSD method (bsc#1051510). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES="xz" in config.sh, then mkspec will pass it to the spec file. - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510). - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - ALSA: hda: Flush interrupts on disabling (bsc#1051510). - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - ALSA: hda - Inform too slow responses (bsc#1051510). - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510). - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510). - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510). - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - /dev/mem: Bail out upon SIGKILL (git-fixes). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - Drop multiversion(kernel) from the KMP template (bsc#1127155). - e1000e: add workaround for possible stalled packet (bsc#1051510). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - Fix AMD IOMMU kABI (bsc#1154610). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix KVM kABI after x86 mmu backports (bsc#1117665). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - HID: apple: Fix stuck function keys when using FN (bsc#1051510). - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - HID: prodikeys: Fix general protection fault during probe (bsc#1051510). - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - isdn/capi: check message length in capi_write() (bsc#1051510). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kABI: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kABI/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code. - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case. - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - KVM: Convert kvm_lock to a mutex (bsc#1117665). - KVM: MMU: drop vcpu param in gpte_access (bsc#1117665). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - KVM: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - KVM: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - KVM: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - KVM: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - KVM: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: accept deauth frames in IBSS mode (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert "[media] marvell-ccic: reset ccic phy when stop streaming for stability" (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - nfc: fix attrs checks in netlink interface (bsc#1051510). - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510). - nfc: pn533: fix use-after-free and memleaks (bsc#1051510). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - objtool: Clobber user CFLAGS variable (bsc#1153236). - PCI: Correct pci=resource_alignment parameter example (bsc#1051510). - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263). - PCI: PM: Fix pci_power_up() (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - PNFS fallback to MDS if no deviceid found (git-fixes). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Export maximum memory value (bsc#1122363). - powerpc/pseries: Export raw per-CPU VPA data via debugfs (). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - RDMA/bnxt_re: Fix spelling mistake "missin_resp" -> "missing_resp" (bsc#1050244). - RDMA: Fix goto target to release the allocated memory (bsc#1050244). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Revert "mwifiex: fix system hang problem after resume" (bsc#1051510). - Revert "Revert "rpm/kernel-binary.spec.in: rename kGraft to KLP ()"" This reverts commit 468af43c8fd8509820798b6d8ed363fc417ca939 Should get this rename again with next SLE15 merge. - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "alredy" -> "already" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "initializatin" -> "initialization" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: fix the transport error_count check (networking-stable-19_08_21). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - Sign non-x86 kernels when possible (boo#1134303) - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter "dev_t line" (bsc#1051510). