From sle-security-updates at lists.suse.com Thu Oct 1 07:14:39 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 1 Oct 2020 15:14:39 +0200 (CEST) Subject: SUSE-SU-2020:2813-1: important: Security update for nodejs12 Message-ID: <20201001131439.3229AFCFD@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2813-1 Rating: important References: #1172686 #1173937 #1176589 #1176605 Cross-References: CVE-2020-15095 CVE-2020-8201 CVE-2020-8252 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for nodejs12 fixes the following issues: - nodejs12 was updated to 12.18.4 LTS: - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion (bsc#1176605). - CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589). - CVE-2020-15095: Fixed an information leak through log files (bsc#1173937). - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2813=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs12-12.18.4-4.6.1 nodejs12-debuginfo-12.18.4-4.6.1 nodejs12-debugsource-12.18.4-4.6.1 nodejs12-devel-12.18.4-4.6.1 npm12-12.18.4-4.6.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs12-docs-12.18.4-4.6.1 References: https://www.suse.com/security/cve/CVE-2020-15095.html https://www.suse.com/security/cve/CVE-2020-8201.html https://www.suse.com/security/cve/CVE-2020-8252.html https://bugzilla.suse.com/1172686 https://bugzilla.suse.com/1173937 https://bugzilla.suse.com/1176589 https://bugzilla.suse.com/1176605 From sle-security-updates at lists.suse.com Thu Oct 1 07:17:50 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 1 Oct 2020 15:17:50 +0200 (CEST) Subject: SUSE-SU-2020:2812-1: important: Security update for nodejs12 Message-ID: <20201001131750.48F55FCFD@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2812-1 Rating: important References: #1172686 #1173937 #1176589 #1176605 Cross-References: CVE-2020-15095 CVE-2020-8201 CVE-2020-8252 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for nodejs12 fixes the following issues: - nodejs12 was updated to 12.18.4 LTS: - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion (bsc#1176605). - CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589). - CVE-2020-15095: Fixed an information leak through log files (bsc#1173937). - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2812=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs12-12.18.4-1.20.1 nodejs12-debuginfo-12.18.4-1.20.1 nodejs12-debugsource-12.18.4-1.20.1 nodejs12-devel-12.18.4-1.20.1 npm12-12.18.4-1.20.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs12-docs-12.18.4-1.20.1 References: https://www.suse.com/security/cve/CVE-2020-15095.html https://www.suse.com/security/cve/CVE-2020-8201.html https://www.suse.com/security/cve/CVE-2020-8252.html https://bugzilla.suse.com/1172686 https://bugzilla.suse.com/1173937 https://bugzilla.suse.com/1176589 https://bugzilla.suse.com/1176605 From sle-security-updates at lists.suse.com Thu Oct 1 07:25:36 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 1 Oct 2020 15:25:36 +0200 (CEST) Subject: SUSE-SU-2020:2814-1: moderate: Security update for permissions Message-ID: <20201001132536.68AC1FCFD@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2814-1 Rating: moderate References: #1161335 #1176625 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for permissions fixes the following issues: - whitelist WMP (bsc#1161335, bsc#1176625) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2814=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2814=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2814=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2814=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): permissions-20180125-3.30.1 permissions-debuginfo-20180125-3.30.1 permissions-debugsource-20180125-3.30.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): permissions-20180125-3.30.1 permissions-debuginfo-20180125-3.30.1 permissions-debugsource-20180125-3.30.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): permissions-20180125-3.30.1 permissions-debuginfo-20180125-3.30.1 permissions-debugsource-20180125-3.30.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): permissions-20180125-3.30.1 permissions-debuginfo-20180125-3.30.1 permissions-debugsource-20180125-3.30.1 References: https://bugzilla.suse.com/1161335 https://bugzilla.suse.com/1176625 From sle-security-updates at lists.suse.com Thu Oct 1 10:14:48 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 1 Oct 2020 18:14:48 +0200 (CEST) Subject: SUSE-SU-2020:2822-1: important: Security update for xen Message-ID: <20201001161448.910DDFCFD@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2822-1 Rating: important References: #1172205 #1173378 #1173380 #1175534 #1176343 #1176344 #1176345 #1176346 #1176347 #1176348 #1176349 #1176350 Cross-References: CVE-2020-0543 CVE-2020-14364 CVE-2020-15565 CVE-2020-15567 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25603 CVE-2020-25604 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - CVE-2020-0543: Fixed a leak of Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (bsc#1172205,XSA-320) - CVE-2020-15565: Fixed an issue cache write (bsc#1173378,XSA-321). - CVE-2020-15567: Fixed an issue with non-atomic modification of live EPT PTE (bsc#1173380,XSA-328) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2822=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2822=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2822=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2822=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_10-43.67.1 xen-debugsource-4.7.6_10-43.67.1 xen-doc-html-4.7.6_10-43.67.1 xen-libs-32bit-4.7.6_10-43.67.1 xen-libs-4.7.6_10-43.67.1 xen-libs-debuginfo-32bit-4.7.6_10-43.67.1 xen-libs-debuginfo-4.7.6_10-43.67.1 xen-tools-4.7.6_10-43.67.1 xen-tools-debuginfo-4.7.6_10-43.67.1 xen-tools-domU-4.7.6_10-43.67.1 xen-tools-domU-debuginfo-4.7.6_10-43.67.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.6_10-43.67.1 xen-debugsource-4.7.6_10-43.67.1 xen-doc-html-4.7.6_10-43.67.1 xen-libs-32bit-4.7.6_10-43.67.1 xen-libs-4.7.6_10-43.67.1 xen-libs-debuginfo-32bit-4.7.6_10-43.67.1 xen-libs-debuginfo-4.7.6_10-43.67.1 xen-tools-4.7.6_10-43.67.1 xen-tools-debuginfo-4.7.6_10-43.67.1 xen-tools-domU-4.7.6_10-43.67.1 xen-tools-domU-debuginfo-4.7.6_10-43.67.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.6_10-43.67.1 xen-debugsource-4.7.6_10-43.67.1 xen-doc-html-4.7.6_10-43.67.1 xen-libs-32bit-4.7.6_10-43.67.1 xen-libs-4.7.6_10-43.67.1 xen-libs-debuginfo-32bit-4.7.6_10-43.67.1 xen-libs-debuginfo-4.7.6_10-43.67.1 xen-tools-4.7.6_10-43.67.1 xen-tools-debuginfo-4.7.6_10-43.67.1 xen-tools-domU-4.7.6_10-43.67.1 xen-tools-domU-debuginfo-4.7.6_10-43.67.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_10-43.67.1 xen-debugsource-4.7.6_10-43.67.1 xen-doc-html-4.7.6_10-43.67.1 xen-libs-32bit-4.7.6_10-43.67.1 xen-libs-4.7.6_10-43.67.1 xen-libs-debuginfo-32bit-4.7.6_10-43.67.1 xen-libs-debuginfo-4.7.6_10-43.67.1 xen-tools-4.7.6_10-43.67.1 xen-tools-debuginfo-4.7.6_10-43.67.1 xen-tools-domU-4.7.6_10-43.67.1 xen-tools-domU-debuginfo-4.7.6_10-43.67.1 References: https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15567.html https://www.suse.com/security/cve/CVE-2020-25595.html https://www.suse.com/security/cve/CVE-2020-25596.html https://www.suse.com/security/cve/CVE-2020-25597.html https://www.suse.com/security/cve/CVE-2020-25599.html https://www.suse.com/security/cve/CVE-2020-25600.html https://www.suse.com/security/cve/CVE-2020-25601.html https://www.suse.com/security/cve/CVE-2020-25603.html https://www.suse.com/security/cve/CVE-2020-25604.html https://bugzilla.suse.com/1172205 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 https://bugzilla.suse.com/1175534 https://bugzilla.suse.com/1176343 https://bugzilla.suse.com/1176344 https://bugzilla.suse.com/1176345 https://bugzilla.suse.com/1176346 https://bugzilla.suse.com/1176347 https://bugzilla.suse.com/1176348 https://bugzilla.suse.com/1176349 https://bugzilla.suse.com/1176350 From sle-security-updates at lists.suse.com Thu Oct 1 10:17:01 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 1 Oct 2020 18:17:01 +0200 (CEST) Subject: SUSE-SU-2020:2823-1: important: Security update for nodejs10 Message-ID: <20201001161701.D1294FCFD@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2823-1 Rating: important References: #1172686 #1173937 #1176589 Cross-References: CVE-2020-15095 CVE-2020-8252 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for nodejs10 fixes the following issues: - nodejs10 was updated to 10.22.1 LTS: - CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589). - CVE-2020-15095: Fixed an information leak through log files (bsc#1173937). - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2823=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs10-10.22.1-1.30.1 nodejs10-debuginfo-10.22.1-1.30.1 nodejs10-debugsource-10.22.1-1.30.1 nodejs10-devel-10.22.1-1.30.1 npm10-10.22.1-1.30.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs10-docs-10.22.1-1.30.1 References: https://www.suse.com/security/cve/CVE-2020-15095.html https://www.suse.com/security/cve/CVE-2020-8252.html https://bugzilla.suse.com/1172686 https://bugzilla.suse.com/1173937 https://bugzilla.suse.com/1176589 From sle-security-updates at lists.suse.com Fri Oct 2 07:16:38 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 2 Oct 2020 15:16:38 +0200 (CEST) Subject: SUSE-SU-2020:2830-1: moderate: Security update for permissions Message-ID: <20201002131638.E27FCFCFD@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2830-1 Rating: moderate References: #1161335 #1176625 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for permissions fixes the following issues: - whitelist WMP (bsc#1161335, bsc#1176625) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2830=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): permissions-20181116-9.38.1 permissions-debuginfo-20181116-9.38.1 permissions-debugsource-20181116-9.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): permissions-zypp-plugin-20181116-9.38.1 References: https://bugzilla.suse.com/1161335 https://bugzilla.suse.com/1176625 From sle-security-updates at lists.suse.com Fri Oct 2 07:18:44 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 2 Oct 2020 15:18:44 +0200 (CEST) Subject: SUSE-SU-2020:2829-1: important: Security update for nodejs10 Message-ID: <20201002131844.69629FCFD@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2829-1 Rating: important References: #1172686 #1173937 #1176589 Cross-References: CVE-2020-15095 CVE-2020-8252 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Web Scripting 15-SP2 SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for nodejs10 fixes the following issues: - nodejs10 was updated to 10.22.1 LTS: - CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589). - CVE-2020-15095: Fixed an information leak through log files (bsc#1173937). - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2829=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2829=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2829=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-2829=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2829=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2829=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nodejs10-10.22.1-1.27.1 nodejs10-debuginfo-10.22.1-1.27.1 nodejs10-debugsource-10.22.1-1.27.1 nodejs10-devel-10.22.1-1.27.1 npm10-10.22.1-1.27.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs10-docs-10.22.1-1.27.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs10-10.22.1-1.27.1 nodejs10-debuginfo-10.22.1-1.27.1 nodejs10-debugsource-10.22.1-1.27.1 nodejs10-devel-10.22.1-1.27.1 npm10-10.22.1-1.27.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs10-docs-10.22.1-1.27.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs10-10.22.1-1.27.1 nodejs10-debuginfo-10.22.1-1.27.1 nodejs10-debugsource-10.22.1-1.27.1 nodejs10-devel-10.22.1-1.27.1 npm10-10.22.1-1.27.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs10-docs-10.22.1-1.27.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): nodejs10-10.22.1-1.27.1 nodejs10-debuginfo-10.22.1-1.27.1 nodejs10-debugsource-10.22.1-1.27.1 nodejs10-devel-10.22.1-1.27.1 npm10-10.22.1-1.27.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): nodejs10-docs-10.22.1-1.27.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs10-10.22.1-1.27.1 nodejs10-debuginfo-10.22.1-1.27.1 nodejs10-debugsource-10.22.1-1.27.1 nodejs10-devel-10.22.1-1.27.1 npm10-10.22.1-1.27.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs10-docs-10.22.1-1.27.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs10-10.22.1-1.27.1 nodejs10-debuginfo-10.22.1-1.27.1 nodejs10-debugsource-10.22.1-1.27.1 nodejs10-devel-10.22.1-1.27.1 npm10-10.22.1-1.27.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs10-docs-10.22.1-1.27.1 References: https://www.suse.com/security/cve/CVE-2020-15095.html https://www.suse.com/security/cve/CVE-2020-8252.html https://bugzilla.suse.com/1172686 https://bugzilla.suse.com/1173937 https://bugzilla.suse.com/1176589 From sle-security-updates at lists.suse.com Fri Oct 2 07:36:06 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 2 Oct 2020 15:36:06 +0200 (CEST) Subject: SUSE-SU-2020:2828-1: important: Security update for perl-DBI Message-ID: <20201002133606.0CAE9FD04@maintenance.suse.de> SUSE Security Update: Security update for perl-DBI ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2828-1 Rating: important References: #1176764 Cross-References: CVE-2019-20919 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2828=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): perl-DBI-1.642-3.6.1 perl-DBI-debuginfo-1.642-3.6.1 perl-DBI-debugsource-1.642-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-20919.html https://bugzilla.suse.com/1176764 From sle-security-updates at lists.suse.com Fri Oct 2 07:39:25 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 2 Oct 2020 15:39:25 +0200 (CEST) Subject: SUSE-SU-2020:2827-1: important: Security update for perl-DBI Message-ID: <20201002133925.524FDFCFD@maintenance.suse.de> SUSE Security Update: Security update for perl-DBI ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2827-1 Rating: important References: #1176764 Cross-References: CVE-2019-20919 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2827=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2827=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2827=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2827=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2827=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): perl-DBI-1.639-3.11.1 perl-DBI-debuginfo-1.639-3.11.1 perl-DBI-debugsource-1.639-3.11.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): perl-DBI-1.639-3.11.1 perl-DBI-debuginfo-1.639-3.11.1 perl-DBI-debugsource-1.639-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): perl-DBI-1.639-3.11.1 perl-DBI-debuginfo-1.639-3.11.1 perl-DBI-debugsource-1.639-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): perl-DBI-1.639-3.11.1 perl-DBI-debuginfo-1.639-3.11.1 perl-DBI-debugsource-1.639-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): perl-DBI-1.639-3.11.1 perl-DBI-debuginfo-1.639-3.11.1 perl-DBI-debugsource-1.639-3.11.1 References: https://www.suse.com/security/cve/CVE-2019-20919.html https://bugzilla.suse.com/1176764 From sle-security-updates at lists.suse.com Fri Oct 2 07:44:57 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 2 Oct 2020 15:44:57 +0200 (CEST) Subject: SUSE-SU-2020:2832-1: moderate: Security update for SUSE Manager Server 4.1 Message-ID: <20201002134457.5D834FCFD@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2832-1 Rating: moderate References: #1151557 #1165287 #1165829 #1171836 #1172079 #1172263 #1173073 #1173520 #1173603 #1173621 #1174025 #1174254 #1174357 #1174423 #1174636 #1175103 #1175512 #1175529 #1175545 #1175556 #1175889 #1176500 #1176503 #1176844 #1176862 #1176913 Cross-References: CVE-2019-14900 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves one vulnerability and has 25 fixes is now available. Description: This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Pin Golang version to 1.14 golang-github-prometheus-node_exporter: - Update to 1.0.1 * Changes to build specification + Modify spec: update golang version to 1.14 + Remove update tarball script + Add _service file to allow for updates via `osc service disabledrun` * Bug fixes + [BUGFIX] filesystem_freebsd: Fix label values #1728 + [BUGFIX] Update prometheus/procfs to fix log noise #1735 + [BUGFIX] Fix build tags for collectors #1745 + [BUGFIX] Handle no data from powersupplyclass #1747, #1749 - Update to 1.0.0 * Bug fixes + [BUGFIX] Read /proc/net files with a single read syscall #1380 + [BUGFIX] Renamed label state to name on node_systemd_service_restart_total. #1393 + [BUGFIX] Fix netdev nil reference on Darwin #1414 + [BUGFIX] Strip path.rootfs from mountpoint labels #1421 + [BUGFIX] Fix seconds reported by schedstat #1426 + [BUGFIX] Fix empty string in path.rootfs #1464 + [BUGFIX] Fix typo in cpufreq metric names #1510 + [BUGFIX] Read /proc/stat in one syscall #1538 + [BUGFIX] Fix OpenBSD cache memory information #1542 + [BUGFIX] Refactor textfile collector to avoid looping defer #1549 + [BUGFIX] Fix network speed math #1580 + [BUGFIX] collector/systemd: use regexp to extract systemd version #1647 + [BUGFIX] Fix initialization in perf collector when using multiple CPUs #1665 + [BUGFIX] Fix accidentally empty lines in meminfo_linux #1671 * Several enhancements + See https://github.com/prometheus/node_exporter/releases/tag/v1.0.0 - Update to 1.0.0-rc.0 * The netdev collector CLI argument --collector.netdev.ignored-devices was renamed to --collector.netdev.device-blacklist in order to conform with the systemd collector. #1279 * The label named state on node_systemd_service_restart_total metrics was changed to name to better describe the metric. #1393 * Refactoring of the mdadm collector changes several metrics node_md_disks_active is removed node_md_disks now has a state label for "fail", "spare", "active" disks. node_md_is_active is replaced by node_md_state with a state set of "active", "inactive", "recovering", "resync". * Additional label mountaddr added to NFS device metrics to distinguish mounts from the same URL, but different IP addresses. #1417 * Metrics node_cpu_scaling_frequency_min_hrts and node_cpu_scaling_frequency_max_hrts of the cpufreq collector were renamed to node_cpu_scaling_frequency_min_hertz and node_cpu_scaling_frequency_max_hertz. #1510 * Collectors that are enabled, but are unable to find data to collect, now return 0 for node_scrape_collector_success. - Add missing sysconfig file in rpm bsc#1151557 hibernate5: - Address CVE-2019-14900 (bsc#1172079) - Add patch: hub-xmlrpc-api: - One configuration flag was renamed for clarity - Added USE_SSL flag to https insted of plain http - Updated docs - Bugfixes - Changed configuration to plain variables - Bugfixes patterns-suse-manager: - Change PostgreSQL requirements to require at least PostgreSQL 12 prometheus-exporters-formula: - Bugfix: More robust handling of NoneType arguments (bsc#1176844) - Bugfix: Handle arguments (bsc#1176844) salt-netapi-client: - Fix text resource usage spacecmd: - Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889) spacewalk-backend: - Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME, etc) - Only regenerate bootstrap repositories when linking new packages (bsc#1174636) - Support installer_updates flag in ISS - Remove duplicate languages and update translation strings spacewalk-branding: - Re-enable language picker for user creation spacewalk-certs-tools: - Add option --nostricthostkeychecking to spacewalk-ssh-push-init - Fix the fallback to RES bootstrap repo for Centos (bsc#1174423) spacewalk-client-tools: - Remove duplicated languages and update translation strings spacewalk-java: - Force disable SPA for non-navigation links (bsc#1175512) - Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME, etc) - Pass the log level parameter to matcher - Add language picker to user preferences and user creation - Detect client organization from connected proxy (bsc#1175545) - Fix EntityExistsException on migration from traditional to salt minion via proxy (bsc#1175556) - Fix: use quiet API method when using spacewalk-common-channels (bsc#1175529) - Add java.allow_adding_patches_via_api to allow adding errata to vendor channels - Fix alignment on icon on entitlement page - Support installer update channels during autoinstallation - Filter machines not in maintenance mode for remote commands - Reset the server path on minion registration (bsc#1174254) - Data null means the sync never ran yet (bsc#1174357) spacewalk-utils: - Avoid exceptions on the logs when looking for channels that do not exist (bsc#1175529) spacewalk-web: - Fix the jQuery selector in SP Migration page (bsc#1176500) - Fix JavaScript error caused by SPA navigation event with empty event field (bsc#1176503) - Force disable SPA for non-navigation links (bsc#1175512) - Add translation support for react t() function - Fix striping on react tables - Update translation strings subscription-matcher: - Allow matching any guest products for Unlimited Virtualization subscriptions (bsc#1165287) - Only report confirmed matches in the output.json - Expose the log level setting to the command line - In the subscriptions CSV output, print the active subscriptions first susemanager: - Add missing packages to SLE12 >= SP1 bootstrap data to fix JeOS bootstrap problems (bsc#1176913) - Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME, etc) - Support installer update channels during autoinstallation susemanager-build-keys: - Trust PackageHub key (bsc#1175103) susemanager-doc-indexes: - Fix contrast problem for visited links (bsc#1176862) - Remove old certs before renaming in Administration Guide (bsc#1171836) - Reference example scripts for SP Mass Migration in Upgrade Guide - Move PoS Terminal Requirements to the Requirements sections in the Retail Guide - Updated SP Mass Migration section in Upgrade Guide for clarity - Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide - In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning. - Align SUSE Manager and Uyuni Proxy installation in the Installation Guide - New section Upgrade Uyuni Proxy in Upgrade Guide - New section Upgrade Uyuni Server in Upgrade Guide - Add GPG information about Oracle clients to SUMA (bsc#1173520) - Add hostname admonition to public cloud sections (bsc#1173621) - Add error wording to Taskomatic troubleshooting (bsc#1172263) - Add required URLs to Installation Guide - Replaces removed instructions for adding channels on older Ubuntu clients using the CLI in SUMA (bsc#1174025) - Added more concepts to Client Cfg - Documented maintenance windows feature in Admin Guide - Some reorganization of Client Cfg & Admin Guides - Updates storage device requirements in Install Guide - Adds new section for SUMA formulas in the Salt Guide - Updates storage device requirements in Install Guide - Added reverse proxy information to Monitoring in??Admin Guide - Add note about accessibility to index - Add note about CentOS upstream repository (bsc#1173603) - Add firewall troubleshooting to Admin??Guide - Fix Azure command in Install Guide (thanks Rahul-CTS) - Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88) - Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg - Adds Uyuni Config Modules to the Salt Guide as tech preview susemanager-docs_en: - Fix contrast problem for visited links (bsc#1176862) - Remove old certs before renaming in Administration Guide (bsc#1171836) - Reference example scripts for SP Mass Migration in Upgrade Guide - Move PoS Terminal Requirements to the Requirements sections in the Retail Guide - Updated SP Mass Migration section in Upgrade Guide for clarity - Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide - In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning. - Align SUSE Manager and Uyuni Proxy installation in the Installation Guide - New section Upgrade Uyuni Proxy in Upgrade Guide - New section Upgrade Uyuni Server in Upgrade Guide - Add GPG information about Oracle clients to SUMA (bsc#1173520) - Add hostname admonition to public cloud sections (bsc#1173621) - Add error wording to Taskomatic troubleshooting (bsc#1172263) - Add required URLs to Installation Guide - Replaces removed instructions for adding channels on older Ubuntu clients using the CLI in SUMA (bsc#1174025) - Added more concepts to Client Cfg - Documented maintenance windows feature in Admin Guide - Some reorganization of Client Cfg & Admin Guides - Updates storage device requirements in Install Guide - Adds new section for SUMA formulas in the Salt Guide - Updates storage device requirements in Install Guide - Added reverse proxy information to Monitoring in??Admin Guide - Add note about accessibility to index - Add note about CentOS upstream repository (bsc#1173603) - Add firewall troubleshooting to Admin??Guide - Fix Azure command in Install Guide (thanks Rahul-CTS) - Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88) - Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg - Adds Uyuni Config Modules to the Salt Guide as tech preview susemanager-schema: - Support installer update channels during autoinstallation - Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073) susemanager-sls: - Add uyuni-config-modules subpackage with Salt modules to configure Servers - Fix reporting of missing products in product.all_installed (bsc#1165829) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2832=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-6.9.4 golang-github-prometheus-node_exporter-1.0.1-3.3.4 hub-xmlrpc-api-0.7-3.3.3 hub-xmlrpc-api-debuginfo-0.7-3.3.3 patterns-suma_retail-4.1-6.6.3 patterns-suma_server-4.1-6.6.3 spacewalk-branding-4.1.10-3.6.3 susemanager-4.1.20-3.8.3 susemanager-tools-4.1.20-3.8.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): hibernate5-5.3.7-3.3.4 prometheus-exporters-formula-0.7.3-3.10.1 python3-spacewalk-certs-tools-4.1.13-3.6.3 python3-spacewalk-client-tools-4.1.6-4.3.3 salt-netapi-client-0.17.0-15.4.3 spacecmd-4.1.7-4.6.3 spacewalk-backend-4.1.15-4.8.4 spacewalk-backend-app-4.1.15-4.8.4 spacewalk-backend-applet-4.1.15-4.8.4 spacewalk-backend-config-files-4.1.15-4.8.4 spacewalk-backend-config-files-common-4.1.15-4.8.4 spacewalk-backend-config-files-tool-4.1.15-4.8.4 spacewalk-backend-iss-4.1.15-4.8.4 spacewalk-backend-iss-export-4.1.15-4.8.4 spacewalk-backend-package-push-server-4.1.15-4.8.4 spacewalk-backend-server-4.1.15-4.8.4 spacewalk-backend-sql-4.1.15-4.8.4 spacewalk-backend-sql-postgresql-4.1.15-4.8.4 spacewalk-backend-tools-4.1.15-4.8.4 spacewalk-backend-xml-export-libs-4.1.15-4.8.4 spacewalk-backend-xmlrpc-4.1.15-4.8.4 spacewalk-base-4.1.18-3.6.3 spacewalk-base-minimal-4.1.18-3.6.3 spacewalk-base-minimal-config-4.1.18-3.6.3 spacewalk-certs-tools-4.1.13-3.6.3 spacewalk-client-tools-4.1.6-4.3.3 spacewalk-html-4.1.18-3.6.3 spacewalk-java-4.1.20-3.11.8 spacewalk-java-config-4.1.20-3.11.8 spacewalk-java-lib-4.1.20-3.11.8 spacewalk-java-postgresql-4.1.20-3.11.8 spacewalk-taskomatic-4.1.20-3.11.8 spacewalk-utils-4.1.12-3.6.3 spacewalk-utils-extras-4.1.12-3.6.3 subscription-matcher-0.26-3.3.3 susemanager-build-keys-15.2.1-3.3.2 susemanager-build-keys-web-15.2.1-3.3.2 susemanager-doc-indexes-4.1-11.12.2 susemanager-docs_en-4.1-11.12.2 susemanager-docs_en-pdf-4.1-11.12.2 susemanager-schema-4.1.13-3.6.3 susemanager-sls-4.1.15-3.8.4 susemanager-web-libs-4.1.18-3.6.3 uyuni-config-formula-0.1-6.3.3 uyuni-config-modules-4.1.15-3.8.4 References: https://www.suse.com/security/cve/CVE-2019-14900.html https://bugzilla.suse.com/1151557 https://bugzilla.suse.com/1165287 https://bugzilla.suse.com/1165829 https://bugzilla.suse.com/1171836 https://bugzilla.suse.com/1172079 https://bugzilla.suse.com/1172263 https://bugzilla.suse.com/1173073 https://bugzilla.suse.com/1173520 https://bugzilla.suse.com/1173603 https://bugzilla.suse.com/1173621 https://bugzilla.suse.com/1174025 https://bugzilla.suse.com/1174254 https://bugzilla.suse.com/1174357 https://bugzilla.suse.com/1174423 https://bugzilla.suse.com/1174636 https://bugzilla.suse.com/1175103 https://bugzilla.suse.com/1175512 https://bugzilla.suse.com/1175529 https://bugzilla.suse.com/1175545 https://bugzilla.suse.com/1175556 https://bugzilla.suse.com/1175889 https://bugzilla.suse.com/1176500 https://bugzilla.suse.com/1176503 https://bugzilla.suse.com/1176844 https://bugzilla.suse.com/1176862 https://bugzilla.suse.com/1176913 From sle-security-updates at lists.suse.com Sat Oct 3 01:07:12 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 3 Oct 2020 09:07:12 +0200 (CEST) Subject: SUSE-CU-2020:504-1: Security update of suse/sle15 Message-ID: <20201003070712.58287FD04@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:504-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.318 Container Release : 6.2.318 Severity : moderate Type : security References : 1161335 1170347 1176625 1176759 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2825-1 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2830-1 Released: Fri Oct 2 10:34:26 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1161335,1176625 This update for permissions fixes the following issues: - whitelist WMP (bsc#1161335, bsc#1176625) From sle-security-updates at lists.suse.com Mon Oct 5 07:15:16 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 5 Oct 2020 15:15:16 +0200 (CEST) Subject: SUSE-SU-2020:2856-1: important: Security update for perl-DBI Message-ID: <20201005131516.3306FFD04@maintenance.suse.de> SUSE Security Update: Security update for perl-DBI ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2856-1 Rating: important References: #1176496 #1176764 Cross-References: CVE-2013-7490 CVE-2019-20919 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). - CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2856=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2856=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2856=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2856=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2856=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2856=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2856=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2856=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2856=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2856=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2856=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2856=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2856=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2856=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2856=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2856=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE OpenStack Cloud 9 (x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE OpenStack Cloud 8 (x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE OpenStack Cloud 7 (s390x x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 - HPE Helion Openstack 8 (x86_64): perl-DBI-1.628-5.6.1 perl-DBI-debuginfo-1.628-5.6.1 perl-DBI-debugsource-1.628-5.6.1 References: https://www.suse.com/security/cve/CVE-2013-7490.html https://www.suse.com/security/cve/CVE-2019-20919.html https://bugzilla.suse.com/1176496 https://bugzilla.suse.com/1176764 From sle-security-updates at lists.suse.com Mon Oct 5 10:16:34 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 5 Oct 2020 18:16:34 +0200 (CEST) Subject: SUSE-SU-2020:14510-1: important: Security update for perl-DBI Message-ID: <20201005161634.746D7FD12@maintenance.suse.de> SUSE Security Update: Security update for perl-DBI ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14510-1 Rating: important References: #1176493 #1176496 #1176764 Cross-References: CVE-2013-7490 CVE-2013-7491 CVE-2019-20919 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). - CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496). - CVE-2013-7491: Fixed a stack corruption when a user-defined function required a non-trivial amount of memory (bsc#1176493). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-perl-DBI-14510=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-perl-DBI-14510=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-perl-DBI-14510=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-perl-DBI-14510=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): perl-DBI-1.607-3.6.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): perl-DBI-1.607-3.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): perl-DBI-debuginfo-1.607-3.6.1 perl-DBI-debugsource-1.607-3.6.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): perl-DBI-debuginfo-1.607-3.6.1 perl-DBI-debugsource-1.607-3.6.1 References: https://www.suse.com/security/cve/CVE-2013-7490.html https://www.suse.com/security/cve/CVE-2013-7491.html https://www.suse.com/security/cve/CVE-2019-20919.html https://bugzilla.suse.com/1176493 https://bugzilla.suse.com/1176496 https://bugzilla.suse.com/1176764 From sle-security-updates at lists.suse.com Mon Oct 5 13:15:15 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 5 Oct 2020 21:15:15 +0200 (CEST) Subject: SUSE-SU-2020:14511-1: important: Security update for openssl1 Message-ID: <20201005191515.5FAEEFD12@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14511-1 Rating: important References: #1176331 Cross-References: CVE-2020-1968 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl1 fixes the following issues: - CVE-2020-1968: Introduced hardening against the Raccoon attack by always generating fresh DH keys and never reuse them across multiple TLS connections (bsc#1176331). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-14511=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.27.2 libopenssl1_0_0-1.0.1g-0.58.27.2 openssl1-1.0.1g-0.58.27.2 openssl1-doc-1.0.1g-0.58.27.2 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.58.27.2 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.58.27.2 References: https://www.suse.com/security/cve/CVE-2020-1968.html https://bugzilla.suse.com/1176331 From sle-security-updates at lists.suse.com Mon Oct 5 13:17:14 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 5 Oct 2020 21:17:14 +0200 (CEST) Subject: SUSE-SU-2020:2861-1: important: Security update for java-1_7_0-openjdk Message-ID: <20201005191714.16470FD12@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2861-1 Rating: important References: #1174157 Cross-References: CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk fixes the following issues: - java-1_7_0-openjdk was updated to 2.6.23 (July 2020 CPU, bsc#1174157) - JDK-8028431, CVE-2020-14579: NullPointerException in - DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in - sun.security.util.DerInputStream.getUnalignedBitString() - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8238925: Enhance WAV file playback - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux - JDK-8242136, CVE-2020-14621: Better XML namespace handling - JDK-8040113: File not initialized in src/share/native/sun/awt/giflib/dgif_lib.c - JDK-8054446: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError - JDK-8077982: GIFLIB upgrade - JDK-8081315: 8077982 giflib upgrade breaks system giflib builds with earlier versions - JDK-8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded" - JDK-8155691: Update GIFlib library to the latest up-to-date - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds - JDK-8203190: SessionId.hashCode generates too many collisions - JDK-8217676: Upgrade libpng to 1.6.37 - JDK-8220495: Update GIFlib library to the 5.1.8 - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys - JDK-8229899: Make java.io.File.isInvalid() less racy - JDK-8230597: Update GIFlib library to the 5.2.1 - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2861=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2861=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2861=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2861=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2861=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2861=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2861=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2861=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2861=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2861=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2861=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2861=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2861=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2861=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2861=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2861=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 - HPE Helion Openstack 8 (x86_64): java-1_7_0-openjdk-1.7.0.271-43.41.1 java-1_7_0-openjdk-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-debugsource-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-1.7.0.271-43.41.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-1.7.0.271-43.41.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-1.7.0.271-43.41.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.271-43.41.1 References: https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14578.html https://www.suse.com/security/cve/CVE-2020-14579.html https://www.suse.com/security/cve/CVE-2020-14581.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1174157 From sle-security-updates at lists.suse.com Tue Oct 6 01:14:06 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 6 Oct 2020 09:14:06 +0200 (CEST) Subject: SUSE-CU-2020:507-1: Security update of suse/sles12sp3 Message-ID: <20201006071406.1F5FFFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:507-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.211 , suse/sles12sp3:latest Container Release : 24.211 Severity : moderate Type : security References : 1120629 1120630 1120631 1127155 1131823 1137977 1169488 1173227 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2660-1 Released: Wed Sep 16 16:15:10 2020 Summary: Security update for libsolv Type: security Severity: moderate References: 1120629,1120630,1120631,1127155,1131823,1137977,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 This update for libsolv fixes the following issues: This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products. libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2777-1 Released: Tue Sep 29 11:26:41 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1169488,1173227 This update for systemd fixes the following issues: - Fixes some file mode inconsistencies for some ghost files (bsc#1173227) - Fixes an issue where the system could hang on reboot (bsc#1169488) From sle-security-updates at lists.suse.com Tue Oct 6 01:25:01 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 6 Oct 2020 09:25:01 +0200 (CEST) Subject: SUSE-CU-2020:508-1: Security update of suse/sles12sp4 Message-ID: <20201006072501.25AA3FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:508-1 Container Tags : suse/sles12sp4:26.244 , suse/sles12sp4:latest Container Release : 26.244 Severity : moderate Type : security References : 1120629 1120630 1120631 1127155 1131823 1137977 1169488 1173227 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2660-1 Released: Wed Sep 16 16:15:10 2020 Summary: Security update for libsolv Type: security Severity: moderate References: 1120629,1120630,1120631,1127155,1131823,1137977,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 This update for libsolv fixes the following issues: This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products. libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2777-1 Released: Tue Sep 29 11:26:41 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1169488,1173227 This update for systemd fixes the following issues: - Fixes some file mode inconsistencies for some ghost files (bsc#1173227) - Fixes an issue where the system could hang on reboot (bsc#1169488) From sle-security-updates at lists.suse.com Tue Oct 6 01:30:49 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 6 Oct 2020 09:30:49 +0200 (CEST) Subject: SUSE-CU-2020:509-1: Security update of suse/sles12sp5 Message-ID: <20201006073049.E4681FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:509-1 Container Tags : suse/sles12sp5:6.5.71 , suse/sles12sp5:latest Container Release : 6.5.71 Severity : moderate Type : security References : 1120629 1120630 1120631 1127155 1131823 1137977 1175811 1175830 1175831 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2652-1 Released: Wed Sep 16 14:43:23 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2660-1 Released: Wed Sep 16 16:15:10 2020 Summary: Security update for libsolv Type: security Severity: moderate References: 1120629,1120630,1120631,1127155,1131823,1137977,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 This update for libsolv fixes the following issues: This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products. libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). From sle-security-updates at lists.suse.com Tue Oct 6 01:44:12 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 6 Oct 2020 09:44:12 +0200 (CEST) Subject: SUSE-CU-2020:510-1: Security update of suse/sle15 Message-ID: <20201006074412.E5DB8FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:510-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.276 Container Release : 4.22.276 Severity : moderate Type : security References : 1161335 1165424 1170347 1173273 1173529 1174240 1174561 1174918 1175342 1175568 1175592 1175811 1175830 1175831 1176625 1176759 CVE-2020-8027 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2814-1 Released: Thu Oct 1 09:55:30 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1161335,1176625 This update for permissions fixes the following issues: - whitelist WMP (bsc#1161335, bsc#1176625) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2817-1 Released: Thu Oct 1 10:38:37 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2825-1 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) From sle-security-updates at lists.suse.com Tue Oct 6 07:14:31 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 6 Oct 2020 15:14:31 +0200 (CEST) Subject: SUSE-SU-2020:2864-1: moderate: Security update for gnutls Message-ID: <20201006131431.42199FD12@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2864-1 Rating: moderate References: #1176086 #1176181 #1176671 Cross-References: CVE-2020-24659 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2864=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-14.4.1 gnutls-debuginfo-3.6.7-14.4.1 gnutls-debugsource-3.6.7-14.4.1 libgnutls-devel-3.6.7-14.4.1 libgnutls30-3.6.7-14.4.1 libgnutls30-debuginfo-3.6.7-14.4.1 libgnutls30-hmac-3.6.7-14.4.1 libgnutlsxx-devel-3.6.7-14.4.1 libgnutlsxx28-3.6.7-14.4.1 libgnutlsxx28-debuginfo-3.6.7-14.