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on release (bsc#1051510). - usb: chaoskey: fix use-after-free on release (bsc#1051510). - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510). - usb: iowarrior: fix use-after-free on release (bsc#1051510). - usb: legousbtower: fix deadlock on disconnect (bsc#1142635). - usb: legousbtower: fix open after failed reset request (bsc#1142635). - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - usb: legousbtower: fix slab info leak at probe (bsc#1142635). - usb: legousbtower: fix use-after-free on release (bsc#1051510). - usb: microtek: fix info-leak at probe (bsc#1142635). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - usb: serial: fix runtime PM after driver unbind (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - usb: serial: option: add Telit FN980 compositions (bsc#1051510). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usblcd: fix I/O after disconnect (bsc#1142635). - usb: usblp: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - usb: yurex: Do not retry on unexpected errors (bsc#1051510). - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vhost_net: conditionally enable tx polling (bsc#1145099). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2879=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2879=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2879=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-2879=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2879=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.37.1 kernel-default-debugsource-4.12.14-95.37.1 kernel-default-extra-4.12.14-95.37.1 kernel-default-extra-debuginfo-4.12.14-95.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.37.1 kernel-obs-build-debugsource-4.12.14-95.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.37.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.37.1 kernel-default-base-4.12.14-95.37.1 kernel-default-base-debuginfo-4.12.14-95.37.1 kernel-default-debuginfo-4.12.14-95.37.1 kernel-default-debugsource-4.12.14-95.37.1 kernel-default-devel-4.12.14-95.37.1 kernel-syms-4.12.14-95.37.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.37.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.37.1 kernel-macros-4.12.14-95.37.1 kernel-source-4.12.14-95.37.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.37.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.37.1 cluster-md-kmp-default-debuginfo-4.12.14-95.37.1 dlm-kmp-default-4.12.14-95.37.1 dlm-kmp-default-debuginfo-4.12.14-95.37.1 gfs2-kmp-default-4.12.14-95.37.1 gfs2-kmp-default-debuginfo-4.12.14-95.37.1 kernel-default-debuginfo-4.12.14-95.37.1 kernel-default-debugsource-4.12.14-95.37.1 ocfs2-kmp-default-4.12.14-95.37.1 ocfs2-kmp-default-debuginfo-4.12.14-95.37.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.37.1 kernel-default-debuginfo-4.12.14-95.37.1 kernel-default-debugsource-4.12.14-95.37.1 kernel-default-devel-4.12.14-95.37.1 kernel-default-devel-debuginfo-4.12.14-95.37.1 kernel-default-extra-4.12.14-95.37.1 kernel-default-extra-debuginfo-4.12.14-95.37.1 kernel-syms-4.12.14-95.37.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.37.1 kernel-macros-4.12.14-95.37.1 kernel-source-4.12.14-95.37.1 References: https://www.suse.com/security/cve/CVE-2017-18595.html https://www.suse.com/security/cve/CVE-2019-14821.html https://www.suse.com/security/cve/CVE-2019-15291.html https://www.suse.com/security/cve/CVE-2019-16232.html https://www.suse.com/security/cve/CVE-2019-16234.html https://www.suse.com/security/cve/CVE-2019-17056.html https://www.suse.com/security/cve/CVE-2019-17133.html https://www.suse.com/security/cve/CVE-2019-17666.html https://www.suse.com/security/cve/CVE-2019-9506.html https://bugzilla.suse.com/1046299 https://bugzilla.suse.com/1046303 https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050545 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1073513 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1086323 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1098291 https://bugzilla.suse.com/1101674 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1117665 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1122363 https://bugzilla.suse.com/1123034 https://bugzilla.suse.com/1123080 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127988 https://bugzilla.suse.com/1131304 https://bugzilla.suse.com/1133140 