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libgnutls30-32bit-3.6.7-14.4.1 libgnutls30-32bit-debuginfo-3.6.7-14.4.1 libgnutls30-hmac-32bit-3.6.7-14.4.1 References: https://www.suse.com/security/cve/CVE-2020-24659.html https://bugzilla.suse.com/1176086 https://bugzilla.suse.com/1176181 https://bugzilla.suse.com/1176671 From sle-security-updates at lists.suse.com Tue Oct 6 13:17:50 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 6 Oct 2020 21:17:50 +0200 (CEST) Subject: SUSE-SU-2020:2872-1: moderate: Security update for hexchat Message-ID: <20201006191751.006B1FD12@maintenance.suse.de> SUSE Security Update: Security update for hexchat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2872-1 Rating: moderate References: #1020739 #1034310 Cross-References: CVE-2016-2087 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for hexchat fixes the following issues: - CVE-2016-2087: A directory traversal was possible if a user could be convinced to connect to a server with a hostname with ".." in its name. (bsc#1020739). This non-security issue was fixed: - Add dependency on iso-codes and hwdata as hexchat tries to use them (bsc#1034310) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2872=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): hexchat-2.12.0-6.5.146 hexchat-debuginfo-2.12.0-6.5.146 hexchat-debugsource-2.12.0-6.5.146 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): hexchat-lang-2.12.0-6.5.146 References: https://www.suse.com/security/cve/CVE-2016-2087.html https://bugzilla.suse.com/1020739 https://bugzilla.suse.com/1034310 From sle-security-updates at lists.suse.com Tue Oct 6 13:18:52 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 6 Oct 2020 21:18:52 +0200 (CEST) Subject: SUSE-SU-2020:2870-1: moderate: Security update for nodejs8 Message-ID: <20201006191852.85AC1FD12@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2870-1 Rating: moderate References: #1172686 #1173937 Cross-References: CVE-2020-15095 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for nodejs8 fixes the following issues: - CVE-2020-15095: Fixed information leak through log files (bsc#1173937). - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-2870=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-3.38.1 nodejs8-debuginfo-8.17.0-3.38.1 nodejs8-debugsource-8.17.0-3.38.1 nodejs8-devel-8.17.0-3.38.1 npm8-8.17.0-3.38.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): nodejs8-docs-8.17.0-3.38.1 References: https://www.suse.com/security/cve/CVE-2020-15095.html https://bugzilla.suse.com/1172686 https://bugzilla.suse.com/1173937 From sle-security-updates at lists.suse.com Wed Oct 7 01:14:57 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 7 Oct 2020 09:14:57 +0200 (CEST) Subject: SUSE-CU-2020:513-1: Security update of suse/sle15 Message-ID: <20201007071457.6076BFD14@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:513-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.762 Container Release : 8.2.762 Severity : moderate Type : security References : 1176086 1176181 1176671 CVE-2020-24659 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) From sle-security-updates at lists.suse.com Wed Oct 7 10:15:11 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 7 Oct 2020 18:15:11 +0200 (CEST) Subject: SUSE-SU-2020:2876-1: critical: Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-nova, python-Flask-Cors, rubygem-crowbar-client, storm, storm-kit, venv-openstack-cinder, venv-openstack-horizon Message-ID: <20201007161511.59B06FD12@maintenance.suse.de> SUSE Security Update: Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-nova, python-Flask-Cors, rubygem-crowbar-client, storm, storm-kit, venv-openstack-cinder, venv-openstack-horizon ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2876-1 Rating: critical References: #1117080 #1142617 #1143163 #1172450 #1174583 #1175484 #1175986 SOC-10300 SOC-10522 SOC-11184 SOC-11223 SOC-11364 SOC-5480 SOC-9008 SOC-9779 SOC-9974 SOC-9998 Cross-References: CVE-2018-11779 CVE-2018-17954 CVE-2018-18623 CVE-2018-18624 CVE-2018-18625 CVE-2019-0202 CVE-2020-11110 CVE-2020-17376 CVE-2020-25032 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes 9 vulnerabilities, contains 10 features is now available. Description: This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-nova, python-Flask-Cors, rubygem-crowbar-client, storm, storm-kit, venv-openstack-cinder, venv-openstack-horizon fixes the following issues: Security changes on this update: grafana: - CVE-2018-18623, CVE-2018-18624, CVE-2018-18625: Fixed multiple XSS vulnerabilities, caused by an incomplete fix for CVE-2018-12099 (bsc#1172450). - CVE-2020-11110: Fixed a stored XSS in dashboard snapshots (bsc#1174583). openstack-nova: - CVE-2020-17376: Fixed an information leak during live migration (bsc#1175484). python-Flask-Cors: - CVE-2020-25032: Fixed a potential information leak through path traversal (bsc#1175986). rubygem-crowbar-client: - CVE-2018-17954: Fixed an issue where provision leaks admin password to all nodes in cleartext (bsc#1117080) Non security changes on this update: Changes in ardana-ansible: - Ensure that installing SOC 9 triggers removal of any existing ardana-freezer package, which is not available for SOC 9 (SOC-9779) - Update to version 9.0+git.1596813072.110811d: * Update the Swift XFS inode size check (SOC-10300) - Update to version 9.0+git.1596487185.d56da1b: * Remove lingering Cloud9 development hack (SOC-5480) - Update to version 9.0+git.1596479802.67906d5: * Enable SLE12 SP3 LTSS for SMT deployments (SOC-11223) - Update to version 9.0+git.1596209332.4ce15a6: * Fix upgrade validations Keystone V3 check target (SOC-10300) Changes in ardana-cinder: - Update to version 9.0+git.1596129576.0b3d3ce: * Install python-swiftclient as cinder-backup dependency (SOC-11364) Changes in ardana-cobbler: - Update to version 9.0+git.1588258487.3acf8ad: * Rip out unsupported distributions (SOC-9008) Changes in ardana-installer-ui: - Ensure SOC 9 package obsoletes HOS 8 equivalent package (SOC-11184) Changes in ardana-opsconsole-ui: - Add BuildRequires for ardana-devel so that the ardana_description macro is defined. - Ensure SOC 9 package obsoletes HOS 8 equivalent package (SOC-11184) Changes in ardana-osconfig: - Update to version 9.0+git.1597427032.a062830: * Check for HOS 8 release package being installed (SOC-11184) Changes in crowbar-core: - Update to version 6.0+git.1598519900.770074aa7: * upgrade: Allow transition from crowbar_upgrade to rebsct (trivial) Changes in grafana: - BuildRequire go1.14 explicitly - Add recompress source service - Add go_modules source service to create vendor.tar.gz containing 3rd party go modules. - Adjust spec to work for Grafana-6.7.4 - Adjust Makefile to work for Grafana-6.7.4 - Remove CVE-2019-15043.patch (merged upstream) - Remove CVE-2020-13379.patch (merged upstream) - Remove 0001-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch (merged upstream) - Update to version 6.7.4 (bsc#1172450, CVE-2018-18623, CVE-2018-18624, CVE-2018-18625, bsc#1174583, CVE-2020-11110) * Only allow 32 hexadecimal digits for the avatar hash * 6.7.3 cherry-picks (#23808) * Fix CI for pushing a multi-architecture manifest (#23327) * AzureMonitor: Fix Log Analytics and Application Insights for Azure China (#21803) (#22753) * Revert "grafana/data: PanelTypeChangedHandler API update to use PanelModel instead of panel options object [BREAKING] (#22754)" * Bumped version * Snapshots: Sanitize orignal url (#23254) * Plugins: Expose promiseToDigest (#23249) * Variables: Do not update variable from url when value is the same (#23220) * DashboardSave: Add new dashboard check (#23104) * Fix: reverted back to `import * as module` instead of using namespaces (#23069) * BackendSrv: Adds config to response to fix external plugins that use this (#23032) * DataLinks: make sure we use the correct datapoint when dataset contains null value. (#22981) * Fix mysterious Babel plugin errors (#22974) * Select: Fixed select text positition (#22952) * grafana/data: PanelTypeChangedHandler API update to use PanelModel instead of panel options object [BREAKING] (#22754) * Docs: Fix Broken Link (#22894) * Panels: Fixed size issue with panels when existing panel edit mode (#22912) * Azure: Fixed dropdowns not showing current value (#22914) * BackendSrv: only add content-type on POST, PUT requests (#22910) * Check if the datasource is of type loki using meta.id instead of name. (#22877) * CircleCI: Pin grabpl to 0.1.0 (#22904) * Design tweaks (#22886) * Rich history UX fixes (#22783) * AzureMonitor: support workspaces function for template variables (#22882) * SQLStore: Add migration for adding index on annotation.alert_id (#22876) * Plugins: Return jsondetails as an json object instead of raw json on datasource healthchecks. (#22859) * Backend plugins: Exclude plugin metrics in Grafana's metrics endpoint (#22857) * Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node (#22856) * Stackdriver: Fix GCE auth bug when creating new data source (#22836) * @grafana/runtime: Add cancellation of queries to DataSourceWithBackend (#22818) * Rich history: Test coverage (#22852) * Datasource config was not mapped for datasource healthcheck (#22848) * upgrades plugin sdk to 0.30.0 (#22846) * Rich History: UX adjustments and fixes (#22729) * TablePanel: Enable new units picker (#22833) * Fix dashboard picker's props (#22815) * Grafana-UI: Add invalid state to Forms.Textarea (#22775) * SaveDashboard: Updated modal design/layout a bit (#22810) * Forms: Fix input suffix position (#22780) * AngularPanels: Fixed inner height calculation (#22796) * Fix: fixes issue with headers property with different casing (#22778) * DataSourceWithBackend: use /health endpoint for test (#22789) * Chore: remove expressions flag and allow (#22764) * Core: Pass the rest of to props to Select (#22776) * Add support for sending health check to datasource plugins. (#22771) * Datasource: making sure we are having the same data field order when using mixed data sources. (#22718) * DashboardSave: Autofocus save dashboard form input (#22748) * @grafana/e2e: cherry picked 4fecf5a7a65f5b7b4c03fefb9a3da15cee938f02 (#22739) * CircleCI: Implement new release pipeline (#22625) * Toolkit: use fs-extra instead of fs (#22723) * What's new docs for 6.7 release (#22721) * Backend Plugins: use sdk v0.26.0 (#22725) * PanelInspector: Add Stats Tab (#22683) * Revert "Graph: Improve point rendering performance (#22610)" (#22716) * Docs: add rendering configuration in reporting (#22715) * reverting the changes that failed the e2e tests. (#22714) * Remove multiple occurrences of "before" (#22710) * Datasources: Update dashboards (#22476) * API: Fix redirect issues (#22285) * Explore: adds QueryRowErrors component, moves error display to QueryRow (#22438) * RichHistory: Design Tweaks (#22703) * Modals: Unify angular/react modals backdrop color (#22708) * Graphite: Don't issue empty "select metric" queries (#22699) * support duplicate field names in arrow format (#22705) * UX: Update new form styles to dark inputs (#22701) * Docs: Grammar corrections * Docs: Overcoming Grammatical errors (#22707) * Pass dashboard via angular directive (#22696) * Docs: Replace "API" by "Integration" key for PagerDuty (#22639) * Docs: Edited Enterprise docs (#22602) * CloudWatch: Expand alias variables when query yields no result (#22695) * Dependency: sdk's dataframe package renamed to data (#22700) * @grafana/e2e: include Cypress tsconfig in published package (#22698) * Graphite: Update config editor (#22553) * @grafana/e2e: fix runtime ts-loader errors with Cypress support files (#22688) * Docs: Add version note about Azure AD OAuth2 (#22692) * StatPanel: Return base color when there is no value set (#22690) * Send jsondata for Datasources on DatasourceConfig for backend plugins (#22681) * Explore: Rich History (#22570) * XSS: Fixed history XSS issue (#22680) * Fix caching problem (#22473) * on update for checkbox and switch (#22656) * Notification Channel: Make test button wider (#22653) * Backend plugins: Updates due to changes in SDK (#22649) * Make sure commit hook in FieldPropertiesEditor is invalidated when value changes (#22673) * Docs: Plugin.json: Fix property descriptions, add missing properties, add example (#22281) * Alerting: Fixed bad background color for default notifications in alert tab (#22660) * Webpack: Updated terser plugin (#22669) * Core: DashboardPicker improvements (#22619) * Storybsck: Forms.Form docs (#22654) * Templating: Migrates some variable types from Angular to React/Redux (#22434) * Grafana UI: Fix Forms.Select onChangeWithEmpty (#22647) * Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo (#21879) * @grafana/e2e: install necessary dependencies for published package (#22657) * DashboardSave: Correctly overwrite dashboard when saving (#22650) * StatPanel: Fixes base color is being used for null values (#22646) * FieldOverrides: Add value mappings editor to standard config properties registry (#22648) * Docs: Update gauge.md (#22637) * Docs: Create Intro grafana (#22522) * Toolkit: wrap plugin signing stub with error checking (#22626) * @grafana/e2e: fix empty bundle files (#22607) * Toolkit: include a github release utility (#22520) * Rendering: Have phantomjs wait a bit before rendering to give fonts a change to load (#22623) * Cascader: Do not override default width behavior (#22620) * Update documentation-style-guide.md (#22581) * Adds signed in user to backend v2 plugins requests (#22584) * CloudWatch: updated namespaces - Athena, DocDB, and Route53Resolver (#22604) * Graph: Improve point rendering performance (#22610) * Alerting: Fix state age test failures (#22606) * Docs: Update image_rendering.md (#22586) * UI: Segment improvements (#22601) * remove section about alias imports (#22585) * Backend Plugins: Support handling of streaming resource response (#22580) * Stackdriver: Migrate GCE default project (#22593) * Toolkit: plugin ci needs to cooperate better with make/mage (#22588) * surround CloudWatch dimension names with double quotes (#22222) * Fix: when reloading page make sure that time picker history is converted to dateTime. * Core: add active users stat (#22563) * Chore: Modules tidy and vendor (#22578) * Loki: use series API for stream facetting (#21332) * Testing code owners for backend code (#22572) * Azure Monitor: config editor updates, update sameas switch, fix test snaps (#22554) * Grafana-UI: Use value for Radio group id (#22568) * Chore: fix moment import in alerting tests (#22567) * avoid aliased import in cli (#22566) * Chore: Avoid aliasing importing models in api package (#22492) * ShareModal: able to extend tabs (#22537) * Tests: fix alerting reducers tests (#22560) * Logs: Improve log level guess (#22094) * DataSourceWithBackend: apply template variables (#22558) * @grafana/e2e: added support for plugin repositories (#22546) * Add fallback to search_base_dns if group_search_base_dns is undefined. (#21263) * Docs: Added a Markdown Style Guide (#22425) * Old AsyncSelect: Add story (#22536) * Chore: add missing aria-label for rendered panel image (e2e tests) (#22543) * Form migrations: Dashboard- and TimeZonePicker (#22459) * Migration: Share dashboard/panel modal (#22436) * Revert "Select: scroll into view when navigate with up/down arrows (#22503)" (#22535) * Backend plugins: Prepare and clean request headers before resource calls (#22321) * Cascader: Add size for input (#22517) * ArrowDataFrame: allow empty results (#22524) * Migration: Save dashboard modals (#22395) * Toolkit: don't clean dist folder before build (#22521) * Docs: Add Storybsck guidelines (#22465) * Docs: Removed menu links to SDK Reference until we are ready for 7.0 (#22509) * Stackdriver: Project selector (#22447) * Select: scroll into view when navigate with up/down arrows (#22503) * Elastic: To get fields, start with today's index and go backwards (#22318) * API: Include IP address when logging request error (#21596) * chore: avoid aliasing imports in services (#22499) * Grafana-UI: add storysource addon to Storybsck (#22490) * canary 404 previous versions (#22495) * Fix Dockerfile lint errors (#22496) * Migration: Invite Signup (#22437) * Core: add hideFromMenu for child items (#22494) * Dashboard: Adds support for a global minimum dashboard refresh interval (#19416) * CI: Deploy enterprise image (#22488) * changelog: adds note about breaking change (#22480) * chore: avoid alias for models in plugins (#22483) * chore: avoid aliasing models in middleware (#22484) * Grafana UI: Add missing argument (#22487) * NewPanelEditor: Angular panel options, and angular component state to redux major change (#22448) * @grafana/ui: Create slider component (#22275) * Icons: add reports icon (#22445) * Panel inspect: Horizontal scrolling in Data table (#22245) * Alerting: Fixed the issue/bug of diff and percent_diff functions *Breaking change* (#21338) * App Plugins: support react pages in nav (#22428) * Optimized package.json files (#22475) * Toolkit: add junit reporting and jest.config.js to plugin build (#22450) * Grafana UI: Add forwardRef (#22466) * Docs: Update Getting started (#22422) * pkg/api/pluginproxy: Access token provider should handle access tokens without ExpiresOn field (#19928) * Documentation: Specify usage of datasource whitelist (#22412) * Form: Allow default values updates (#22435) * NewPanelEditor: Wait a bit before resending query result on panel editor exit (#22421) * Grafana-UI: update date picker (#22414) * grafana-cli: Upgrade to urfave/cli v2 (#22402) * Docs: adding first version of the auto-generated packages API docs. (#22107) * NewPanelEditor: Panel edit tweaks (#22415) * Core: Make application title customizable for WL (#22401) * Fix: making select to return empty list when no values are selected in multivalue mode. * Fix: Added missing "remove"-icon for light theme. * Docs: adding API reference documentation support for the packages libraries. (#21931) * Accessibility: Makes tag colors more accessible (#22398) * Admin: fix images on license page (#22413) * DataSourceWithBackend: Add a get/post resource standard path (#22408) * Docs: Fix examples, grammar, add links (#22406) * Docs: Add links, fix grammar, formatting, wording (#22381) * Changelog: adds missing enterprise features (#22399) * Docs: Add info on active LDAP sync (#22347) * Docs: Fixed formatting issue in new stat docs (#22390) * @grafana/toolkit: completed support for source maps in plugin builds (#22379) * UX: BackButton left arrow icon (#22369) * Scrollbar: Show scrollbar on only on hover (#22386) * NewPanelEditor: Fixed cleanup that could cause crash (#22384) * Theme: Fixed bug in sass file (#22382) * Alerting: Don't include image_url field with Slack message if empty (#22372) * Docs: New doc pages for panels Stat, Gauge & Bar Gauge (#22335) * Docs: Update front-end style guide (#22197) * Chore: Update latest.json (#22345) * CircleCI: Fix publishing of releases (#22342) * Changelog: v6.6.2 (#22341) * CircleCI: Switch to new master build pipeline (#22158) * Docs: Update white-labeling.md (#22224) * Webpack: Upgrade terser webpack plugin (#22332) * grafana/ui: Export TextArea under Forms namespace (#22328) * Suggesting couple of changes to the document (#22298) * Correcting Line 22 (#22292) * Docs: Fix "enable" steps formatting (#22324) * [Docs] Improvised instructions for adding data source. (#22305) * DashLinks: Add pull right to dropdown menu (#22233) * Migration: User invite (#22263) * Select: Fix focus issue and remove select container (#22309) * Annotations: Call panel refresh when table transform changes to annotations (#22323) * Docs: Couple of changes to the document (#22291) * Docs: Typo correction in Line 19 (#22297) * Rendering: Store render key in remote cache (#22031) * Backend Plugins: Provide proper plugin config to plugins (#21985) * New panel edit: data links tweaks (#22304) * Metrics: Add gauge for requests currently in flight (#22168) * OAuth: Enforce auto_assign_org_id setting when role mapping enabled using Generic OAuth (#22268) * CircleCI: Upgrade Ubuntu base image to 19.10 also for enterprise (#22315) * CI: check ubuntu and alpine images with trivy (#22314) * Docker: Upgrade Ubuntu to 19.10 (#22306) * grafana/data: runtime dependencies moved from devDependencies (#22283) * PanelInspector: Fixed issue in panel inspector (#22302) * grafana/ui: Add basic horizontal and vertical layout components (#22303) * Field Config Editors: Remove namespacing from standard field config editors (#22296) * CircleCI: Increase nodejs max memory (#22295) * Update rpm.md (#22284) * FieldConfigs: String select type & cell display mode added to table panel (#22274) * LinkSrv: Add newlines so I can read code * Docs: Fix TestData docs (#22279) * API: Improve recovery middleware when response already been written (#22256) * Update mac.md (#22280) * @grafana/toolkit: lint fix option now writes changes to disk (#22278) * Docs: minor fixes (#22223) * Reorder cipher suites for better security (#22101) * Docs: Minor typo fix (#22221) * NewPanelEdit: Add back datalinks and new table panel fix (#22267) * Prometheus: Implement region annotation (#22225) * Table: Fixed header alignment (#22236) * Data proxy: Log proxy errors using Grafana logger (#22174) * TimePicker: fixing weird behavior with calendar when switching between months/years (#22253) * Update timeseries.md (#20795) * Auth: Don't rotate auth token when requests are cancelled by client (#22106) * Elastic: Map level field based on config. (#22182) * Sqlstore: guard against getting a dashboard without specifying identi??? (#22246) * Migrations: Signup page (#21514) * Storybsck: Add color theme and theme switcher (#22005) * NewPanelEditor: Making angular panels reuse data and render on edit mode enter (#22229) * PanelEdit: Title tweaks (#22237) * NewPanelEdit: Minor changes (#22239) * Chore: Fixed strict null errors (#22238) * NewPanelEditor: Thresholds v2 (#22232) * Toolkit: support sass style for plugins (#22235) * add CloudWatch Usage Metrics (#22179) * FieldOverrides: Fix issue with same series name for every display value (#22234) * Inspector: find the datasource from the refId, not the metadata (#22231) * New panel editor: Persist panel editor ui state (#22210) * Toolkit: don't create declaration files for plugins (by default) (#22228) * Docs: Update windows.md (#22185) * Docs: Add linking topic (#21986) * Docs: Refactored Enterprise side menu (#22189) * CircleCI: Push master Docker images without revision in tag (#22218) * Alerting: Update the types of recipient supported by the Slack notifier (#22205) * docs: change URL occurences to uppercase (#22151) * Docs: Fix link for provisioning data sources (#22159) * DevEnv: update frontend dependencies - tests (#22140) * DevEnv: update frontend dependencies - type definitions (#22141) * Make Explore