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135854 https://bugzilla.suse.com/1135873 https://bugzilla.suse.com/1137799 https://bugzilla.suse.com/1137861 https://bugzilla.suse.com/1137865 https://bugzilla.suse.com/1137959 https://bugzilla.suse.com/1140155 https://bugzilla.suse.com/1140729 https://bugzilla.suse.com/1140845 https://bugzilla.suse.com/1140883 https://bugzilla.suse.com/1141600 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1142667 https://bugzilla.suse.com/1144375 https://bugzilla.suse.com/1144449 https://bugzilla.suse.com/1145099 https://bugzilla.suse.com/1146042 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146540 https://bugzilla.suse.com/1146664 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148410 https://bugzilla.suse.com/1148712 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149313 https://bugzilla.suse.com/1149446 https://bugzilla.suse.com/1149555 https://bugzilla.suse.com/1149651 https://bugzilla.suse.com/1150381 https://bugzilla.suse.com/1150423 https://bugzilla.suse.com/1150452 https://bugzilla.suse.com/1150465 https://bugzilla.suse.com/1150875 https://bugzilla.suse.com/1151350 https://bugzilla.suse.com/1151508 https://bugzilla.suse.com/1151610 https://bugzilla.suse.com/1151667 https://bugzilla.suse.com/1151671 https://bugzilla.suse.com/1151680 https://bugzilla.suse.com/1151891 https://bugzilla.suse.com/1151955 https://bugzilla.suse.com/1152024 https://bugzilla.suse.com/1152025 https://bugzilla.suse.com/1152026 https://bugzilla.suse.com/1152161 https://bugzilla.suse.com/1152325 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152460 https://bugzilla.suse.com/1152466 https://bugzilla.suse.com/1152788 https://bugzilla.suse.com/1152791 https://bugzilla.suse.com/1152972 https://bugzilla.suse.com/1152974 https://bugzilla.suse.com/1152975 https://bugzilla.suse.com/1153112 https://bugzilla.suse.com/1153158 https://bugzilla.suse.com/1153236 https://bugzilla.suse.com/1153263 https://bugzilla.suse.com/1153646 https://bugzilla.suse.com/1153713 https://bugzilla.suse.com/1153717 https://bugzilla.suse.com/1153718 https://bugzilla.suse.com/1153719 https://bugzilla.suse.com/1153811 https://bugzilla.suse.com/1154108 https://bugzilla.suse.com/1154189 https://bugzilla.suse.com/1154354 https://bugzilla.suse.com/1154372 https://bugzilla.suse.com/1154578 https://bugzilla.suse.com/1154607 https://bugzilla.suse.com/1154608 https://bugzilla.suse.com/1154610 https://bugzilla.suse.com/1154611 https://bugzilla.suse.com/1154651 https://bugzilla.suse.com/1154747 From sle-security-updates at lists.suse.com Thu Oct 31 14:29:32 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 31 Oct 2019 21:29:32 +0100 (CET) Subject: SUSE-SU-2019:2879-1: important: Security update for the Linux Kernel Message-ID: <20191031202932.DF1FEF798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2879-1 Rating: important References: #1046299 #1046303 #1046305 #1050244 #1050536 #1050545 #1051510 #1054914 #1055117 #1055186 #1061840 #1064802 #1065600 #1065729 #1066129 #1071995 #1073513 #1082555 #1086323 #1087092 #1089644 #1093205 #1097583 #1097584 #1097585 #1097586 #1097587 #1097588 #1098291 #1101674 #1104967 #1109158 #1113722 #1114279 #1117665 #1119086 #1122363 #1123034 #1123080 #1127155 #1127988 #1131304 #1133140 #1134303 #1135642 #1135854 #1135873 #1137799 #1137861 #1137865 #1137959 #1140155 #1140729 #1140845 #1140883 #1141600 #1142076 #1142635 #1142667 #1144375 #1144449 #1145099 #1146042 #1146519 #1146540 #1146664 #1148133 #1148410 #1148712 #1148868 #1149313 #1149446 #1149555 #1149651 #1150381 #1150423 #1150452 #1150465 #1150875 #1151350 #1151508 #1151610 #1151667 #1151671 #1151680 #1151891 #1151955 #1152024 #1152025 #1152026 #1152161 #1152325 #1152457 #1152460 #1152466 #1152788 #1152791 #1152972 #1152974 #1152975 #1153112 #1153158 #1153236 #1153263 #1153646 #1153713 #1153717 #1153718 #1153719 #1153811 #1154108 #1154189 #1154354 #1154372 #1154578 #1154607 #1154608 #1154610 #1154611 #1154651 #1154747 Cross-References: CVE-2017-18595 CVE-2019-14821 CVE-2019-15291 CVE-2019-16232 CVE-2019-16234 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-9506 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 112 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka "KNOB") that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-16232: Fixed a NULL pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.c, which did not check the alloc_workqueue return value (bnc#1150465). - CVE-2019-16234: Fixed a NULL pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c, which did not check the alloc_workqueue return value (bnc#1150452). - CVE-2019-17056: Added enforcement of CAP_NET_RAW in llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module, the lack of which allowed unprivileged users to create a raw socket, aka CID-3a359798b176 (bnc#1152788). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). - CVE-2019-17666: Added an upper-bound check in rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c, the lack of which could have led to a buffer overflow (bnc#1154372). The following non-security bugs were fixed: - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - ACPI / CPPC: do not require the _PSD method (bsc#1051510). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES="xz" in config.sh, then mkspec will pass it to the spec file. - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510). - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - ALSA: hda: Flush interrupts on disabling (bsc#1051510). - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - ALSA: hda - Inform too slow responses (bsc#1051510). - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510). - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510). - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510). - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - /dev/mem: Bail out upon SIGKILL (git-fixes). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - Drop multiversion(kernel) from the KMP template (bsc#1127155). - e1000e: add workaround for possible stalled packet (bsc#1051510). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - Fix AMD IOMMU kABI (bsc#1154610). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix KVM kABI after x86 mmu backports (bsc#1117665). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - HID: apple: Fix stuck function keys when using FN (bsc#1051510). - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - HID: prodikeys: Fix general protection fault during probe (bsc#1051510). - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - isdn/capi: check message length in capi_write() (bsc#1051510). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kABI: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kABI/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code. - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case. - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - KVM: Convert kvm_lock to a mutex (bsc#1117665). - KVM: MMU: drop vcpu param in gpte_access (bsc#1117665). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - KVM: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - KVM: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - KVM: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - KVM: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - KVM: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: accept deauth frames in IBSS mode (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert "[media] marvell-ccic: reset ccic phy when stop streaming for stability" (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - nfc: fix attrs checks in netlink interface (bsc#1051510). - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510). - nfc: pn533: fix use-after-free and memleaks (bsc#1051510). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - objtool: Clobber user CFLAGS variable (bsc#1153236). - PCI: Correct pci=resource_alignment parameter example (bsc#1051510). - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263). - PCI: PM: Fix pci_power_up() (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - PNFS fallback to MDS if no deviceid found (git-fixes). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Export maximum memory value (bsc#1122363). - powerpc/pseries: Export raw per-CPU VPA data via debugfs (). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - RDMA/bnxt_re: Fix spelling mistake "missin_resp" -> "missing_resp" (bsc#1050244). - RDMA: Fix goto target to release the allocated memory (bsc#1050244). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Revert "mwifiex: fix system hang problem after resume" (bsc#1051510). - Revert "Revert "rpm/kernel-binary.spec.in: rename kGraft to KLP ()"" This reverts commit 468af43c8fd8509820798b6d8ed363fc417ca939 Should get this rename again with next SLE15 merge. - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "alredy" -> "already" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake "initializatin" -> "initialization" (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: fix the transport error_count check (networking-stable-19_08_21). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - Sign non-x86 kernels when possible (boo#1134303) - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter "dev_t line" (bsc#1051510). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on release (bsc#1051510). - usb: chaoskey: fix use-after-free on release (bsc#1051510). - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510). - usb: iowarrior: fix use-after-free on release (bsc#1051510). - usb: legousbtower: fix deadlock on disconnect (bsc#1142635). - usb: legousbtower: fix open after failed reset request (bsc#1142635). - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - usb: legousbtower: fix slab info leak at probe (bsc#1142635). - usb: legousbtower: fix use-after-free on release (bsc#1051510). - usb: microtek: fix info-leak at probe (bsc#1142635). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - usb: serial: fix runtime PM after driver unbind (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - usb: serial: option: add Telit FN980 compositions (bsc#1051510). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usblcd: fix I/O after disconnect (bsc#1142635). - usb: usblp: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - usb: yurex: Do not retry on unexpected errors (bsc#1051510). - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vhost_net: conditionally enable tx polling (bsc#1145099). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2879=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2879=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2879=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-2879=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-2879=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2879=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.37.1 kernel-default-debugsource-4.12.14-95.37.1 kernel-default-extra-4.12.14-95.37.1 kernel-default-extra-debuginfo-4.12.14-95.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.37.1 kernel-obs-build-debugsource-4.12.14-95.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.37.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.37.1 kernel-default-base-4.12.14-95.37.1 kernel-default-base-debuginfo-4.12.14-95.37.1 kernel-default-debuginfo-4.12.14-95.37.1 kernel-default-debugsource-4.12.14-95.37.1 kernel-default-devel-4.12.14-95.37.1 kernel-syms-4.12.14-95.37.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.37.1 kernel-macros-4.12.14-95.37.1 kernel-source-4.12.14-95.37.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.37.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.37.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_37-default-1-6.5.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.37.1 cluster-md-kmp-default-debuginfo-4.12.14-95.37.1 dlm-kmp-default-4.12.14-95.37.1 dlm-kmp-default-debuginfo-4.12.14-95.37.1 gfs2-kmp-default-4.12.14-95.37.1 gfs2-kmp-default-debuginfo-4.12.14-95.37.1 kernel-default-debuginfo-4.12.14-95.37.1 kernel-default-debugsource-4.12.14-95.37.1 ocfs2-kmp-default-4.12.14-95.37.1 ocfs2-kmp-default-debuginfo-4.12.14-95.37.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.37.1 kernel-default-debuginfo-4.12.14-95.37.1 kernel-default-debugsource-4.12.14-95.37.1 kernel-default-devel-4.12.14-95.37.1 kernel-default-devel-debuginfo-4.12.14-95.37.1 kernel-default-extra-4.12.14-95.37.1 kernel-default-extra-debuginfo-4.12.14-95.37.1 kernel-syms-4.12.14-95.37.