panel link work when grafana served from sub url (#22202) * DevEnv: update frontend dependencies - node (#22139) * API: Fix redirect issue when configured to use a subpath (#21652) * Inspect: Inspect header design update (#22120) * FieldOverrides: FieldOverrides UI (#22187) * Azure OAuth: enable teamsync (#22160) * Docs: Organize basic concepts and getting started (#21859) * FieldOverides: apply field overrides based on configuration (#22047) * Docs: Suggesting few changes to the doc (#22115) * Docs: Update phrasing line 35 (#22152) * Docs: Correcting Typo in Line131 (#22155) * Dashboard: fixed padding inconsistency * BackendSrv: Fixes a stupid mistake with a missing return (#22177) * PanelEdit: Fixed timing and state related issues (#22131) * Elastic: Replace range as number not string (#22173) * change sync target branch to master (#21930) * e2e: Fixed issue with aria label (#22166) * Fix: Do not remove whitespace in PanelLink url (#22087) * React Migration: Migrates FolderPicker from angular to react (#21088) * Auth: Azure AD OAuth (#20030) * DevEnv: update frontend dependencies - grunt (#22136) * Bugfix: updates cloudwatch query editor test async render to prevent it from throwing error (#22150) * NewPanelEdit: Design tweaks (#22156) * TestData: Update streaming.json (#22132) * DevEnv: update frontend dependencies - babel (#22135) * Docs: Fix port config list formatting (#22113) * Explore: Refactor active buttons css (#22124) * Forms/Switch: Simplifies and adjusts CSS/Markup (#22129) * Datasource/Loki: Fixes issue where live tailing displayed date as invalid (#22128) * NewPanelEditor: Fixed issue going back to dashboard after pull page reload (#22121) * Loki, Prometheus: Fix PromQL and LogQL syntax highlighting (#21944) * NewPanelEdit: Added visualization tab / selection view (#22117) * Increase ts fork check mem limit (#22118) * NewPanelEditor: Panel editor tabs in state (url) (#22102) * Delete report.20200209.125304.14262.0.001.json * Annotation & Alerts: Makes various annotation and alert requests cancelable (#22055) * Select zindex (#22109) * Docs: Add doc templates (#21927) * Fix mentioning Slack users/groups (#21734) * Docs: Update rules.md (#21989) * Docs: Update metrics.md (#21988) * Docs: Update dashboard.md (#21951) * Docs: Added release notes tag (#22012) * Forms/RadioButtonGroup: Improves semantics and simplifies CSS (#22093) * Docs: add LDAP active sync limitation for single bind configuration (#22098) * Docs: Update behind_proxy.md to include HTTPS and URL rewrite example (#21832) * DataLinks: Avoid null exception in new edit mode (#22100) * Docs: Image rendering improvements (#22084) * Fix display of multiline logs in log panel and explore (#22057) * Fix/add width to toggle button group (#21924) * NewPanelEditor: Introduce redux state and reducer (#22070) * Prometheus: make $__range more precise (#21722) * New panel edit: data links edit (#22077) * Docs: fix minor typos in datasources.md (#22092) * Toolkit: add a warning about tslint migration (#22089) * Read `target` prop from the links in the footer (#22074) * CircleCI: Publish enterprise Docker dev image for new master pipeline (#22091) * CircleCI: Include build ID in version for new master pipeline (#22013) * Alerting: Handle NaN in reducers (#22053) * Toolkit: create manifest files for plugins (#22056) * Backend Plugins: make transform work again (#22078) * Docs: Fix broken link (#22010) * Docs: Fix formatting typo (#22067) * CircleCI: Publish enterprise ARM variants from master pipeline (#22011) * Chore: Adds cancellation to backendSrv request function (#22066) * Dashboard: Move some plugin & panel state to redux (#22052) * Docs: Clarify that extraction of zip is required to install plugin (#22061) * Chore: Fixes non utc tests (#22063) * Grafana ui/time of day picker ui improvements (#21950) * Links: Assure base url when single stat, panel and data links are built (#21956) * BackendSrv: Returns correct error when a request is cancelled (#21992) * Make zoom and time shift work after emmitter change (#22051) * New Editor: refresh when time values change (#22049) * New Editor: Add ValuePicker for overrides selection (#22048) * Collapse: add a controlled collapse (#22046) * Cascader: Fix issue where the dropdown wouldn't show (#22045) * New Editor: add display modes to fix ratio with actual display (#22032) * Chore: Use forwardRef in ButtonSelect (#22042) * DashNavTimeControls: remove $injector and rootScope from time picker (#22041) * New panel edit: field overrides ui (#22036) * Select: Portaling for Select (#22040) * New Select: Fix the overflow issue and menu positioning (#22039) * Upgrade: React layout grid upgrade (#22038) * PanelChrome: Use react Panel Header for angular panels. (#21265) * New Editor: add a tabs row for the query section (#22037) * New Editor: use unit picker (#22033) * Dashboard: Refactor dashboard reducer & actions (#22021) * New panel editor: Add title editor (#22030) * UnitPicker: Use the new Cascader implementation (#22029) * FieldEditor: extendable FieldConfig UI (#21882) * Cascader: Add enable custom value (#21812) * New panel edit: support scrolling (#22026) * Thresholds: get theme from context automatically (#22025) * New Panel Edit: works for panels with and without queries (#22024) * PanelEditor: use splitpane for new editor (#22022) * Select: Fixed allow custom value in Select/UnitPicker/Segment/AsyncSegment (#22018) * Chore: export arrow dataframe utilities (#22016) * TSLint ??? ESLint (#21006) * Docker: Publish enterprise image with master-commit tag (#22008) * Chore: Resolve random failure with golangci-lint (#21970) * New panel edit: don't query when entering edit mode (#21921) * Fix bad grammar in Dashboard Link page (#21984) * Update documentation-style-guide.md (#21736) * Prometheus: Allow sub-second step in the prometheus datasource (#21861) * Update latest.json versions to 6.6.1 (#21972) * Change log for 6.6.1 (#21969) * Datasource: updates PromExploreQueryEditor to prevent it from throwing error on edit (#21605) * Explore: Adds Loki explore query editor (#21497) * @grafana/ui: Fix displaying of bars in React Graph (#21968) * Prometheus: Do not show rate hint when increase function is applied (#21955) * Elastic: Limit the number of datapoints for the counts query (#21937) * Storybsck: Update categories (#21898) * Quota: Makes sure we provide the request context to the quota service (#21949) * Docs: Documentation for 6.6 Explore and Logs panel features (#21754) * Annotations: Change indices and rewrites annotation find query to improve database query performance (#21915) * Prometheus: Fixes default step value for annotation query (#21934) * Dashboard edit: Fix 404 when making dashboard editable * Publish from new master pipeline (#21813) * Metrics: Adds back missing summary quantiles (#21858) * delete redundant alias (#21907) * grafana/ui: Fix displaying of bars in React Graph (#21922) * Docs: Added developer-resources.md (#21806) * Fix formatting (#21894) * New Select: Blur input on select (#21876) * Fix/add default props to prom query editor (#21908) * Graph Panel: Fixed typo in thresholds form (#21903) * Disable logging in button (#21900) * DatasourceEditor: Add UI to edit custom HTTP headers (#17846) * Datasource: Show access (Browser/Server) select on the Prometheus datasource (#21833) * Docs: Update dashboard.md (#21896) * Docs: Update dashboard.md (#21200) * Docs: Make upgrading instructions for Docker work (#21836) * deps so can mock in tests (#21827) * Templating: Add new global built-in variables (#21790) * Fix: Reimplement HideFromTabs in Tabs component (#21863) * grafana/data: Remove unused PanelSize interface (#21877) * New Select: Extend creatable select api (#21869) * Backend plugins: Implement support for resources (#21805) * Docker: change plugin path in custom docker (#21837) * Image Rendering: Fix render of graph panel legend aligned to the right using Grafana image renderer plugin/service (#21854) * Docs: Update _index.md (#21700) * grafana/toolkit: Fix failing linter when there were lint issues (#21849) * DatasourceSettings: Fixed issue navigating away from data source settings page (#21841) * AppPageCtrl: Fix digest issue with app page initialisation (#21847) * Explore: adds basic tests to TableContainer checking the render and output on 0 series returned * Explore: adds MetaInfoText tests * Explore: adds export of MetaItem and its props * Explore: updates TableContainer to use MetaInfoText component * Explore: updates Logs component to use MetaInfoText component * Explore: adds MetaInfoText component * Explore: removes unnecessary styles for panel logs * Explore: updates Table container render to avoid rendering table on empty result * Explore: updates explore table container to show a span on 0 series returned * docs/cli: Fix documentation of reset-admin-password with --homepath (#21840) * Replace ts-loader with Babel (#21587) * Docs: Add information about license expiration (#21578) * Fix digest issue with query part editor's actions menu (#21834) * Graphite: Fixed issue with functions with multiple required params and no defaults caused params that could not be edited (groupByNodes groupByTags) (#21814) * TimePicker: Should display in kiosk mode (#21816) * Chore: Upgrade Storybsck to 5.3.9 (#21550) * Table: Make the height of the table include header cells (#21824) * StatPanels: Fixed migration from old singlestat and default min & max being copied even when gauge was disbled (#21820) * Docs: Update docker image run and configuration instructions (#21705) * DataFrame: update golden test files (#21808) * Docs: Alphabetize datasource names in sidebar under docs/Features/DataSources (#21740) * Inspect: Add error tab (#21565) * Select: Fix direct usages of react-select to make the scroll great again (#21822) * TablePanel: display multi-line text (#20210) * Fixed strict errors (#21823) * Fix: prevents the BarGauge from exploding when the datasource returns empty result. (#21791) * Select: Fix scroll issue (#21795) * Fix: Fixes user logout for datasourceRequests with 401 from datasource (#21800) * Azure Monitor: Fix Application Insights API key field to allow input (#21738) * Influxdb: Fix cascader when doing log query in explore (#21787) * Devenv: OpenTSDB dashboard (#21797) * MSI: License for Enterprise (#21794) * OpenTSDB: Add back missing ngInject (#21796) * Heatmap: Legend color range is incorrect when using custom min/max (#21748) * Config: add meta feature toggle (#21786) * Logs panel: Rename labels to unique labels (#21783) * Add link guide for installing new renderer (#21702) * Chore: Lowers strict error limit (#21781) * Chore: Removes Cypress record (#21782) * Docs: Document configuration of console, file and syslog log formats (#21768) * Annotations: Fixes this.templateSrv.replace is not a function error for Grafana datasource (#21778) * Fix typos in the communication documentation (#21774) * Chore: Fixes various strict null errors (#21763) * Forms: Allow custom value creation in async select (#21759) * Chore: bump react-select to 3.0.8 (#21638) * grafana/data: Add type for secure json in DataSourceAPI (#21772) * Influxdb: Fix issues with request creation and parsing (#21743) * Explore/Loki: Fix handling of legacy log row context request (#21767) * 6.6.0 latest (#21762) * Docs: Updates Changelog for 6.6.0 (#21753) * Docs: Update image rendering (#21650) * Docs: misc. nitpicks to the HTTP API docs (#21758) * Dashboard: fixes issue with UI not being re-rendered after moving dashboard * Dashboard: fixed issues with re-rendering of UI when importing dashboard (#21723) * Build: Added devenv docker block for testing grafana with traefik. * Update What's new in 6.6 (#21745) * Footer: Display Grafana edition (#21717) * BackendSrv: Fixes POST body for form data (#21714) * Docs: Update CloudWatch and Stackdriver docs for 6.6 (#21679) * BackendSrv: Adds missing props back to response object in datasourceRequest (#21727) * Explore: Fix context view in logs, where some rows may have been filtered out. (#21729) * Toolkit: add canvas-mock to test setup (#21739) * TablePabel: Sanitize column link (#21735) * Docs: Fix getting started links on Windows installation page (#21724) * Docs: Enterprise 6.6 (#21666) * Template vars: Add error message for failed query var (#21731) * Loki: Refactor editor and syntax hooks (#21687) * Devenv: Fixed devenv dashboard template var datasource (#21715) * Footer: added back missing footer to login page (#21720) * Admin: Viewer should not see link to teams in side menu (#21716) * Annotations: Fix issue with annotation queries editors (#21712) * grafana/ui: Remove path import from grafana-data (#21707) * Loki: Fix Loki with repeated panels and interpolation for Explore (#21685) * CircleCI: Add workflow for building with Grafana Build Pipeline (#21449) * StatPanels: Fixed possible migration issue (#21681) * Make importDataSourcePlugin cancelable (#21430) * Docs: Update what's new in 6.6 (#21699) * Docs: Fix broken link in upgrade notes (#21698) * Alerting: Support passing tags to Pagerduty and allow notification on specific event categories (#21335) * PhantomJS: Fix rendering of panels using Prometheus datasource * backendSrv: Only stringifies request body if payload isn't already a string (#21639) * Update changelog generation to ignore not merged pull requests (#21641) * StatPanel: minor height tweak (#21663) * Circle: Introduce es-check to branches & pr workflow (#21677) * Run query when region, namespace and metric changes (#21633) * Explore: Fixes some LogDetailsRow markup (#21671) * SQLStore: Fix PostgreSQL failure to create organisation for first time (#21648) * Migrations: migrate admin user create page (#21506) * Docs: Whats new updates (#21664) * CloudWatch: Auto period snap to next higher period (#21659) * Login: Better auto sizing of login logo (#21645) * Chore: Fixes PhantomJs by adding polyfills for fetch and AbortController (#21655) * Alert: Minor tweak to work with license warnings (#21654) * Toolkit: copyIfNonExistent order swapped (#21653) * Doc: Update configuration.md (#21602) * Explore: Fix log level color and add tests (#21646) * Templating: A way to support object syntax for global vars (#21634) * CloudWatch: Add DynamoDB Accelerator (DAX) metrics & dimensions (#21644) * next version 6.7.0 (#21617) * latest.jso: Update latest beta 6.6.0-beta1 (#21623) * Docs: Update changelog with attribution (#21637) * Docs: Updated what's new article (#21624) * Plugins: Apply adhoc filter in Elasticsearch logs query (#21346) * Changelog: v6.6.0-beta1 (#21619) * Chore: Remove angular dependency from backendSrv (#20999) * Emotion: Add main package with version 10 (#21560) * TestData: allow negative values for random_walk parameters (#21627) * Update musl checksums (#21621) * CloudWatch: Expand dimension value in alias correctly (#21626) * Devenv: InfluxDB logs dashboard (#21620) * Build: adds missing filters required to build oss msi (#21618) * BigValue: Updated test dashboard and made some chart sizing tweaks (#21616) * TestData: Adds important new features to the random walk scenario (#21613) * graphite: does not modify last segment when... (#21588) * grafana/ui: Add synced timepickers styling to TimePicker (#21598) * Explore: Remove destructuring of empty state in LogRowMessage (#21579) * Build: enables deployment of enterprise msi (#21607) * CI: MSI for Enterprise (#21569) * E2E docs: Add guide to debuging PhantomJS (#21606) * Toolkit: fix prettier error reporting (#21599) * Render: Use https as protocol when rendering if HTTP2 enabled (#21600) * Typescript: null check fixes, and news panel fix (#21595) * Inspect: table take full height in drawer (#21580) * OAuth: Fix role mapping from id token (#20300) * ButtonCascader: Fix error in Explore (#21585) * CloudWatch: Fix ordering of map to resolve flaky test take 2 (#21577) * Redux: Fixed function adding a new reducer (#21575) * Minor style changes on upgrade page (#21566) * Revert "Babel: use babel-loader instead of ts-loader, ng-annotate with babel-plugin-angularjs-annotate (#21554)" (#21570) * Explore: Context tooltip to copy labels and values from graph (#21405) * Config: Use license info instead of build info for feature toggling (#21558) * Fix merge problem (#21574) * CloudWatch: Fix ordering of map to resolve flaky test (#21572) * Docs: What's new in Grafana v6.6 Draft (#21562) * Explore: Create unique ids and deduplicate Loki logs (#21493) * Chore: Fix go vet problem (#21568) * Provisioning: Start provision dashboards after Grafana server have started (#21564) * CloudWatch: Calculate period based on time range (#21471) * Inspect: Download DataFrame to Csv (#21549) * CloudWatch: Multi-valued template variable dimension alias fix (#21541) * Babel: use babel-loader instead of ts-loader, ng-annotate with babel-plugin-angularjs-annotate (#21554) * Stackdriver: Support meta labels (#21373) * CI: Revert msi build (#21561) * Alerting: Fix image rendering and uploading timeout preventing to send alert notifications (#21536) * CI: adds missing files for ee msi (#21559) * CI: Enterprise MSI (#21518) * Add component: Cascader (#21410) * CloudWatch: Display partial result in graph when max DP/call limit is reached (#21533) * Dashboards: Default Home Dashboard Update (#21534) * Docs: Update rpm.md (#21547) * Docs: Update mac.md (#20782) * Templating: update variables on location changed (#21480) * Vendor: grafana-plugin-sdk-go v0.11.0 (#21552) * fix dateMath import in grafana-ui (#21546) * Explore/Loki: Filter expression only treated as regex when regex operator is used (#21538) * Fix TypeScript error (#21545) * Build: Ignore content of /pkg/extensions, not directory (#21540) * Update latest to 6.5.3 (#21509) * Explore: Ensures queries aren't updated when returning to dashboard if browser back is used (#20897) * Inspect: Use AutoSizer for managing width for content in tabs. (#21511) * Changelog generation: Generate grafana/ui changelog (#21531) * Toolkit: support less loader (#21527) * AppPlugin: remove simple app from the core repo (#21526) * @grafana/toolkit: cleanup (#21441) * DataFrames: add arrow test and capture metadata parsing errors (#21524) * DataLinks: allow using values from other fields in the same row (#21478) * grafana/data: Update plugin config page typings (BREAKING) (#21503) * Fix regex in convertCSSToStyle, add test coverage (#21508) * CloudWatch: Annotation Editor rewrite (#20765) * Admin: Add promotional page for Grafana Enterprise (#21422) * Add changelog for 6.5.3 * Backend Plugins: Collect and expose metrics and plugin process health check (#21481) * Auth: Rotate auth tokens at the end of requests (#21347) * Tabs: Hide Tabs on Page header on small screens (#21489) * Fix importing plugin dashboards (#21501) * SideMenu: Fixes issue with logout link opened in new tab (#21488) * DataLinks: Make data links input grow again (#21499) * Templating: use default datasource when missing (#21495) * Explore: Fix timepicker when browsing back after switching datasource (#21454) * Add disabled option for cookie samesite attribute (#21472) * Chore: Adds basic alerting notification service tests (#21467) * ImportDashboardCommand: Validate JSON fields (#21350) * Docs: add test for website build (#21364) * Fix: when clicking a plot on a touch device we won't display the annotation menu (#21479) * Backend Plugins: add a common implementation (#21408) * Alerting: new min_interval_seconds options to enforce a minimum eval frequency (#21188) * Panel: Use Tabs in panel inspector (#21468) * Docs: Update rpm install (#21475) * Alerting: Enable setting of OpsGenie priority via a tag (#21298) * Alerting: fallbackText added to Google Chat notifier (#21464) * Plugins: Move backend plugin manager to service (#21474) * Backend Plugins: Refactor backend plugin registration and start (#21452) * Admin: New Admin User page (#20498) * Docs: Update cli.md (#21470) * Fix: Tab icons not showing (#21465) * Chore: Add react-table typings to Table (#21418) * Login: Refactoring how login background is rendered (#21446) * StatPanel: Refactoring & fixes (#21437) * Chore: Migrates reducers and actions to Redux Toolkit (#21287) * DeleteButton: Button with icon only was not centered correctly. (#21432) * Logos: Refactoring a bit how logos are rendered (#21421) * Docs: Update documentation-style-guide.md (#21322) * More datasource funcs poc (#21047) * Docs: Update plugin installation and CLI (#21179) * Docs: Update debian.md (#21339) * Alerting: Adds support for sending a single email to all recipients in notification channel (#21091) * ThreemaNotifier: Use fully qualified status emoji (#21305) * Settings: Env override support for dynamic settings (#21439) * Security: refactor 'redirect_to' cookie to use 'Secure' flag (#19787) * Logs: Fix parsing for logfmt fields that have parens (#21407) * Improve documentation for the Prometheus data source (#21415) * Heatmap: fix formatting (#21433) * Docs: Fixed broken links of Datasource doc at Grafana plugin page (#21363) * ApiUser: Fix response when enabling, disabling or deleting a nonexistent user (#21391) * grafana/ui: Create Tabs component (#21328) * Inspector: support custom metadata display (#20854) * Table: Added text align option to column styles (#21175) * PluginPage: Add appSubUrl string to config pages url (#21414) * Docs: Remove comment about upcoming alerting for singlestat and table panels (#21416) * Footer: Single footer component for both react & angular pages (#21389) * API: Added alert state validation before changing its state (#21375) * AddDataSource: Added missing phantom plugin (#21406) * Plugins: Use grafana-plugin-sdk-go v0.5.0 (#21116) * UnitPicker: show custom units on load (#21397) * Cloud Watch: Standardize Config Editor Implementation (#20489) * CloudWatch: dimension_values templating fix (#21401) * Docs: explain how to setup the apt repo without helpers (#21194) * Build: prevent changes to pkg/extentions/main.go