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.37.1 kernel-macros-4.12.14-95.37.1 kernel-source-4.12.14-95.37.1 References: https://www.suse.com/security/cve/CVE-2017-18595.html https://www.suse.com/security/cve/CVE-2019-14821.html https://www.suse.com/security/cve/CVE-2019-15291.html https://www.suse.com/security/cve/CVE-2019-16232.html https://www.suse.com/security/cve/CVE-2019-16234.html https://www.suse.com/security/cve/CVE-2019-17056.html https://www.suse.com/security/cve/CVE-2019-17133.html https://www.suse.com/security/cve/CVE-2019-17666.html https://www.suse.com/security/cve/CVE-2019-9506.html https://bugzilla.suse.com/1046299 https://bugzilla.suse.com/1046303 https://bugzilla.suse.com/1046305 https://bugzilla.suse.com/1050244 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050545 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1073513 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1086323 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1097583 https://bugzilla.suse.com/1097584 https://bugzilla.suse.com/1097585 https://bugzilla.suse.com/1097586 https://bugzilla.suse.com/1097587 https://bugzilla.suse.com/1097588 https://bugzilla.suse.com/1098291 https://bugzilla.suse.com/1101674 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1109158 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1117665 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1122363 https://bugzilla.suse.com/1123034 https://bugzilla.suse.com/1123080 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127988 https://bugzilla.suse.com/1131304 https://bugzilla.suse.com/1133140 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135854 https://bugzilla.suse.com/1135873 https://bugzilla.suse.com/1137799 https://bugzilla.suse.com/1137861 https://bugzilla.suse.com/1137865 https://bugzilla.suse.com/1137959 https://bugzilla.suse.com/1140155 https://bugzilla.suse.com/1140729 https://bugzilla.suse.com/1140845 https://bugzilla.suse.com/1140883 https://bugzilla.suse.com/1141600 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1142667 https://bugzilla.suse.com/1144375 https://bugzilla.suse.com/1144449 https://bugzilla.suse.com/1145099 https://bugzilla.suse.com/1146042 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146540 https://bugzilla.suse.com/1146664 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148410 https://bugzilla.suse.com/1148712 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149313 https://bugzilla.suse.com/1149446 https://bugzilla.suse.com/1149555 https://bugzilla.suse.com/1149651 https://bugzilla.suse.com/1150381 https://bugzilla.suse.com/1150423 https://bugzilla.suse.com/1150452 https://bugzilla.suse.com/1150465 https://bugzilla.suse.com/1150875 https://bugzilla.suse.com/1151350 https://bugzilla.suse.com/1151508 https://bugzilla.suse.com/1151610 https://bugzilla.suse.com/1151667 https://bugzilla.suse.com/1151671 https://bugzilla.suse.com/1151680 https://bugzilla.suse.com/1151891 https://bugzilla.suse.com/1151955 https://bugzilla.suse.com/1152024 https://bugzilla.suse.com/1152025 https://bugzilla.suse.com/1152026 https://bugzilla.suse.com/1152161 https://bugzilla.suse.com/1152325 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152460 https://bugzilla.suse.com/1152466 https://bugzilla.suse.com/1152788 https://bugzilla.suse.com/1152791 https://bugzilla.suse.com/1152972 https://bugzilla.suse.com/1152974 https://bugzilla.suse.com/1152975 https://bugzilla.suse.com/1153112 https://bugzilla.suse.com/1153158 https://bugzilla.suse.com/1153236 https://bugzilla.suse.com/1153263 https://bugzilla.suse.com/1153646 https://bugzilla.suse.com/1153713 https://bugzilla.suse.com/1153717 https://bugzilla.suse.com/1153718 https://bugzilla.suse.com/1153719 https://bugzilla.suse.com/1153811 https://bugzilla.suse.com/1154108 https://bugzilla.suse.com/1154189 https://bugzilla.suse.com/1154354 https://bugzilla.suse.com/1154372 https://bugzilla.suse.com/1154578 https://bugzilla.suse.com/1154607 https://bugzilla.suse.com/1154608 https://bugzilla.suse.com/1154610 https://bugzilla.suse.com/1154611 https://bugzilla.suse.com/1154651 https://bugzilla.suse.com/1154747 From sle-security-updates at lists.suse.com Thu Oct 31 11:15:44 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 31 Oct 2019 18:15:44 +0100 (CET) Subject: SUSE-SU-2019:2875-1: important: Security update for samba Message-ID: <20191031171544.C6008F798@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2875-1 Rating: important References: #1144902 Cross-References: CVE-2019-10218 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2875=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2875=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2875=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2875=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2875=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2875=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2019-2875=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libdcerpc-atsvc0-4.2.4-28.36.