from throwing error on merge * TimeZones: fix utc test (#21393) * Build: package all binaries for enterprise (#21381) * Datasource: fixes prometheus datasource tests - adds align range * CircleCI: Testing upgrade to CircleCI 2.1 (#21374) * Storybsck: Remove reference to jquery.flot.pie file from storybsck config (#21378) * Cloudwatch: Fixed crash when switching from cloudwatch data source (#21376) * Docs: Added Squadcast notifications (#21372) * Chore: upgrade d3 (#21368) * Datasource: fix a bug where deleting data source will trigger save and test events (#21300) * Forms: revamped select (#21092) * Toolkit: add git log info to the plugin build report (#21344) * Docs: Use https scheme for Grafana playground links (#21360) * fix docs links (#21359) * AddDatasourcePage: Refactoring & more Phantom plugins (#21261) * Chore: Remove empty flot.pie file (#21356) * Docs: Fix link (#21358) * Docs: Fix InfluxDB templated dashboard link (#21343) * Rendering: Fix panel PNG rendering when using sub url & serve_from_sub_path = true (#21306) * NewsPanel: update default feed url (#21342) * docs: fix influxdb templated dashboard link (#21336) * Docs: Update Windows.md (#21333) * Arrow: don't export arrow... breaking phantomjs e2e test (#21331) * DataFrame: round trip metadata to arrow Table (#21277) * Prometheus: user metrics metadata to inform query hints (#21304) * Panel: disable edit/duplicate/delete entry for repeat panel (#21257) * Prometheus: Disable suggestions at beginning of value (#21302) * grafana/ui: Do not build in strict mode as grafana/ui depends on non-strict libs (#21319) * Docs: Update security.md (#20981) * @grafana/data: use timeZone parameter rather than isUtc (#21276) * Units: support dynamic count and currency units (#21279) * Docs: Added sudo and removed $ where inconsistent. (#21314) * ImgUploader: add support for non-amazon S3 (#20354) * Fix: tooltips value disappear when label has too long word (#21267) * Docs: Update provisioning.md (#21303) * Docs: Update alerting_notification_channels.md (#21245) * Loki: fix filter expression suggestions (#21290) * Prometheus: Fix label value suggestion (#21294) * Prometheus: Fix term completion that contain keywords (#21295) * Docs: Fixed broken links in Basic Concepts (#21035) * Docs: Edited Windows install instructions (#20780) * Docs: Update troubleshooting.md (#21244) * Fix internal links in http_api/dashboard.md (#21255) * Docs: Update README.md (#21274) * Docs: Fix aliases/redirects (#21241) * Docs: Document tracing.jaeger configuration (#21181) * Websockets: upgrade websocket libray to 1.4.1 (#21280) * FieldConfig: add thresholds and color modes (#21273) * Prometheus: improve tooltips (#21247) * Explore: Moves PromContext from query level to DataQueryRequest level (#21260) * BridgeSrv: do not strip base from `state.location.url` (#20161) * Graph: another tooltip fix (#21251) * Alerting: Add configurable severity support for PagerDuty notifier (#19425) * Graph: Fixed no value in graph tooltip (#21246) * Units: support farenheit (existing misspelling) (#21249) * Docs: fix typo (#21190) * Promtheus: Fix hint and error display for query rows (#21242) * Docs: fixed broken doc link for graph and table panels (#21238) * Docs: fix of broken doc link in the dashlist panel's help section (#21230) * Docs: Update the link to docs for singlestat (#21225) * Docks: Update provisioning.md with proper Slack settings (#21227) * Editor: Ignore closing brace when it was added by editor (#21172) * Explore: moves add query row button below query rows (#20522) * Explore: adds PrometheusExploreQueryEditor (#20195) * Simplify adjustInterval (#21226) * Sass: Checked in tmpl files * Table: Component progress & custom FieldConfig options (#21231) * Chore: remove StreamHandler and DataStreamState (#21234) * DashboardGrid: Fixed flickering while resizing (#21221) * docs: rename premium plugins to enterprise plugins (#21222) * NewsPanel: add news as a builtin panel (#21128) * grafana/toolkit: Readme update (#21218) * grafana/toolkit: Resolve modules correctly (#21216) * New bar gauge style: Unfilled (#21201) * Dashboard: new updated time picker (#20931) * Metrictank: fix bundled dashboard (#21209) * Tooltip: preventing xss injections via the colors variable. (#21203) * Livetailing: set table withd to 100% (#21213) * Docs: Fix broken link in debian.md (#21199) * Added back logo file (#21198) * Docs: fix ordering of apt setup (#21192) * Docs: Fix Azure ad generic OAuth code markdown formatting (#21189) * docs: rendering plugin required for reporting (#21162) * Chore: Fixes wrong e2e path in .gitignore (#21186) * e2e: Waits for login before moving forward (#21185) * PanelChrome: Mini refactor (#21171) * Tracing: Support configuring Jaeger client from environment (#21103) * @grafana/toolkit: webpack extend TS???JS (#21176) * [docs] Azure monitor link in templating (#21173) * grafana/toolkit: Add option to override webpack config (#20872) * Docs: Adds best practices after visit and a link back to e2e.md (#21117) * Changelog: Add PagerDuty breaking change (#21170) * DashboardGrid: Change grid margin to 8, to align to 8px grid (#21167) * Alerting: Add more information to webhook notifications (#20420) * Panel: Show inspect panel in Drawer instead of Modal (#21148) * Prometheus: Fix typehead after binary operators (#21152) * docs: always updates docker image before building docs site (#21165) * Table: Matches column names with unescaped regex characters (#21164) * DataLinks: Sanitize data/panel link URLs (#21140) * Dashboard: Only show resize-handle on hover (#21160) * PagerDuty: Fix custom_details to be a JSON object instead of a string (#21150) * grafana/ui: New table component (#20991) * e2e: Migrates query variable CRUD tests to new framework (#21146) * Chore: Upgrade react, react-dom, react-test-renderer versions (#21130) * Fix log row when query is short (#21126) * Prometheus: Display HELP and TYPE of metrics if available (#21124) * e2e: Updates truth image (#21132) * Cloudwatch ECS Container Insights Support (#21125) * FontSize: Change base font size to 14px (#21104) * Explore: Refactor log rows (#21066) * phantomjs: performance.getEntriesByType not supported (#21009) * New panel editor (behind feature toggle) (#21097) * e2e: Adds ScenarioContext and video recordings to e2e (#21110) * DashboardImport: Fixes broken import page in prod builds (#21101) * Dependencies: Bump npm from 6.9.0 to 6.13.4 (#21095) * Docs: Fix broken link in loki.md (#21098) * Dependencies: Upgrade grunt-contrib-compress to resolve issues with iltorb (#21096) * Update CODEOWNERS (#21093) * E2E: Testing recording e2e tests (#21094) * FieldConfig: set min/max automatically for gauge (#21073) * Postgres/MySQL/MSSQL: Adds support for region annotations (#20752) * Azure Monitor: Use default from datasource if not saved on dashboard/query (#20899) * Azure Monitor: Copy AM Creds to Log Analytics When Using Same As (#21032) * Docs: Add minimal hugo build, update docs README (#20905) * CI: Added junit test report (#21084) * UI: ConfirmButton component (#20993) * Angular/React: Migrates team creation form to react (#21058) * Templating: Fixes digest issues in Template Variable Editor (#21079) * OrgSwitcher: Fixed issue rendering org switcher even when it's not open (#21061) * Chore: Remove rejected files (#21072) * e2e: Uses should on first element after visit to prevent flakiness (#21077) * FieldConfig: support overrides model (#20986) * AngularPanels: fixed transparency issue (#21070) * Docs: Update configuration.md for #3349 (#21069) * OAuth: Removes send_client_credentials_via_post setting (#20044) * API: Validate redirect_to cookie has valid (Grafana) url (#21057) * Explore: Refactor log details table (#21044) * Prometheus: Prevents validation of inputs when clicking in them without changing the value (#21059) * Prometheus: Fixes so user can change HTTP Method in config (#21055) * MetricSegment: Fix metric segment UI crash in prod builds (#21053) * OpenTSDB: Adding lookup limit to OpenTSDB datasource settings (#20647) * Templating: Fixes default visibility for submenu to same as dashboard (#21050) * Create CODEOWNERS (#21045) * Elastic: Add data links in datasource config (#20186) * Alerting: Fix panic in dingding notifier (#20378) * Logs: Optional logs label column (#21025) * Chore: updated to latest stable version (#21033) * Docs: change log for release v6.5.2 (#21028) * Chore: Improve rendering logging (#21008) * Modules: Add patched goavro dependency for extensions (#21027) * Explore: Sync timepicker and logs after live-tailing stops (#20979) * Fix: Shows SubMenu when filtering directly from table (#21017) * Alerting: Fix template variable in query check (#20721) * Toolkit: remove unused plugin-ci report types (#21012) * MixedDatasources: Do not filter out all mixed data sources in add mixed query dropdown (#20990) * Docs: Change checkout to check out where necessary (#20926) * Promtheus: Improve tab completion (#20938) * build: adds IANA timezone info to windows build (#21001) * Loki: fix labels fetching when no initial range given (#21000) * Docs: Update datasource API examples (#20951) * UI: Segment fixes (#20947) * Stackdriver: Make service list searchable (#20989) * Remove un-used imports (#20937) * upgrade aws-sdk-go (#20957) * UI: ConfirmModal component (#20965) * Docs: Updates from puppeteer to Cypress (#20962) * e2e: Adds better log information during test runs (#20987) * Alert: If the permission is forbidden, keep the historical alarm data present. (#19007) * Graph: Add fill gradient option to series override line fill (#20941) * use https for fetch gravatar by default (#20964) * Prometheus: disable dynamic label lookup on big datasources (#20936) * Loki: Fix datasource config page test run (#20971) * Devenv: Fix loki block (#20967) * e2e: Replaces truth image (#20966) * Forms: introduce RadioButtonGroup (#20828) * Fix: Adds e2e as a package that needs to be built (#20961) * Make sure datasource variable is being used everywhere (#20917) * Refactor: Navigates directly to add data source page instead (#20959) * Alerting: Improve alert threshold handle dragging behavior (#20922) * DisplayProcessor: Interpret empty strings as NaN instead of 0 to support empty value map texts in Singlestat (#20952) * Prometheus: Refactor labels caching (#20898) * e2e: Uses Cypress instead of Puppeteer (#20753) * Renderer: Add user-agent to rendering plugin requests (#20956) * DataSource: remove delta option (#20949) * Elasticsearch: set default port to 9200 in ConfigEditor (#20948) * Loki: Remove appending of (?i) in Loki query editor if not added by user (#20908) * Datasource/Loki: Loki now goes to Logs mode when importing prom queries (#20890) * Cloudwatch: Defined explore query editor for cloudwatch (#20909) * Datasource/Loki: Empty metric name no longer replaced by query (#20924) * Revert "Modules: Add goavro dependency for extensions (#20920)" (#20928) * Docs: Update debian.md (#20910) * UI: Segment Input change (#20925) * Modules: Add goavro dependency for extensions (#20920) * UI: Segment Input (#20904) * Remove escaping of \ ( ) characters (#20915) * AngularPanels: Check for digest cycle on root scope (#20919) * InfluxDB: Use new datasource update option funcs (#20907) * Docs: Update debian-ubuntu installation instructions (#20875) * Search: Fixed angular digest issues (#20906) * Remove false positive error message for expression and id field (#20864) * fix notifications page (#20903) * Update documentation-style-guide.md (#20871) * Docs: update content to work with website repo (#20693) * Elastic: Fix multiselect variable interpolation for logs (#20894) * Singlestat: Fixed unit not showing and switched to new unit picker (#20892) * MetaAnalytics: Minor fix for meta analytics event (#20888) * Explore: Cleanup redundant state variables and unused actions (#20837) * Chore/Tech debt: Remove (most) instances of $q angular service use (#20668) * AngularPanels: Fixed loading spinner being stuck in some rare cases (#20878) * TeamPicker: Increase size limit from 10 to 100 (#20882) * Echo: mechanism for collecting custom events lazily (#20365) * StatPanel: change to beta * Azure Monitor: Standardize Config Editor Implementation (#20455) * GraphTooltip: added boundaries so we never render tooltip outside window. (#20874) * Graphite: Use data frames when procesing annotation query in graphite ds (#20857) * Elastic: Fix parsing for millisecond number timestamps (#20290) * Docs: Sync docs with website repo via GitHub Action (#20694) * Gauge/BarGauge: Added support for value mapping of "no data"-state to text/value (#20842) * UI: Use SelectableValue as Segment value (#20867) * Datasource/Loki: Fixes issue where time range wasn't being supplied with annotation query (#20829) * Server: Return 404 when non-pending invite is requested (#20863) * Explore: Fix reset reducer duplication (#20838) * CLI: Return error and aborts when plugin file extraction fails (#20849) * Datasource/Loki: Simplifies autocompletion (#20840) * Update README.md (#20820) * ValueFormats: dynamically create units (#20763) * @grafana/data: don't export ArrowDataFrame (#20855) * @grafana/data: export ArrowDataFrame (#20832) * Docs: Add section about derived fields for Loki (#20648) * Migration: Migrate org switcher to react (#19607) * Remove screencasts.md (#20845) * Update requirements.md (#20778) * Explore: Log message line wrapping options for logs (#20360) * AlertNotifier: Support alert tags in OpsGenie notifier (#20810) * Fix prettier (#20827) * Loki: Support for template variable queries (#20697) * Explore: Export timezone from redux state (#20812) * Forms: introduce checkbox (#20701) * OpenTsdb: Migrate Config Editor to React (#20808) * TablePanel, GraphPanel: Exclude hidden columns from CSV (#19925) * DataFrame: add utilities to @grafana/data that support apache arrow (#20813) * Panels: Fixed transparency option for angular panels (#20814) * CloudWatch: Upgrade aws-sdk-go (#20510) * Update documentation-style-guide.md (#20777) * Chore: Move Prometheus datasorce tests from specs folder and merge duplicated test files (#20755) * Profile: Remove sign-out tab from profile page (#20802) * Doc: Change inline comment on interface to doc comment (#20794) * Server: Fail when unable to create log directory (#20804) * Update stale.yml * Rename config.yaml to config.yml * GitHub: Add link to forum when adding new issue (#20798) * Datasource/Loki: Fixes regression where enhanceDataFrame was not called (#20660) * Updated changelog * Docs: Updated changelog * SQLStore: Test admins/editors/viewers stats validity (#20751) * Graph-Panel: Center option for bar charts (#19723) * Packages: Fixed rollup issue with grafana-ui (#20790) * Stalebot: update issue config (#20789) * Stalebot: Automatically label PRs with no activity after 14 days as stale, then after 30 days close (#20179) * StatPanel: ColorMode, GraphMode & JustifyMode changes (#20680) * Units: Remove SI prefix symbol from new milli/microSievert(/h) (#20650) * Graphite: Add metrictank dashboard to Graphite datasource (#20776) * Docs: Remove typo from mssql.md (#20748) * Navigation: Fix navigation when new password is chosen (#20747) * Cleanup: use the local variable (#20767) * Prometheus: Fix caching for default labels request (#20718) * Release: Updates latest.json and grafana/packages/*/package.json (#20734) * Release: Updates Changelog for 6.5.1 (#20723) * ReactMigration: Migrate Graphite config page to React (#20444) * SQLStore: Rewrite system statistics query to count users once (#20711) * Docs: Clean up influxdb.md (#20618) * CloudWatch: Region template query fix (#20661) * Units: remove unreachable code (#20684) * Tests: Skipping Template Variable tests for now (#20707) * Datasource/Loki: Fix issue where annotation queries weren't getting their variables interpolated (#20702) * Documentation: Add missing blank in docker run command (#20705) * Server: Defer wg.Done call to ensure it's called (#20700) * Fix: Fixes templateSrv is undefined for plugins that do not use @@ngInject (#20696) * Server: Clean up startup logic/error checking (#20679) * CloudWatch: Annotations query editor loading fix (#20687) * OAuth: Add missing setting from defaults.ini (#20691) * DataLinks: Refactor title state (#20256) * Forms: TextArea component (#20484) * Explore: Adjust the max-width of the tooltip (#20675) * Units: Add currency and energy units (#20428) * transform: update to use sdk with frame.labels moved to frame.[]field.labels (#20670) * dev: fix pre-commit typo in toolkit (#20673) * Docs: Update change user password payload in http api (#20666) * Chore: Sync defaults.ini with sample.ini (#20645) * Loki: Fix query error for step parameter (#20607) * Fix: Disable draggable panels on small devices (#20629) * Chore: Remove several instances of non-strict null usage (#20563) * StatPanel: Rename singlestat2 to stat (#20651) * Panels: Add support for panels with no padding (#20012) * CloudWatch: Docs updates after feedback (#20643) * Explore: Update docs with updated images (#20633) * Build: Update latest.json (#20638) * Forms: Introduce form field (#20632) * docs: update versions (#20635) * Changelog: 6.4.5 (#20625) * Changelog: 6.5.0 (#20620) * Docs: 6.5 update (#20617) * Chore: Improve grafana-server profiling and tracing (#20593) * grafana/toolkit: Update FAQ (#20592) * Forms: Introduce new Switch component (#20470) * E2E: Adds tests for QueryVariable CRUD (#20448) * Toolkit: Do not continue after compile error (#20590) * BarGauge/Gauge: Add back missing title option field display options (#20616) * VizRepeater/BarGauge: Use common font dimensions across repeated visualisations (#19983) * Update services.md (#20604) * Docs: CloudWatch docs fixes (#20609) * Changelog: Add v6.3.7 (#20602) * Cloudwatch: Docs improvements (#20100) * Fix: Wrong path when sending package build time (#20595) * CloudWatch: Fix high CPU load (#20579) * Explore: UI changes for split view and live tailing (#20516) * Explore: Keep logQL filters when selecting labels in log row details (#20570) * Instrumentation: Edition and license info to usage stats (#20589) * Metrics: Add metric for each package build time (#20566) * grafana/toolkit: Smaller output after successful upload (#20580) * Table: Use the configured field formatter if it exists (#20584) * TextPanel: Fixes issue with template variable value not properly html escaped (#20588) * Docs: Update Explore docs for 6.5 (time-sync button & log details) (#20390) * Explore: UI changes for derived fields (#20557) * Docker: Custom dockerfiles, docker and image rendering docs update (#20492) * Tooltip: Fix issue with tooltip throwing an error when retrieving values (#20565) * Changelog: Reference a few more issues that were fixed (#20562) * Enable theme context mocking in tests (#20519) * Chore: Remove angular dependency from prometheus datasource (#20536) * Build: Verify checksums when downloading PhantomJS (#20558) * DevEnv: updates nodejs from 10.x to 12.x and golang to 1.13 in ci-deploy dockerfile. (#20405) * Explore: updates responsive button to pass all the div element props * Explore: fixes explore responsive button ref * Explore: adds a ref to responsive button * Explore: updates responsive button to forward ref * Explore: UI fixes for log details (#20485) * Document required Go version in developer guide (#20546) * UserTableView: Show user name in table view (#18108) * CloudWatch: enable min_interval (#20260) * CI: fix release script remove filtering (#20552) * Update dashboards (#20486) * CI: Build all platforms for Enterprise (#20389) * Alerting: Propagate failures to delete dashboard alerts (#20507) * Cloudwatch: Fix LaunchTime attribute tag bug (#20237) * Fix: Prevents crash when searchFilter is non string (#20526) * docs: what's new fixes (#20535) * What's new in 6.5 - adding CloudWatch topics (#20497) * grafana/ui: Expose Icon component (#20524) * Backend plugins: Log wrapper args formatting fix (#20521) * Build: Clean up scripts/grunt/options/phantomjs.js (#20503) * MySql: Fix tls auth settings in config page (#20501) * Backend plugins: Log wrapper args formatting (#20514) * CloudWatch: Remove HighResolution toggle since it's not being used (#20440) * API: Optionally list expired keys (#20468) * Image-rendering: Cleanup of rendering code (#20496) * Build: Reports times and outcomes from CircleCI jobs (#20474) * Chore: Upgrade prettier for grafana-toolkit (#20476) * TimePicker: Fixed update issue after plugin uses getLocationSrv().update (#20466) * Docs: Add explore images to What's new in v6.5 (#20442) * Chore: Bumps prettier version for new typescript syntax support (#20463) * handle PartialData status (#20459) * CloudWatch: Make sure period variable is being interpreted correctly (#20447) * Forms: New Input component (#20159) * UsersPage: Removed icon in external button (#20441) * Build: Fix RPM verification (#20460) * Dashboard Migrator: persist thresholds param if already set (#20458) * Docs: Fix developer guide link (#20434) * Fix package signing (#20451) * Build: Fix signing (#20450) * transform: changes to support sdk v0.2.0 (#20426) * Reporting: Handle timeouts in rendering (#20415) * Build: Upgrade build-container Docker image version (#20443) * Upgrade build-container image (#20438) * Provisioning: Fix unmarshaling nested jsonData values (#20399) * Fail when server is unable to bind port (#20409) * Devenv: Fix integration of postgres and fake-data-gen containers (#20329) * Util: Modify SplitHostPortDefault not to return an error for empty input (#20351) * InfluxDB: convert config editor to react (#20282) * Packages: stable release tags update (#20417) * Chore/Go-dep: change sdk to use new tag (#20422) * Chore: Log actual error when oauth pass thru fails (#20419) * Grafana/Loki: Adds support for new Loki endpoints and metrics (#20158) * Chore: Fix error caused by typescript upgrade (#20408) * Chore: Upgrade typescript to 3.7 (#20375) * NavLinks: Make ordering in navigation configurable (#20382) * Fix flot overriding onselectstart/ondrag events (#20381) * Docs: Updates docs for redux framework (#20377) * chore: fix "testing" version is latest.json (#20398) * transform_plugin: stop plugin when grafana stops (#20397) * Chore: Update latest.json (#20393) * Docs: What's new in Grafana v6.5 Draft (#20368) * Update changelog for v6.5.0-beta1 (#20350) * Chore: Move and wrap Cascader component to @grafana/ui (#20246) * MySql: Fix password regression in MySQL datasource (#20376) * CloudWatch: Datasource improvements (#20268) * grafana/toolkit: remove aws-sdk and upload to grafana.com API endpoint (#20372) * LDAP: last org admin can login but wont be removed (#20326) * Devenv: Replace deprecated SQL Server docker image (#20352) * DataFrame processing: Require table rows to be array (#20357) * grafana/ui: Add Icon component (#20353) * Telegram: Check error before adding defer close of image (#20331) * ValueFormats: fix description for dateTimeAsUS (#20355) * Fix alert names in dev dashboard (#20306) * Docs: Getting started edits (#19915) * Bus: Remove unused wildcard handlers and clean up tests (#20327) * Explore: updates breakpoint used to collapse datasource picker * Elastic: Fix Elastic template variables interpolation when redirecting to Explore (#20314) * transform_plugin: pass encoded dataframes through (#20333) * Links: Updated links to grafana.com (#20320) * Avatar: Don't log failure to add existing item to cache (#19947) * Devenv: Enable tracing for loki docker block (#20309) * Build: adds make target run-frontend (#20227) * Devenv: fix kibana in elastic7 docker block (#20308) * Build: Fix Docker builds (#20312) * Devenv: Add nginx_proxy_mac/nginx_login_only.conf (#20310) * Build: Build Ubuntu based Docker images also for ARM (#20267) * Devenv: fix connection in elastic 5 and 6 blocks (#20304) * Prometheus: Adds hint support to dashboard and fixes prometheus link in query editor (#20275) * Explore: Fix always disabled QueryField for InfluxDB (#20299) * Docker blocks: Add loki blocks for loki releases (#20172) * Explore: Fix interpolation of error message (#20301) * PanelLinks: fixed issue with old panel links and grafana behind a subpath (#20298) * ColorPicker: Fixes issue with ColorPicker disappearing too quickly (#20289) * Configuration: Update root_url to reflect the default value (#20278) * Templating: Made default template variable query editor field a text area with dynamic automatic height (#20288) * Transformations: filter results by refId (#20261) * PanelData: Support showing data and errors in angular panels (#20286) * Fix: URL Encode Groupd IDs for external team sync (#20280) * Build: Collect frontend build time metric (#20254) * Datasource: fixes prometheus metrics query query field definition (#20273) * Update version (#20271) * Admin: Adds setting to disable creating initial admin user (#19505) * Tests: We should not click on default button when there is only one ds (#20266) * AuthProxy: additions to ttl config change (#20249) * Graphite: add metrictank meta in response (#20138) * Docker: Add dependencies to support oracle plugin in alpine (#20214) * ReactMigration: Migrate Prometheus config page to React (#20248) * Templating: highlight first item when searching a variable dropdown (#20264) * e2eTests: Adds cleanup of created datasource and dashboard (#20244) * Gauge Panel: fix the default value of thresholds cannot be modified (#20190) * AuthProxy: Can now login with auth proxy and get a login token (#20175) * DataFrame: move labels to field (#19926) * Add Dockerfiles for Ubuntu (#20196) * Graph: Fixed no graph in panel edit mode (#20247) * Explore: Configure explore series colours via field config (#20239) * LDAP: Fixing sync issues (#19446) * Docs: Added alias for old reporting page location (#20238) * ReactPanels: Adds Explore menu item (#20236) * Elasticsearch: Support rendering in logs panel (#20229) * Alerting: Add alert_state to the kafka message Fixes #11401 (#20099) * Graph: introduce Tooltip to React graph (#20046) * @grafana/runtime: Expose datasourceRequest in backendSrv * Auth Proxy: replace ini setting ldap_sync_ttl with sync_ttl (#20191) * DevEnv: updates prometheus random data golang image to 1.13.0 * Provisioning: fix for cannot save provisioned dashboard (#20218) * DisplayProcessor: improve time field support (#20223) * Docs: Adding how to use plugin version, through docker env variable (#19924) * Docs: Add docs abscout time range URL query params (#20215) * MixedQuery: refactor so other components could also batch queries (#20219) * SharedQuery: don't explode when missing logo (#20187) * LDAP: Interpolate env variable expressions in ldap.toml file (#20173) * Chore: Update latest.json (#20216) * build: Ignore Azure test snapshot for msi build (long file name) (#20217) * Explore: fixes toolbars datasource selector and date picker responsiveness (#19718) * Logs Panel: Generate valid logQL for multi-select template variable (#20200) * Fix when only icon is present (#20208) * TablePanel: Prevents crash when data contains mixed data formats (#20202) * OAuth: Make the login button display name of custom OAuth provider (#20209) * Explore: Add custom DataLinks on datasource level for Loki (#20060) * QueryField: Prevent query runs on blur in Explore (#20180) * Azure Monitor: Datasource Config Type (#20183) * PluginLoader: export classes on @grafana/ui (#20188) * Changelog: 6.4.4 release (#20201) * CLI: Reduce memory usage for plugin installation (#19639) * DataLinks: fix syntax highlighting not being applied on first render (#20199) * SafeDynamicImport: Updates so that it does not act as an ErrorBoundary (#20170) * grafana/data: Make display processor work with time fields (#20174) * update triggers to use new deployment_tools location (#20194) * mysql: fix encoding in connection string (#20192) * pkg/util: Replace custom pbkdf2 implementation by maintained version (#19941) * Datasource/Elasticsearch: Fix logs which were displayed with incorrect timestamp in Explore logs tab (#20009) * Error Handling: support errors and data in a response (#20169) * OAuth: Generic OAuth role mapping support (#17149) * sdk: update to latest (#20182) * Docs: Add introduction to time series (#20068) * Docs: Simplify headings and make active (#20163) * Docs: Add "the" to license reference in README (#20167) * LDAP: All LDAP servers should be tried even if one of them returns a connection error (#20077) * Dashboards: add panel inspector (#20052) * Docker: Reduce layers in build container and modified initialization of PATH env in final container (#20132) * Docs: Display panels alphabetically (#20130) * Docs: Updates getting_started.md for spelling mistake "configuered" to "configured" (#20027) * fix: modifying AWS Kafka dimension names to correct ones (#19986) * Templating: Makes so __searchFilter can be used as part of regular expression (#20103) * Dashboard Editor: use chevron icon rather than > (#19588) * Docs: update datasources that support alerting (#20066) * Units: Add milli/microSievert, milli/microSievert/h and pixels (#20144) * Toolkit: copy full directory structure for img,libs,static (#20145) * Heatmap: Insert div to fix layout (#20056) * Build: adds the pkg/errors dependency that was missing from go.mod (#20143) * Explore: Memory leak fix due to dedup selector (#20107) * DataLinks: Fix access to labels when using Prometheus instant queries (#20113) * PluginLoader: fix imports for react-redux (#19780) * LDAP Debug: No longer shows incorrectly matching groups based on role (#20018) * Licensing service (#19903) * Explore: Add titles to query row action buttons (#20128) * Graph: Added series override option to have hidden series be persisted (#20124) * grafana/ui: Drawer component (#20078) * Depedency: Bump crewjam/saml to the latest master (#20126) * grafana/ui: fix button icon styles (#20084) * Explore: UI change for log row details (#20034) * api/dashboard: fix panic on UI save (#20137) * grafana/toolkit: Fixup save artifacts in a zip id in the folder (#20071) (#20139) * Docs: Fix InfluxDB Typos (#20004) * Docs: Data Sources subsection naming (#20127) * Docs: Update basic_concepts.md (#20102) * GEL: include the expression count in the request (#20114) * GEL: wrap arrow utils in async load (#20134) * grafana/toolkit: save artifacts in a zip id in the folder (#20123) * remove editor keys and null coalescing (#20115) * Emails: Update notification templates (#19662) * Docs: Ordering and formatting of datasources in docs (#19485) * Docs: Improve remote image renderer documentation (#20031) * Add devenv block for apache proxy working for Mac (#20119) * Allow saving of provisioned dashboards (#19820) * Update Azure AD instructions in generic-oauth.md (#20091) * Docs: Fixed a broken link to LogQL in the docs (#20106) * Explore: Fix deferred rendering of logs (#20110) * Templating: Adds typings to Variables (#20117) * Chore: Reorg packages (#20111) * Chore: Moves QueryField to @grafana/ui (#19678) * Docs: Consolidate backend guidelines (#19823) * transform: add expressions to query editor (w/ feature flag) (#20072) * DataSource: don't filter hidden queries automatically (#20088) * Docker: makes it possible to parse timezones in the docker image (#20081) * Plugins: Transform plugin support (#20036) * Add data link from panel to cloudwatch console (#20061) * DataLinks: Fix blur issues (#19883) * Explore: Remove datasource testing on selector (#19910) * Grafana/ui: Refactor button and add default type = button (#20042) * Add some typings for react events (#20038) * PanelQuerRunnerrremove logging (#20073) * Enable errcheck for golangci-lint (#19976) * DataLinks: Implement javascript callback (#19851) * Chore: correct typo in word Fahrenheit (#20040) * ReactMigration: Migrate Loki and Elastic config pages to React (#19979) * api: new v2 metrics query endpoint * Forms: Introduce new Primary, Secondary and Destructive buttons (#19973) * grafana/ui: Fix modal component (#19987) * WIP: Spawn backend plugins v2 (#19835) * build: Fix building of Enterprise Docker images (#19992) * Docker: Build and use musl-based binaries in alpine images to resolve glibc incompatibility issues (#19798) * PluginPage: replace plugin absolute url with relative (#19956) * Add info about static files (#19965) * Explore: Change loading state to done after live-tailing stops (#19955) * pkg/util: Check errors (#19832) * Core: Show browser not supported notification (#19904) * grafana/toolkit: Support js plugins (#19952) * Forms: Introduce typographic form elements (#19879) * SingleStat: apply mappings to no data response (#19951) * Docs: Clean up contribute docs (#19716) * pkg/models: Check errors (#19839) * pkg/setting: Check errors (#19838) * pkg/tsdb: Check errors (#19837) * Docs: Document Makefile (#19720) * Explore: Add functionality to show/hide query row results (#19794) * pkg/services: Check errors (#19712) * API: Fix logging of dynamic listening port (#19644) * Cloudwatch: Make it clear that role switching is not supported (#19706) * Update Apache configuration to work with MPMs as shared modules (#19900) * Cloudwatch: Lowercase Redshift Dimension entry for service class and stage (#19897) * Units: Added mega ampere and watt-hour per kg Units (#19922) * Clarify use of custom.ini on deb/rpm platforms (#19939) * Update ISSUE_TRIAGE.md (#19942) * docs: improved setup instructions for reporting (#19935) * grafana/ui: Enable mdx imports in stories (#19937) * Refactor: Suggestion plugin for slate (#19825) * grafana/ui: Enable storybsck docs (#19930) * Fix: Correct color on TagItems (#19933) * Dependencies: Update yarn.lock (#19927) * Chore: Updates yarn.lock (#19919) * pkg/plugins: Only warn if plugins fail to load. Fixes #19846 (#19859) * Chore: Bump storybsck to 5.2.4 (#19895) * QueryEditor: move QueryEditorRows to its own component (#19756) * ReactMigration: Migrate DataSource HTTP Settings to React (#19452) * TemplateVariables: Introduces $__searchFilter to Query Variables (#19858) * Forms: Introduce new spacing variables to GrafanaTheme (#19875) * Forms: Introduce new color variables to GrafanaTheme (#19874) * Chore: Bump Angularjs 1.6.6 -> 1.6.9 (#19849) * Update documentation.md * Edited Contribute docs * devenv: have bra watch attempt graceful shutdown (#19857) * Release: Update latest (#19866) * DataFrame: guess number field when on NaN (#19833) * Loki: Remove param (#19854) * InputDataSource: Fixed issue with config editor (#19818) * Fix: Unsubscribe from events in dashboards (#19788) * Explore: Add unit test to TimeSyncButton (#19836) * build: update scripts go.(mod|sum) (#19834) * Loki: Return empty result if no valid targets (#19830) * DataLinks: Fix url field not releasing focus (#19804) * Alerting: All notification channels should always send (#19807) * @grafana/toolkit: Check if git user.name config is set (#19821) * pkg/middleware: Check errors (#19749) * Fix: clicking outside of some query editors required 2 clicks (#19822) * pkg/cmd: Check errors (#19700) * grafana/toolkit: Add font file loader (#19781) * Select: Allow custom value for selects (#19775) * Docs: Add database architecture docs (#19800) * Call next in azure editor (#19799) * grafana/toolkit: Use http rather than ssh for git checkout (#19754) * DataLinks: Fix context menu not showing in singlestat-ish visualisations (#19809) * Elasticsearch: Adds support for region annotations (#17602) * Docs: Add additional capitalization rules (#19805) * Docs: Add additional word usage rule (#19812) * Update aws-sdk-go (#19138) * Dashboard: Allows the d-solo route to be used without slug (#19640) * pkg/bus: Check errors (#19748) * Panels: Fixes default tab for visualizations without Queries Tab (#19803) * Chore: Refactor grafana-server (#19796) * Add missing info about stylesFactory * Types: Adds type safety to appEvents (#19418) * Docs: Split up Sharing topic (#19680) * Update README.md (#19457) * Docs: Link to architecture docs from Developer guide (#19778) * toolkit linter line number off by one (#19782) * pkg/plugins: Check errors (#19715) * Explore: updates live button to responsive button * Explore: fixes live button margin * Explore: fixes a responsive fold of live tailing button * updated live tailing text * updated live tail button - responsive fold * updated toolbar - added media query for tail buttons * Docs: Add docs on services (#19741) * fix: export Bus on search service (#19773) * Chore: Refactor GoConvey into stdlib for search service (#19765) * Quick typo fix (#19759) * Docs: Fixes go get command in developer guide (#19766) * Datasource: Add custom headers on alerting queries (#19508) * Docs: Add API style/casing rule (#19627) * Explore: updates clear all button to responsive button (#19719) * pkg/infra: Check errors (#19705) * Docs: Update Prometheus Custom Query Parameters docs. (#19524) * Docs: Fix playlist layout issues (#19739) * Docs: Update instructions and flows in Playlist.md (#19590) * pkg/components: Check errors (#19703) * UX: Fix empty space in select (#19713) * pkg/login: Check errors (#19714) * enforce GO111MODULE=on when running make run (#19724) * Docs: Add Troubleshooting section to Developer guide (#19721) * Update README.md (#19551) * Singlestat: Fixed issue with mapping null to text (#19689) * Don't truncate IPv6 addresses (#19573) * Tests: Fix runRequest test (#19711) * Docs: Update pkg\README.md (#19615) * Feature: Adds connectWithCleanup HOC (#19629) * Docs: Add "repository" case, and "open source" to style guide * React group by segment poc (#19436) * Graph: make ContextMenu potitioning aware of the viewport width (#19699) * pkg/api: Check errors (#19657) * Explore: Synchronise time ranges in split mode (#19274) * build: use vendored packages for circle backend tests (#19708) * Docs: Add correct casing for API and ID to style guide (#19625) * API: added dashboardId and slug in response after import (#19692) * Docs: Simplify README (#19702) * Docs: Move dev guide from README (#19707) * Explore: Expand template variables when redirecting from dashboard panel (#19582) * Alerting: Fix dates stored in local time when pausing alerts (#19525) * Explore/UI: Removes unnecessary grafana-info-box wrapper around InfluxCheatSheet (#19701) * Docs: Updating to 6.4.0 (#19698) * Chore: Fixes lines that exceeded 150 chars (#19694) * Chore: Updates latest.json for 6.4.2 (#19697) * Chore: Updates Changelog for 6.4.2 (#19696) * Docs: Update folder.md (#19674) * build: use vendor folder for building (#19677) * Table: Proper handling of json data with dataframes (#19596) * SharedQuery: Fixed issue when using rows (#19610) * SingleStat: Fixes $__name postfix/prefix usage (#19687) * Chore: Upgrade Docker images to Go 1.13.1 (#19576) * Grafana Image Renderer: Fixes plugin page (#19664) * Units: consistent Meter spelling and abbreviations (#19648) * CloudWatch: Changes incorrect dimension wmlid to wlmid (#19679) * Loki: Fix lookup for label key token (#19579) * Documentation: Fix time range controls formatting (#19589) * Docs: Add additional style rules (#19634) * De-duplicate `lint-go` step (#19675) * Docs: Update keyboard shortcuts formatting (#19637) * AzureMonitor: Alerting for Azure Application Insights (#19381) * ci-build: Improve build-deploy script (#19653) * Rename live option in queries (#19658) * Docs: Update README.md (#19456) * Docs: Update typos, make docs more consistent. (#19633) * Docs: Fix operating system names (#19638) * Docs: Move issue triage docs to contribute (#19652) * DataFormats: When transforming TableModel -> DataFrame -> Table preserve the type attribute (#19621) * Graph: Updated auto decimals logic and test dashboard (#19618) * Graph: Switching to series mode should re-render graph (#19623) * Revert "Feature: Adds connectWithCleanup HOC (#19392)" (#19628) * Feature: Adds connectWithCleanup HOC (#19392) * Panels: Progress on new singlestat / BigValue (#19374) * Units: fixed wrong id for Terabits/sec (#19611) * Docs: General improvements to docs, and a fix in oauth (#19587) * Docs: Replace ampersands with and (#19609) * Profile: Fix issue with user profile not showing more than sessions some times (#19578) * Azure Monitor : Query more than 10 dimensions ( Fixes #17230 ) (#18693) * Login: Show SAML login button if SAML is enabled (#19591) * UI: Adds Modal component (#19369) * Prometheus: Fixes so results in Panel always are sorted by query order (#19597) * Docs: Improve guides for contributing (#19575) * Migration: Migrates Admin settings from angular to react (#19594) * Chore: Converts HelpModal from angular to react (#19474) * Fix typo (#19571) * Chore: Upgrade to Go 1.13 (#19502) * Explore: Move data source loader into the select (#19465) * Release: Fix issue with tag script on osx (#19557) * Release: Update latest (#19559) * Docs: Updates about Loki annotations (#19537) * Theme: follow-up fix for snapshot * UI: Centers the filter tags in input field (#19546) * Update README.md (#19515) * Docs: Updated changelog (#19558) * Theme: fix theme issue * Provisioning: Handle empty nested keys on YAML provisioning datasources (#19547) * Docs: updates to what's new in 6.4 (#19539) * Loki: remove live option for logs panel (#19533) * Chore: Updates to 6.4.0 stable (#19528) * CloudWatch: Add ap-east-1 to hard-coded region lists (#19523) * ChangeLog: Release 6.4.0 Stable (#19526) * Docs: Add notice about plugins that need updating (#19519) * Panels: Skip re-rendering panel/visualisation in loading state (#19518) * Docs: LDAP Debug View documentation (#19513) * Docs: reports feature (#19472) * SeriesOverrides: Fixed issue with color picker * Build: Fix building when $LDFLAGS is set (#19509) * API: Add `createdAt` and `updatedAt` to api/users/lookup (#19496) * Fix logs panel image path * Logs: Publish logs panel (#19504) * Explore: Update broken link to logql docs (#19510) * Chore: Remove console.log (#19412) * Refactor: Split LogRow component (#19471) * Build: Upgrade go to 1.12.10 (#19499) * CLI: Fix version selection for plugin install (#19498) * Upgrade grafana-plugin-model (#19438) * grafana-ui: Moves slate types from devDependencies to dependencies (#19470) * Docs: Improve guide descriptions on docs start page #19109 (#19479) * Explore: Generate log row uid (#18994) * Editor: Brings up suggestions menu after clicking suggestion (#19359) * Docs: Add Live tail section in Explore (#19321) * Docs: Add guide for developing on macOS (#19464) * API: Add createdAt field to /api/users/:id (#19475) * Docs: Updated heading to sentence case (#19450) * grafana/toolkit: Remove hack to expose plugin/e2e exports & types (#19467) * Testdata: Rename package to circumvent convention in go (#19409) * Docs: Update package's manual release guide (#19469) * Users: revert LDAP admin user page (#19463) * Explore: Take root_url setting into account when redirecting from dashboard to explore (#19447) * Refactor: RefreshPicker export things as statics on class (#19443) * grafana/ui: Fix value time zone names to be capitalized (#19417) * Release: Make sure packages are released from clean git state (#19402) * Docs: Add styling.md with guide to Emotion at Grafana (#19411) * Docs: Update SECURITY.md (#19385) * Debt: Simplifies actionCreatorFactory (#19433) * Update PLUGIN_DEV.md (#19387) * Release: Create cherrypick task work for enterprise repo (#19424) * Theme: Generate colors SASS * DisplayFormat: use toLocaleString for infinity * Docs: Update Loki docs with new syntax and features (#19370) * UI: Add orangeDark color to theme (#19407) * grafana/toolkit: Improve contribution readme (#19400) * Docs: Remove hard wrap (#19413) * Tests: Adds throwUnhandledRejections to jest setup (#19398) * DataLinks: suggestions menu improvements (#19396) * Dev: Sets `preserveSymlinks` to `false` in top-level tsconfig (#19395) * Build: fixed signing script issue with circle-ci (#19397) * Docs: Update readme with info about ongoing migration (#19362) * PanelData: Adds