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.36.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libdcerpc-atsvc0-4.2.4-28.36.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.36.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): samba-doc-4.2.4-28.36.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ctdb-4.2.4-28.36.1 ctdb-debuginfo-4.2.4-28.36.1 libdcerpc-binding0-32bit-4.2.4-28.36.1 libdcerpc-binding0-4.2.4-28.36.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.36.1 libdcerpc-binding0-debuginfo-4.2.4-28.36.1 libdcerpc0-32bit-4.2.4-28.36.1 libdcerpc0-4.2.4-28.36.1 libdcerpc0-debuginfo-32bit-4.2.4-28.36.1 libdcerpc0-debuginfo-4.2.4-28.36.1 libgensec0-32bit-4.2.4-28.36.1 libgensec0-4.2.4-28.36.1 libgensec0-debuginfo-32bit-4.2.4-28.36.1 libgensec0-debuginfo-4.2.4-28.36.1 libndr-krb5pac0-32bit-4.2.4-28.36.1 libndr-krb5pac0-4.2.4-28.36.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.36.1 libndr-krb5pac0-debuginfo-4.2.4-28.36.1 libndr-nbt0-32bit-4.2.4-28.36.1 libndr-nbt0-4.2.4-28.36.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.36.1 libndr-nbt0-debuginfo-4.2.4-28.36.1 libndr-standard0-32bit-4.2.4-28.36.1 libndr-standard0-4.2.4-28.36.1 libndr-standard0-debuginfo-32bit-4.2.4-28.36.1 libndr-standard0-debuginfo-4.2.4-28.36.1 libndr0-32bit-4.2.4-28.36.1 libndr0-4.2.4-28.36.1 libndr0-debuginfo-32bit-4.2.4-28.36.1 libndr0-debuginfo-4.2.4-28.36.1 libnetapi0-32bit-4.2.4-28.36.1 libnetapi0-4.2.4-28.36.1 libnetapi0-debuginfo-32bit-4.2.4-28.36.1 libnetapi0-debuginfo-4.2.4-28.36.1 libregistry0-4.2.4-28.36.1 libregistry0-debuginfo-4.2.4-28.36.1 libsamba-credentials0-32bit-4.2.4-28.36.1 libsamba-credentials0-4.2.4-28.36.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.36.1 libsamba-credentials0-debuginfo-4.2.4-28.36.1 libsamba-hostconfig0-32bit-4.2.4-28.36.1 libsamba-hostconfig0-4.2.4-28.36.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.36.1 libsamba-hostconfig0-debuginfo-4.2.4-28.36.1 libsamba-passdb0-32bit-4.2.4-28.36.1 libsamba-passdb0-4.2.4-28.36.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.36.1 libsamba-passdb0-debuginfo-4.2.4-28.36.1 libsamba-util0-32bit-4.2.4-28.36.1 libsamba-util0-4.2.4-28.36.1 libsamba-util0-debuginfo-32bit-4.2.4-28.36.1 libsamba-util0-debuginfo-4.2.4-28.36.1 libsamdb0-32bit-4.2.4-28.36.1 libsamdb0-4.2.4-28.36.1 libsamdb0-debuginfo-32bit-4.2.4-28.36.1 libsamdb0-debuginfo-4.2.4-28.36.1 libsmbclient-raw0-32bit-4.2.4-28.36.1 libsmbclient-raw0-4.2.4-28.36.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.36.1 libsmbclient-raw0-debuginfo-4.2.4-28.36.1 libsmbclient0-32bit-4.2.4-28.36.1 libsmbclient0-4.2.4-28.36.1 libsmbclient0-debuginfo-32bit-4.2.4-28.36.1 libsmbclient0-debuginfo-4.2.4-28.36.1 libsmbconf0-32bit-4.2.4-28.36.1 libsmbconf0-4.2.4-28.36.1 libsmbconf0-debuginfo-32bit-4.2.4-28.36.1 libsmbconf0-debuginfo-4.2.4-28.36.1 libsmbldap0-32bit-4.2.4-28.36.1 libsmbldap0-4.2.4-28.36.1 libsmbldap0-debuginfo-32bit-4.2.4-28.36.1 libsmbldap0-debuginfo-4.2.4-28.36.1 libtevent-util0-32bit-4.2.4-28.36.1 libtevent-util0-4.2.4-28.36.1 libtevent-util0-debuginfo-32bit-4.2.4-28.36.1 libtevent-util0-debuginfo-4.2.4-28.36.1 libwbclient0-32bit-4.2.4-28.36.1 libwbclient0-4.2.4-28.36.1 libwbclient0-debuginfo-32bit-4.2.4-28.36.1 libwbclient0-debuginfo-4.2.4-28.36.1 samba-32bit-4.2.4-28.36.1 samba-4.2.4-28.36.1 samba-client-32bit-4.2.4-28.36.1 samba-client-4.2.4-28.36.1 samba-client-debuginfo-32bit-4.2.4-28.36.1 samba-client-debuginfo-4.2.4-28.36.1 samba-debuginfo-32bit-4.2.4-28.36.1 samba-debuginfo-4.2.4-28.36.1 samba-debugsource-4.2.4-28.36.1 samba-libs-32bit-4.2.4-28.36.1 samba-libs-4.2.4-28.36.1 samba-libs-debuginfo-32bit-4.2.4-28.36.1 samba-libs-debuginfo-4.2.4-28.36.1 samba-winbind-32bit-4.2.4-28.36.1 samba-winbind-4.2.4-28.36.1 samba-winbind-debuginfo-32bit-4.2.4-28.36.1 samba-winbind-debuginfo-4.2.4-28.