timeRange prop to PanelData (#19361) * Docs: Update Playlist.md (#19382) * Update documentation-style-guide.md (#19389) * Build: Fix correct sort order of merged pr's in cherrypick task (#19379) * dependencies: Update yarn.lock (#19377) * ValueFormats: check for inf (#19376) * Update UPGRADING_DEPENDENCIES.md (#19386) * Update ROADMAP.md (#19384) * Update SUPPORT.md (#19383) * Update ISSUE_TRIAGE.md (#19280) * Update datasource_permissions.md (#19336) * MySQL: Limit datasource error details returned from the backend (#19373) * MySQL, Postgres: Update raw sql when query builder updates (#19209) * MySQL, Postgres, MSSQL: Fix validating query with template variables in alert (#19237) * Explore: Do not send explicit maxDataPoints for logs. (#19235) * grafana/ui: Add Timezone picker (#19364) * Heatmap: use DataFrame rather than LegacyResponseData (#19026) * Explore: Refactor mode selection (#19356) * Dashboard: Fix export for sharing when panels use default data source (#19315) * Azure Monitor: Revert support for cross resource queries (#19115)" (#19346) * grafana/ui: Add electrical units mAh and kAh (#19314) * grafana/ui: Add Indian Rupee (INR) to currencies (#19201) * Chore: Bump typescript to version 3.6.3 (#19308) * Explore: Refactor live tail controls (#19328) * Docs: Documentation for return-to-dashboard feature (#19198) * Select: Set placeholder color (#19309) * Keybindings: Improve esc / exit / blur logic (#19320) * Plugins: Skips existence of module.js for renderer plugins (#19318) * Explore: Fix unsubscribing from Loki websocket (#19263) * Release: update latest.json (#19312) * Docs: Uppercase HTTP acronyms (#19317) * Multi-LDAP: Do not fail-fast on invalid credentials (#19261) * DataLinks: Small UX improvements to DataLinksInput (#19313) * Alerting: Prevents creating alerts from unsupported queries (#19250) * Chore: Update Slate to 0.47.8 (#19197) * Chore: Upgrades react-redux to version 7.1.1 (#19272) * Docs: Update documentation-style-guide.md (#19292) * Admin/user: fix textarea postion in 'Pending Invites' to avoid page scrolling (#19288) * Changelog update for 6.3.6 * Revert "Changelog update for 6.3.6" * Changelog update for 6.3.6 * Build: Split up task in the CI pipeline to ease running outside circleci (#18861) * Build: Scanning grafana master docker image with trivy in ci (#19195) * Dashboard: Hides alpha icon for visualization that is not in alpha/beta stage #19300 * Update changelog task to generate toolkit changelog too (#19262) * QueryEditor: Clean-up interface to only have one PanelData (#19249) * Docs: Add style rule for Git (#19277) * Docs: Update CONTRIBUTING.md (#19273) * Docs: Add glossary (#19148) * Docs: Add style guide for docs (#19190) * Vector: remove toJSON() from interface (#19254) * MySQL, Postgres, MSSQL: Only debug log when in development (#19239) * Graphite: Changed range expansion from 1m to 1s (#19246) * AlertBox: Merged Alertbox into Alert (#19212) * Explore: live tail UI fixes and improvements (#19187) * Docs: Update theming docs (#19248) * grafana/toolkit: Fix toolkit not building @grafana/toolkit (#19253) * CloudWatch: ContainerInsights metrics support (#18971) * Alerting: Truncate PagerDuty summary when greater than 1024 characters (#18730) * grafana/toolkit: Add plugin scaffolding (#19207) * Snapshots: store DataFrameDTO instead of MutableDataFrame in snapshot data (#19247) * Revert "Graphite: Changed range expansion from 1m to 1s, #11472" * Graphite: Changed range expansion from 1m to 1s, #11472 * Fix docs issues (#19240) * Docs: Minor edits to the README and several md files (#19238) * LDAP: Show non-matched groups returned from LDAP (#19208) * plugins: expose whole rxjs to plugins (#19226) * SQL: Rewrite statistics query (#19178) * CI: Update frontend ci metrics for strict null checks * grafana/ui: Add disabled prop on LinkButton (#19192) * Cloudwatch: Fix autocomplete for Gamelift dimensions (#19145) (#19146) * Backend: Remove redundant condition of `ROLE_VIEWER` (#19211) * FieldDisplay: Update title variable syntax (#19217) * Docs: Note when using For and No Data in alert rule (#19185) * Docker: Upgrade packages to resolve reported vulnerabilities (#19188) * MSSQL: Revert usage of new connectionstring format (#19203) * Prometheus: datasource config with custom parameters string (#19121) * Contributing: Add guidelines for contributing docs (#19108) * LDAP debug page: deduplicate errors (#19168) * Menu: fix menu button in the mobile view (#19191) * Dashboard: Fixes back button styles in kiosk mode (#19165) * API: adds redirect helper to simplify http redirects (#19180) * docs: image rendering (#19183) * Chore: Update latest.json (#19177) * Chore: Update version to next (#19169) * Docs: What's new in 6.4 update (#19175) * Devenv: create slow_proxy_mac (#19174) * Chore: Changelog for v6.4.0-beta1 (#19171) * Revert "Chore: Update Slate to 0.47.8 (#18412)" (#19167) * Chore: Update Slate to 0.47.8 (#18412) * Changelog: Breaking changes and deprecation notes for v6.4 (#19164) * Docs: What's new 6.4 draft (#19144) * Docs: Add docs around feature toggles config (#19162) * Azure Monitor: Add support for cross resource queries (#19115) * Api: Readonly datasources should not be created via the API (#19006) * Explore: Update live tail buttons (#19143) * LDAP: only show tab if LDAP is enabled (#19156) * TimePicker: Fixes onBlur issue with FireFox on MacOS (#19154) * Feature: Encapsulated dynamic imports with error boundary and suspense (#19128) * Metrics: Adds setting for turning off total stats metrics (#19142) * Add directions for more details provided when not anymore on issue triage (#19116) * grafana/data: Reorganise code (#19136) * Login: fix Footer to be visible (#19147) * Chore: fix prettier error after github suggestions commit (#19150) * Alerts: show a warning/error if transformations are configured (#19027) * Explore: No logs should show an empty graph (#19132) * Ldap: Add LDAP debug page (#18759) * Elasticsearch: allow templating queries to order by doc_count (#18870) * Chore: cross-package security bumps (#19131) * Close the connection only if we establish it. (#18897) * Fix: Fixes crash using back button with zoomed graph (#19122) * Routing: Update routing to require sign in on every route (#19118) * Graph: constant series as override (#19102) * Login: fix login page failing when navigating from reset password views (#19124) * DataFrame: Fixes to dealing with empty results (#19119) * Explore: calculate intervals when building data source request (#19107) * Graph: Adds onHorizontalRegionSelected (#19083) * Loki: Updated cheat sheet with new filter syntax (#18947) * grafana/toolkit: Find module files correctly and add basic error tracing (#19089) * Templating: Clicking Selected should deselect all if 1 or more are already selected (#19104) * NotificationChannels: Add delete button to edit page (#19103) * Dashboard: Fix arrow positioning in button while in panel edit mode (#19084) * Update _index.md (#19045) * CLI: Fix installing plugins on windows (#19061) * LDAP: Allow an user to be synchronised against LDAP (#18976) * Docs: Adds a requirements page (#18917) * DataLinks: enable access to labels & field names (#18918) * Singlestat: fix format messes up on negative values if select duratio??? (#19044) * Explore: Move throttling before processing (#19095) * Prometheus: Fix response states (#19092) * Explore: Fix how log bars in graph are stacking (#19015) * Explore: Add throttling when doing live queries (#19085) * Stackdriver: Add extra alignment period options (#18909) * QueryProcessing: Added missing error event for angular editors (#19059) * Explore: Fixes issue with lastResult being null (#19081) * GraphPanel: don't listen to legacy onDataReceived events (#19054) * QueryProcessing: Fixes showing last result in initial loading state (#19057) * toolkit: fix master build, avoid null check (#19055) * Auth: Allow inviting existing users when login form is disabled (#19048) * MSSQL: Fix memory leak when debug enabled (#19049) * Update CONTRIBUTING.md (#19051) * Update README.md (#19047) * toolkit: pipe execa output to console.stdout (#19052) * QueryProcessing: Observable query interface and RxJS for query & stream processing (#18899) * Fix exit live mode icon: change back to Stop. (#19043) * Loki: Fix vertical alignment issue in label selector (#18943) * Fix: Align buttons and label in ToggleButtonGroup (#19036) * toolkit: run make for backend plugins (#19029) * Explore: Fix auto completion on label values for Loki (#18988) * TimeSeries: Replace fieldName with fieldIndex (#19030) * DataLinksInput - change the way enter key is handled (#18985) * TimeSeries: Add data frame index and field name (#19005) * Packages: update versioning and release process (#18195) * API: Add `updatedAt` to api/users/:id (#19004) * PageContent: fix logic in Page.Contents (#19002) * Calcs: Fixed calc reducer (#18998) * AlphaNotice: replaced big popover tooltip with native tooltip (#18997) * grafana/ui: Add Time of day picker (#18894) * QueryOptions: update maxDataPoints text and show any value that is configured (#18761) * Piechart: fix unit selector when scrolling is required (#18932) * Refactor: Move sql_engine to sub package of tsdb (#18991) * Refactor: move ScopedVars to grafana/data (#18992) * Units: Adding T,P,E,Z,and Y bytes (#18706) * Image rendering: Add deprecation warning when PhantomJS is used for rendering images (#18933) * Singlestat: render lines on the panel when sparklines are enabled (#18984) * Explore: Unify background color for fresh logs (#18973) * Annotations: Add annotations support to Loki (#18949) * TimeSeries: datasources with labels should export tags (not labels) (#18977) * Explore: UX/UI improvements for pausing and resuming of live tailing (#18931) * Annotations: Fix query editor rendering on datasource change (#18945) * Bump lodash-es from 4.17.11 to 4.17.15 (#18963) * Bump fstream from 1.0.11 to 1.0.12 (#18962) * Bump mixin-deep from 1.3.1 to 1.3.2 (#18960) * Bump lodash.template from 4.4.0 to 4.5.0 (#18961) * Alerting: fix response popover prompt when add notification channels (#18967) * Build: Fix potential case-insensitive import collision for github.com/Unknwon/com (#18915) * MixedDataSource: refactor, cleanup, and add tests (#18948) * Bump lodash.mergewith from 4.6.1 to 4.6.2 (#18959) * Units: Add electrical charge - ampere-hour unit * Transformers: configure result transformations after query(alpha) (#18740) * grafana/toolkit: Add default mock for stylesheet imports for Jest (#18955) * grafana/toolkit: Improve readme (#18747) * Docs: Add PR review practices link (#18937) * Build: Allow extending of LDFLAGS in build.go (#18954) * Build: Support SOURCE_DATE_EPOCH for reproducible builds (#18953) * LDAP: Fetch teams in debug view (#18951) * Dashboard: Fixes dashboard overwriting behavior (#18944) * Grafana: Create new playlist/dashboard/channel card is not visible when there are no items in the list (#18890) * Storybsck: fix type error (#18934) * Sass: changed color in gradient in template files to lower case (#18921) * Notification is sent when state changes from no_data to ok (#18920) * SASS: Add pointer events none to .disabled class (#18919) * Explore: Adds ability to save a panel's query from Explore (#17982) * Loki: support loki with streaming in dashboards (#18709) * UserProfile: convert user organizations section to react (#18707) * Annotations: Check that timeEnd if defined before comparing to avoid false truthiness (#18903) * Sass: Align generated file with tmpl (#18896) * LDAP: Add API endpoint to query the LDAP server(s) status (#18868) * Add South African Rand (ZAR) to currencies (#18893) * Annotations: check if the name exists before creating a new annotation (#18880) * ErrorHandling: Error boundary for every container (#18845) * Precommit: Fixed precommit task issue (#18883) * Docs: Quick typo fix in readme (#18874) * CI: no longer using grafana-master... package. (#18884) * Styles: fixed gradient in logo so it doesn't go outside the logo and get a defined start and end color, changed brand gradient to be the same as in logo, created new variable for vertical gradient (#18882) * Webpack: Fix accidental double typechecking (#18881) * Explore: elastic small fixes (#18879) * Explore: Add typings for queryTransaction.request (#18847) * LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * PanelQueryState: restore comment * grafana/toolkit: fix common webpack config (#18862) * Explore: Use DataFrame to derive graph/table/logs (#18859) * Updated is time series test * Fixed unit test * alerting: add lock on job to prevent a race condition (#18218) * Reworked ResultProcessor tests * Explore: everything seems to be working again * WIP: Use data frames in explore * Explore: Allow pausing and resuming of live tailing (#18836) * CI: stop deployment to s3 (#18831) * Performance/Webpack: Introduces more aggressive code-splitting and other perf improvements (#18544) * Explore: Introduces PanelData to ExploreItemState (#18804) * Core: Adding DashboardPicker component (#18811) * Git: Precomit hook slimmed down * DataSourceSettings: Fixed issue changing data source name, fixes #18660 (#18826) * Prometheus: Fixed Prometheus query editor error (plus new ErrorBoundaryAlert component) (#18838) * Explore: Style panel containers (#18834) * Snapshot: Fix http api (#18830) * Open new window when exploring panel metrics (#18802) * Release: update latest.json * Docs: Update changelog with v6.3.5 issues (#18827) * Build: Update ua-parser/uap-go (#18788) * Build: Use the latest build container which has go 1.12.9 (#18807) * DataFrame: split DataFrameHelper into MutableDataFrame and FieldCache (#18795) * MixedDatasource: don't filter hidden queries before sending to datasources (#18814) * Enterprise: add dependencies for upcoming features (#18793) * Editor: Fixes issue where only entire lines were being copied (#18806) * Explore: Fixed query status issue (#18791) * DashboardMigrator: Fixed issue migrating incomplete panel link models (#18786) * Explore: Fixes query hint issues (#18803) * Build: Optional skipping of typescript checking in dev bundler (#18772) * Docs: Improve API tutorial intro content and readability (#18762) * Panels: Destroy panel model when recreating repeated panels (#18799) * Singlestat: Various fixes to singlestat and DataFrame (#18783) * Explore: Fixed issue in PanelQuery state arround cancellation (#18771) * Going to Explore from a panel with mixed data sources now works (#18784) * Changelog update (#18780) * Explore: Add memoization and remove unused props (#18775) * Prometheus: Changes brace-insertion behavior to be less annoying (#18698) * Datasource: Support min time interval input in ms (#18719) * Explore: Use PanelQueryState to handle querying (#18694) * Chore: Improve err message for notifications (#18757) * @grafana/toolkit: add package versions to the ci report (#18751) * @grafana/data: Matchers and Transforms (#16756) * Docs: Document LDAP config reload in admin http api (#18739) * center NoDataSourceCallToActionCard in Explore (#18752) * DataLinks: enable data links in Gauge, BarGauge and SingleStat2 panel (#18605) * DashboardDatasource: reuse query results within a dashboard (#16660) * Plugins: show a clear error on the plugin page when it failed to load (#18733) * Chore: Use ruleId instead of alertId as log keyword (#18738) * @grafana/data: improve the CircularVector api (#18716) * QueryEditor: check if optional func toggleEditorMode is provided (#18705) * Emails: remove the yarn.lock (#18724) * OAuth: Support JMES path lookup when retrieving user email (#14683) * Emails: resurrect template notification (#18686) * Email: add reply-to and direct attachment (#18715) * Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards (#18641) * Heatmap: Add Cividis and Turbo color schemes (#18710) * Units: add counts/sec (cps) and counts/min (cpm) in Throughput (#18702) * Dev Docker: Use golang:1.12.9-alpine to prevent glibc mismatch. (#18701) * Docs: Fix broken link for the Grafana on RHEL or Ubuntu tutorial (#18697) * Fixes several usability issues with QueryField component (#18681) * convert teams section of user profile to react (#18633) * Singlestat/Gauge/BarGauge: Improvements to decimals logic and added test dashboard (#18676) * Emails: Change text (#18683) * Streaming: improve JSDocs for DataSourceAPI streaming support (#18672) * TimeSrv: Enable value time windowing in TimeSrv (#18636) * Explore: Fixes so Show context shows results again (#18675) * Graph: Updated y-axis ticks test dashboard (#18677) * Add typings to package.json in packages (#18640) * Plugins: better warning when plugins fail to load (#18671) * SingleStat2: save options to defaults not override (#18666) * Packages: Fix path import from grafana/data (#18667) * SingleStat: use DataFrame results rather than TimeSeries/TableData (#18580) * TestData: attach labels to series results (#18653) * Singlestat: Disable new singlestat gauge usage (#18610) * Explore: Fixes query field layout in splitted view for Safari browsers (#18654) * MSI: new long file names are causing error building MSI (#18646) * Auth: change the error HTTP status codes (#18584) * Refactor: EmptyListCTA (#18516) * Build: Upgrade to go 1.12.9 (#18638) * Chore: Revert React 16.9.0 bump (#18634) * Azure Monitor and Log Analytics converted and separated into components (#18259) * Rewrite user profile edit to react (#17917) * Docs: remove codecov badge (#18623) * Prometheus: Prevents panel editor crash when switching to Prometheus datasource (#18616) * Chore: Rename Popper to Popover (#18543) * SingleStat: add a gauge migration call to action button in the editor (#18604) * Build: update revive dependency (#18585) * LDAP: multildap + ldap integration (#18588) * Docker: switch docker image to alpine base with phantomjs support (#18468) * Backend: Adds support for HTTP/2 (#18358) * Explore: Fixes error when switching from prometheus to loki data sources (#18599) * TimePicker: Set time to to 23:59:59 when setting To time using calendar (#18595) * Prometheus: Return labels in query results (#18535) * Docs: Update changelog and docs for annotation region change (#18593) * Refactor: move KeyValue and deprecation warning to @grafana/data (#18582) * Annotations: use a single row to represent a region (#17673) * Docs: Update upgrading guide (#18547) * Docs: Adds tests requirement to bugs checklist (#18576) * DataFrame: convert from row based to a columnar value format (#18391) * Packages: Temporarily skip canary releases if packages build fail (#18577) * Update latest.json to latest stable version (#18575) * Docs: Update changelog for v6.3.3 (#18569) * Graph: Fixed issue clicking on series line icon (#18563) * grafana/toolkit: Unpublish previous "next" version when releasing a new one (#18552) * Toolkit: write PR report to a folder with the circle build number (#18560) * CI: Fail build if yarn.lock is not up to date (#18555) * Chore: Updates react-dependant packages to address react warnings (#18549) * Prometheus: Fix regression of rerunning query on legend/interval change (#18147) * Explore/Prometheus: More consistently allows for multi-line queries (#18362) * Login: Fixes undefined redirect (#18545) * Plugins: expose react-redux, redux (#18501) * TimeSeries: assume values are all numbers (#18540) * Login: Angular to React (#18116) * InfoTooltip: Info icon with tooltip (#18478) * Annotations: Fix failing annotation query when time series query is cancelled (#18532) * remotecache: support SSL with redis (#18511) * QueryData: Handle that response data must be array (#18504) * React: Rename deprecated UNSAFE_componentWillReceiveProps (#18526) * Explore: Replaces TimeSeries with GraphSeriesXY (#18475) * API: Restrict anonymous user information access (#18422) * Fix: failing build after React bump (#18514) * strictNullChecks: First batch (#18390) * Chore: bump React to 16.9.0 (#18502) * Docs: Adds a new security section (#18508) * Docs: Update issue triage doc with external PRs section (#18464) * Typo: fix typo in processDataFrame.ts comment (#18492) * Explore: Fix loading error for empty queries (#18488) * Fix: Fixes stripping of $d in Explore urls (#18480) * grafana/ui: fix toTimeTicks error (#18448) * Docs: Adds details to Pull Request Checklist (#18471) * DataLinks: respect timezone when displaying datapoint's timestamp in graph context menu (#18461) * Chore: strictNullChecks, ColoringEditor and time_region_manager (#18442) * Backend: Do not set SameSite cookie attribute if cookie_samesite is none (#18462) * DataLinks: Apply scoped variables correctly (#18454) * DataLinks: Use datapoint timestamp correctly when interpolating variables (#18459) * API: Minor fix for team creation endpoint when using API key (#18252) * Login: Adjust space between skip and its icon (#18407) * Docs: Update Auth Proxy documentation (#18444) * Docs: Minor Readme update (#18438) * OAuth: return GitLab groups as a part of user info (enable team sync) (#18388) * Fix: Avoid glob of single-value array variables (#18420) * DataLinks: Enable multiple data links per panel (#18434) * Markdown: Handle undefined/null strings (#18433) * Docs: Update changelog and latest with 6.3.1 and 6.3.2 releases (#18437) * Explore: Fixes Legend overflow in splitted view (#18396) * Docs: changelog for docker 6.3 (#18429) * Panels: Fixed crashing dashboards with panel links (#18430) * DataFrame: remove dateFormat (#18424) * backend: null.Float NaN -> null for json marshal (#18284) * Frontend: adds folder name in home dash choose menu (#18346) * TestData: Query variable support (nested + glob queries) (#18413) * Update latest.json (#18417) * Changelog 6.3.0 (#18414) * PanelLinks: Fix render issue when there is no panel description (#18408) * e2e tests: Make pageObjects mandatory (#18406) * Documentation: document the "Mixed" Data Source (#18398) * Explore: Moves GraphSeriesXY and DisplayValue to grafana/data (#18400) * Explore: Fixes