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libdcerpc-atsvc0-4.2.4-28.36.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.36.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-atsvc0-4.2.4-28.36.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.36.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ctdb-4.2.4-28.36.1 ctdb-debuginfo-4.2.4-28.36.1 libdcerpc-binding0-4.2.4-28.36.1 libdcerpc-binding0-debuginfo-4.2.4-28.36.1 libdcerpc0-4.2.4-28.36.1 libdcerpc0-debuginfo-4.2.4-28.36.1 libgensec0-4.2.4-28.36.1 libgensec0-debuginfo-4.2.4-28.36.1 libndr-krb5pac0-4.2.4-28.36.1 libndr-krb5pac0-debuginfo-4.2.4-28.36.1 libndr-nbt0-4.2.4-28.36.1 libndr-nbt0-debuginfo-4.2.4-28.36.1 libndr-standard0-4.2.4-28.36.1 libndr-standard0-debuginfo-4.2.4-28.36.1 libndr0-4.2.4-28.36.1 libndr0-debuginfo-4.2.4-28.36.1 libnetapi0-4.2.4-28.36.1 libnetapi0-debuginfo-4.2.4-28.36.1 libregistry0-4.2.4-28.36.1 libregistry0-debuginfo-4.2.4-28.36.1 libsamba-credentials0-4.2.4-28.36.1 libsamba-credentials0-debuginfo-4.2.4-28.36.1 libsamba-hostconfig0-4.2.4-28.36.1 libsamba-hostconfig0-debuginfo-4.2.4-28.36.1 libsamba-passdb0-4.2.4-28.36.1 libsamba-passdb0-debuginfo-4.2.4-28.36.1 libsamba-util0-4.2.4-28.36.1 libsamba-util0-debuginfo-4.2.4-28.36.1 libsamdb0-4.2.4-28.36.1 libsamdb0-debuginfo-4.2.4-28.36.1 libsmbclient-raw0-4.2.4-28.36.1 libsmbclient-raw0-debuginfo-4.2.4-28.36.1 libsmbclient0-4.2.4-28.36.1 libsmbclient0-debuginfo-4.2.4-28.36.1 libsmbconf0-4.2.4-28.36.1 libsmbconf0-debuginfo-4.2.4-28.36.1 libsmbldap0-4.2.4-28.36.1 libsmbldap0-debuginfo-4.2.4-28.36.1 libtevent-util0-4.2.4-28.36.1 libtevent-util0-debuginfo-4.2.4-28.36.1 libwbclient0-4.2.4-28.36.1 libwbclient0-debuginfo-4.2.4-28.36.1 samba-4.2.4-28.36.1 samba-client-4.2.4-28.36.1 samba-client-debuginfo-4.2.4-28.36.1 samba-debuginfo-4.2.4-28.36.1 samba-debugsource-4.2.4-28.36.1 samba-libs-4.2.4-28.36.1 samba-libs-debuginfo-4.2.4-28.36.1 samba-winbind-4.2.4-28.36.1 samba-winbind-debuginfo-4.2.4-28.36.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-28.36.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.36.1 libdcerpc0-32bit-4.2.4-28.36.1 libdcerpc0-debuginfo-32bit-4.2.4-28.36.1 libgensec0-32bit-4.2.4-28.36.1 libgensec0-debuginfo-32bit-4.2.4-28.36.1 libndr-krb5pac0-32bit-4.2.4-28.36.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.36.1 libndr-nbt0-32bit-4.2.4-28.36.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.36.1 libndr-standard0-32bit-4.2.4-28.36.1 libndr-standard0-debuginfo-32bit-4.2.4-28.36.1 libndr0-32bit-4.2.4-28.36.1 libndr0-debuginfo-32bit-4.2.4-28.36.1 libnetapi0-32bit-4.2.4-28.36.1 libnetapi0-debuginfo-32bit-4.2.4-28.36.1 libsamba-credentials0-32bit-4.2.4-28.36.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.36.1 libsamba-hostconfig0-32bit-4.2.4-28.36.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.36.1 libsamba-passdb0-32bit-4.2.4-28.36.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.36.1 libsamba-util0-32bit-4.2.4-28.36.1 libsamba-util0-debuginfo-32bit-4.2.4-28.36.1 libsamdb0-32bit-4.2.4-28.36.1 libsamdb0-debuginfo-32bit-4.2.4-28.36.1 libsmbclient-raw0-32bit-4.2.4-28.36.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.36.1 libsmbclient0-32bit-4.2.4-28.36.1 libsmbclient0-debuginfo-32bit-4.2.4-28.36.1 libsmbconf0-32bit-4.2.4-28.36.1 libsmbconf0-debuginfo-32bit-4.2.4-28.36.1 libsmbldap0-32bit-4.2.4-28.36.1 libsmbldap0-debuginfo-32bit-4.2.4-28.36.1 libtevent-util0-32bit-4.2.4-28.36.1 libtevent-util0-debuginfo-32bit-4.2.4-28.36.1 libwbclient0-32bit-4.2.4-28.36.1 libwbclient0-debuginfo-32bit-4.2.4-28.36.1 samba-32bit-4.2.4-28.36.1 samba-client-32bit-4.2.4-28.36.1 samba-client-debuginfo-32bit-4.2.4-28.36.1 samba-debuginfo-32bit-4.2.4-28.36.1 samba-libs-32bit-4.2.4-28.36.1 samba-libs-debuginfo-32bit-4.2.4-28.36.1 samba-winbind-32bit-4.2.4-28.36.1 samba-winbind-debuginfo-32bit-4.2.4-28.36.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): samba-doc-4.2.4-28.36.1 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): ctdb-4.2.4-28.36.1 ctdb-debuginfo-4.2.4-28.36.1 References: https://www.suse.com/security/cve/CVE-2019-10218.html https://bugzilla.suse.com/1144902