incorrect handling of utc in timeEpic (#18386) * Postgres: Add support for scram sha 256 authentication (#18397) * Update behind_proxy.md with linkback to nginx.com (#18150) * Do not set SameSite for OAuth cookie if cookie_samesite is None (#18392) * Gauge/BarGauge: Rewrite of how migrations are applied (#18375) * MSSQL: Change connectionstring to URL format to fix using passwords with semicolon (#18384) * CloudWatch: Fix alerting for queries with Id (using GetMetricData) (#17899) * Chore: Update strictNullChecks error limit (#18387) * Chore: Fixes some strict errors (#18381) * Graph: Improved graph tick decimals logic arround significant digits (#18370) * CI: Added metric to track strict null erros (#18379) * Auth: Do not search for the user twice (#18366) * grafana/toolkit: improve CI task (#18189) * Alerting: Also include configured AlertRuleTags in Webhooks (#18233) * Loki: Apply start parameter to speed up test query (#18266) * Docs: Changelog 6.3.0 beta4 (#18359) * Select: Fixes issue where ToggleButtonGroup overlapped DataSourcePicker in Firefox (#18361) * SignIn: Update redirect on reroute (#18360) * Gauge/BarGauge: Support decimals for min/max toFloatOrUndefined (#18368) * FieldDisplay: Return field defaults when there are no data (#18357) * Auth: introduce more tests for middleware module (#18365) * Docs: updated latest.json (#18363) * LDAP: nitpicks (#18309) * Docs: mention unsupported versions of PostgreSQL (#18307) * Navigation: Fixed double settings menus (#18349) * Build: allow bash to expand the wildcard (#18354) * Gauges: Fixes error when mappings array was undefined (#18353) * Frontend: Fixes progress tracker close button to use `$link-hover-color` (#18352) * Frontend: Fixes hard-coded font-weight properties to use variables (#18350) * LDAP: Align ldap example with the devenv testdata (#18343) * Auth: consistently return same basic auth errors (#18310) * cli: fix for recognizing when in dev mode. (#18334) * QueryEditors: Fixes flakey text edit mode toggle (#18335) * Refactor: use data rather than series in stream callback(#18126) * Keybindings: Disable on login url (#18331) * Fix failing end to end tests job for release (#18323) * Fix OAuth error due to SameSite cookie policy (#18332) * Chore: noImplictAny no errors left (#18303) * [Shortcuts] Fixes shortcuts for moving time range backwards and forwards (#18305) * TablePanel: Remove scroll option on TablePanel (#18318) * Keyboard Shortcuts: Sign in to enable them (#18271) * GitHub Templates: Pull Request Template update (#18300) * Auth Proxy: Include additional headers as part of the cache key (#18298) * grafana/toolkit: support windows paths (#18306) * Chore: noImplicitAny Sub 500 errors (#18287) * Plugins: return a promise for loadPluginCss (#18273) * Utils: avoid calling console.warn() too often for deprecation warnings (#18269) * CLI: Allow installing custom binary plugins (#17551) * Docs: Update link to example app (#18253) * GettingStarted: Skip Query for getting started (#18268) * v6.3.0-beta2 is latest testing (#18283) * Release: Changelog update with v6.3.0-beta2 (#18281) * Chore: Upgrades typescript to version 3.5 (#18263) * docs: team sync (#18239) * SAML: Only show SAML login button on Enterprise version (#18270) * Permissions: Show plugins in nav for non admin users but hide plugin configuration (#18234) * CI: Change target branch in CI task trigger-docs-update (#18255) * Plugins: Include build number and PR in metadata (#18260) * Run End-to-End tests for release builds (#18211) * DataLinks: Fixed interpolation of series name, fixes #18250 (#18251) * Timerange: Fixes a bug where custom time ranges didn't respect UTC (#18248) * Loki: Remove prefetching of default label values (#18213) * Build: fix use of env vars in parentheses execs (#18249) * TimePicker: Increase max height of quick range dropdown (#18247) * TimePicker: Fixed css issue casued by CSS Optimizer (#18244) * Revert "Timerange: Fixes a bug where custom time ranges didn't respect UTC (#18217)" (#18246) * Timerange: Fixes a bug where custom time ranges didn't respect UTC (#18217) * LDAP: improve POSIX support (#18235) * Instrumentation: Add failed notifications metric (#18089) * Docs: update links to sample plugins (#18240) * Build: Removed webpack from default grunt task, fixes #18232 (#18242) * Packages: update package.json files (#18173) * Replaced ubuntu:latest with ubuntu:18.04; specific image version to make grafana build images consistent (#18224) * Build: correct verify script (#18236) * remote_cache: Fix redis connstr parsing (#18204) * Auth: do not expose disabled user disabled status (#18229) * Build: Introduce shellcheck (#18081) * Docs: Update documentation with new SAML features (#18163) * Typo: fix threshodsWithoutKey (#18228) * alerting: more specific error when missing threshold (#18221) * Graph: fix time label description for datalink suggestions (#18214) * Explore: Reduce default time range to last hour (#18212) * alerting: return err when SetAlertState fails to save to sql (#18216) * PhantomJS: Fixes rendering on Debian Buster (#18162) * Docs: sudo is required on the apt-key add not on wget (#18180) * Build: watch and dev mode webpack improvements (#18153) * Plugin: AzureMonitor - Reapply MetricNamespace support (#17282) * Refactor: move end-to-end test infrastructure to @grafana/toolkit (#18012) * SAML: add auth provider label (#18197) * Plugins: avoid app importDashboards() NPE (#18128) * Plugins: fix previous commit, output "build" property in json * SAML: add metrics (#18194) * Plugins: add build info to plugin metadata (#18164) * datasource: testdata - add predicatable csv wave scenario (#18183) * Docs: SAML idp_metadata_url option (#18181) * Panel: Show error in edit mode (#18175) * E2E: saving a dashboard should wait for success (#18171) * @grafana/toolkit: integrate latest improvements (#18168) * Build: change definition of the vars in makefile (#18151) * noImplicitAny: Down approx 200 errors (#18143) * datasource: testdata - add predictable pulse scenario (#18142) * Minor 6.3.0 beta1 changes (#18048) * Docs: SAML (#18069) * Docs: prioritize use of `make run` to `bra` (#18154) * Fix provision alerts generation script (#18145) * SQLStore: use bscl pointer instead of string (#18111) * Registry: add a reusable function registry (#17047) * grafana/toolkit: test improvements and show stats (#18137, #18138) * Metrics: use consistent naming for exported variables (#18134) * Build: copy .browserslistrc to node build container (#18141) * @grafana/toolkit: HtmlWebpackPlugin when in watch mode (#18130) * update yarn.lock (#18125) * grafana/toolkit: prettier and lint fix in dev mode (#18131) * Chore: Fix about 200 noImplicitAny errors (#18067) * Build: allow dynamically change docker image (#18112) * grafana/toolkit: update the way config is being passed to jest cli (#18115) * Build: detect changes to packages based on the git diff (#18118) * Build: Release packages under next tag when changes detected on master (#18062) * SQLStore: allow to look for `is_disabled` flag (#18032) * Metrics: add LDAP active sync summary metric (#18079) * Docs: correct issue_triage.md texts * ValuMapping: start with some values (#18092) * Docs: Simplify download links & instructions and make download link clearer (#18090) * FieldDisplay: move threshold and mapping to Field (#17043) * InfluxDB: Enable interpolation within ad-hoc filter values for InfluxDB data source (#18077) * Docs: Move data links down (#18072) * grafana/toolkit: improve CircleCI integration (#18071) * Build: consistently reference go binary (#18059) * devenv: Fix typo in nginix docker for mac (#18068) * noImplicitAny: 1670 errors (#18035) * Add missing pull requests to Changelog (#18061) * provisioning: escape literal '$' with '$$' to avoid interpolation (#18045) * grafana/toolkit: improve CircleCI stubs (#17995) * Docs: clarify the ttl units (#18039) * Update docs readme for running MySQL/Postgres tests * Auth: Duplicate API Key Name Handle With Useful HTTP Code (#17905) * Chore: upgrade node-sass to 4.12.0 (#18052) * API: Minor fix for nil pointer when trying to log error during creating new dashboard via the API (#18003) * Chore: update lodash (#18055) * Update latest.json (#18043) * Update Changelog (#18042) * Chore: bump master version number to 6.4.0-pre * Explore/Loki: Display live tailed logs in correct order (#18031) * Fix unused variable errors (#18030) * Docs: First draft of whats new in 6.3 (#17962) * Packages: create shared tsconfig.json (#18010) * CLI: Fix encrypt-datasource-passwords fails with sql error (#18014) * LDAP: Adds bind before searching LDAP for non-login cases. (#18023) * Users: show badges for each auth provider (#17869) * Loki: Don't use _ numerical separator (#18016) * grafana-cli: allow installing plugins from a local zip file (#18021) * grafana/toolkit: Copy or extract static files (#18006) * Packages: Use lerna for release orchestration (#17985) * AnnoList: add alpha annotations list plugin (#17187) * grafana/toolkit: Use babel-plugin-angularjs-annotate (#18005) * CSV Export: Timezone based on dashboard setting (#18002) * LDAP: Adds back support for single bind. (#17999) * Reducers: consistent result for first/last reducer shortcut (#17911) * SAML: Show SAML login button even if OAuth is disabled (#17993) * Fix: Break redirect loop if oauth_auto_login = true and OAuth login fails (#17974) * Refactor: fix range util imports (#17988) * Refactor: move dom utils to @grafana/ui (#17976) * Docs: Documents new features available with Loki data source in Explore (#17984) * Prometheus: added time range filter to series labels query (#16851) * Explore: Adds support for new loki 'start' and 'end' params for labels endpoint (#17512) * Chore: Removes custom debounce utility in favor of lodash/debounce (#17977) * Api: Fix auth tokens returning wrong seenAt value (#17980) * Refactor: move more files to @grafana/data (#17972) * @grafana/data: export dateMath and rangeUtil (#17971) * Refactor: move some files to @grafana/data (#17952) * noImplicitAny: Azure Monitor (#17966) * grafana/toolkit: initial CI task and various small improvements (#17914) * First version of prettier checks in toolkit (#17964) * LDAP: finishing touches (#17945) * Graphite: Refactor lexer and parser (#17958) * noImplicitAny: Datasource files, under 2500 (#17959) * Auth: saml enabled check. (#17960) * Auth: SAML login button. (#17932) * grafana/toolkit: Add support for extensions styling (#17938) * Datasource: Refactor Graphite to class (#17942) * SAML: Configuration defaults, examples and dependencies (#17954) * OAuth: deny login for disabled users (#17957) * Build: Adds pre-commit check that fails if node versions are not synced (#17820) * Docs: minor ha-setup edit (#17950) * Docs: Added very basic docs about revoking user sessions (#17931) * Docs: Updates documentation regarding logs integration in Explore (#17896) * noImplicitAnys: Fix InfluxDB type issues #17937) * TimePicker: align position between dashboard and explore (#17940) * AzureMonitor: remove duplicate query logic on the frontend (#17198) * UserProfilePage: Fix team avatar urls #17866 (#17930) * Explore: Introduces storage keys for last used data source on per-orgId basis (#17934) * Docs: added version notice to new ldap feature docs (#17929) * Explore: Restricts query text edit toggle to metrics mode (#17921) * grafana/runtime: Expose SystemJS from @grafana/runtime (#17927) * Templating: Correctly display __text in multi-values variable after refresh (#17918) * grafana/toolkit: bundle plugins with webpack (#17850) * Explore: Adds orgId to URL for sharing purposes (#17895) * grafana/toolkit: copy sass files (#17888) * ChangePassword: Rewrite change password page to react (#17811) * AngularPanels: Fixed loading state indication for angular panels (#17900) * Explore: Adds support for toggling text edit mode in explore (#17870) * LDAP: Divide the requests (#17885) * Build: fixes missing shebang in release tagging script. (#17894) * Teams: show proper label for each auth provider (#17860) * Logging: Login and Logout logging actions (#17760) (#17883) * Loki: Adds comment explaining usage of RFC3339Nano string (#17872) * Explore: Query rows are now reset when changing data sources (#17865) * Codestyle: add guidelines for removing the m alias for models (#17890) * Docs: How to work with themes (#17876) * Docs: Fix developing plugins index page (#17877) * StatsPicker: Fix multiple value input layout etc. (#17827) * Chore: Build grafana-cli when running bra run (#17788) * Build: use golangci-lint as a make command (#17739) * Explore:??Log highlights only update when user stops typing (#17845) * Loki: getHighlighterExpressionsFromQuery Returns null if filter term is not quoted (#17852) * Docs upgrading deps (#17657) * Testing: Include BatchRevoke for all tokens in the fake. (#17728) * Refactor: rename SeriesData to DataFrame (#17854) * devenv: switch OpenTSDB docker block (#17849) * Devenv:LDAP: couple simplifications for LDAP (#17807) * Login: divide login errors by pkg and service (#17835) * Auth Proxy: Respect auto_sign_up setting (#17843) * OAuth: return github teams as a part of user info (enable team sync) (#17797) * noImplicitAny: Sub 3000 errors (#17821) * TimePicker: Style and responsive fixes, restored dashboard settings (#17822) * Templating: Correctly display __text in multi-values variable (#17840) * Elasticsearch: Fix default max concurrent shard requests (#17770) * Explore: Fix filter by series level in logs graph (#17798) * Docs: Add v6.3 version notes and encryption format information (#17825) * Graphite: use POST for /metrics/find requests (#17814) * Dashboard: Force update after dashboard resize (#17808) * Toolkit: moved front end cli scripts to separate package and introduced very early version of plugin tools * Explore: Uses new TimePicker from Grafana/UI (#17793) * Explore: Uses RFC3339Nano string to retrieve LogRow contexts from Loki API (#17813) * noImplicitAny: Lower count to about 3450 (#17799) * Graphite: Fixes issue with seriesByTag & function with variable param (#17795) * noImplicitAny: Reduce errors to 3800-ish (#17781) * Graphite: remove feature that moves alias function last (#17791) * Explore: Adds URL support for select mode (#17755) * TestData: add option to increase the number of test streams (#17789) * Usage Stats: Update known datasource plugins (#17787) * Docs: Adds section on Querying Logs for Elasticsearch (#17730) * Docs: Adds section on Querying Logs for InfluxDB (#17726) * Devenv: makes the grafana users default for saml. (#17782) * Explore: Displays only one Time column as configured in TimeZone settings (#17775) * Markdown: Replace rendering library (#17686) * ApiKeys: Fix check for UTC timezone (#17776) * Prometheus: Minor style fix (#17773) * Docs: fixed notifications table * Auth: Allow expiration of API keys (#17678) * 17278 prometheus step align utc (#17477) * Docs: Update release guide (#17759) * release: update latest.json to v6.2.5 (#17767) * release: 6.2.5 changelog (#17766) * Fix typo s/Applicaiton/Application/ in error messages (#17765) * UserAdmin: UI for disabling users (#17333) * API: get list of users with additional auth info (#17305) * TimePicker: fixed minor issues with new timepicker (#17756) * Explore: Parses and updates TimeSrv in one place in Explore (#17677) * @grafana/ui: release (#17754) * Password: Remove PasswordStrength (#17750) * Devenv:SAML: devenv block with saml test app (#17733) * LDAP:Docs: add information on LDAP sync feature and update LDAP sync default (#17689) * Graph: Add data links feature (click on graph) (#17267) * Explore: Changes LogsContainer from a PureComponent to a Component (#17741) * Chore: Remove tether and tether drop dependency in grafana/ui (#17745) * noImplicitAny: time region manager etc. (#17729) * Panel: Fully escape html in drilldown links (was only sanitized before) (#17731) * Alerting: Improve alert rule testing (#16286) * Elasticsearch: Visualize logs in Explore (#17605) * Grafana-CLI: Wrapper for `grafana-cli` within RPM/DEB packages and config/homepath are now global flags (#17695) * Add guidelines for SQL date comparisons (#17732) * Docs: clarified usage of go get and go mod (#17637) * Project: Issue triage doc improvement (#17709) * Improvement: Grafana release process minor improvements (#17661) * TimePicker: New time picker dropdown & custom range UI (#16811) * RemoteCache: redis connection string parsing test (#17702) * Fix link in pkg/README (#17714) * Dashboard: Use Explore's Prometheus editor in dashboard panel edit (#15364) * Settings: Fix typo in defaults.ini (#17707) * Project: Adds a security policy (#17698) * Project: Adds support resource docs (#17699) * Document issue triage process (#17669) * noImplicitAny: slate (#17681) * config: fix connstr for remote_cache (#17675) * Explore: Improves performance of Logs element by limiting re-rendering (#17685) * Docs: Flag serve_from_sub_path as available in 6.3 (#17674) * @grafana/runtime: expose config and loadPluginCss (#17655) * noImplicitAny: Fix basic errors (#17668) * Docs: Update readme to reference correct repo (#17666) * LDAP: small improvements to various LDAP parts (#17662) * Chore: Fix noImplicitAny issues (#17636) * AddPanel: Fix issue when removing moved add panel widget (#17659) * TablePanel: fix annotations display (#17646) * middleware: fix Strict-Transport-Security header (#17644) * Build: add @grafana/data package (#17436) * Update latest.json for 6.2.4 * Update latest.json for 6.2.3 * Update the changelog with v6.2.4 information * Build: Updates node image for e2e job (#17632) * Explore: Prometheus query errors now show (#17470) * Chore: Lowered implicit anys limit to 4599 (#17631) * noImplicitAny: SingleStat panel (#17616) * Build: Update node image for test-frontend job step (#17628) * grafana-cli: Fix receiving flags via command line (#17617) * Typescript: Removes implicit anys (#17625) * Explore: Removes minus button in adhoc query field (#17573) * Correct 6.2.3 release date (#17624) * codestyle: styleguide and arch for grafanas backend (#17545) * JsonTree: fix jsonTree angular binding (#17608) * HTTPServer: Fix X-XSS-Protection header formatting (#17620) * Changelog: Add known issues for v6.2.3 (#17615) * Update the changelog with v6.2.3 information (#17612) * Refactor buttons (#17611) * Tests: Replaces e2e tests truth screenshot (#17609) * cli: grafana-cli should receive flags from the command line (#17606) * AppPlugin: Fix load legacy plugin app (#17574) * Typescript: A batch of implicit any fixes (#17590) * RefreshPicker: Handle empty intervals (#17585) * Docker: Switch base to ubuntu:latest (#17066) * SQLStore: extend `user.SearchUsers` method (#17514) * Explore: Tag and Values for Influx are filtered by the selected measurement (#17539) * ldap: makes mocks available for testing. (#17576) * Devenv: Add nginx proxy for mac (#17572) * Graph: Added new fill gradient option (#17528) * Typescript: Reduce implicit any errors (#17550) * SinglestatPanel: Manages when getColorForValue() function returns null value. Closes #9747 (#17552) * LDAP: refactoring (#17479) * Elasticsearch: Fix empty query request to send properly (#17488) * SinglestatPanel: fix min/max config in singlestat sparklines (#17543) * AuthProxy: Optimistic lock pattern for remote cache Set (#17485) * Explore: Includes context parameter when invoking getExploreState() from Prometheus datasource (#17569) * Tests: Replaces truth image (#17570) * Fix: Fixes merge conflict (#17568) * Build: Fix failing e2e tests and implicit any check (#17567) * Explore: Fixes implicit any error in AdHocFilterField.test.tsx (#17565) * Fix so that correct cache is provided to di registry (#17566) * Build: Upgrades to golang 1.12.6 (#17542) * Explore: Adds ability to remove filter from key dropdown (#17553) * codestyle: moves cache to infra (#17519) * Docs feedback: installation/debian.md (#17563) * Chore: Lowered implicit anys limit to 5131 (#17562) * Influx: Reset logs query field on clear all and clear row in explore (#17549) * Devenv: Add telegraf with log parsing to influxdb docker block (#17546) * Explore: Runs query when measurement/field and pairs are selected in logs mode for influx (#17523) * Influx: Adds start page for logs in Explore (#17521) * OAuth: Fix for wrong user token updated on OAuth refresh in DS proxy (#17541) * middleware: add security related HTTP(S) response headers (#17522) * Docs: Clarifies from which version the Patch VERB is available (#17532) * Chore: Hugo upgrade (#17494) * Codestyle: Fix some goconst issues (#17530) * Docs: Adds clarification to the provider name for provisioned dashboards (#17524) * Singlestat: Add y min/max config to singlestat sparklines (#17527) * Explore: Clear queries when switching between metrics and logs (#17505) * 16223 user auth token list and revoke (#17434) * Feature: Parse user agent string in user auth token api response (#16??? (#17504) * Tests: Adds better logging to e2e tests (#17511) * Codestyle: Add typecheck and unused linters (#17491) * Docs: Add CircleCI step trigger-docs-update (#17481) * remote_cache: Fix redis (#17483) * auth_proxy: non-negative cache TTL (#17495) * Explore: Adds LogQueryField for InfluxDb (#17450) * sqlstore: clean quota and user_auth_tokens when removing users (#17487) * Prometheus: Preallocate data for Prometheus backend response parsing (#17490) * Docs: Fix a typo in Elasticsearch docs (#17492) * gtime: some code style refactoring (#17369) * Build: make bra a local dependency (#17414) * Add tests for multildap (#17358) * RefreshPicker: SetInterval comments to rxjs code added (#17404) * metrics: expose stats about roles as metrics (#17469) * Explore: Handle newlines in LogRow Highlighter (#17425) * Alerting: Add tags to alert rules (#10989) * Config: Add comment before log_queries in sample ini file (#17462) * CLI: Search perf test data (#17422) * Prometheus: Use overridden panel range as $_range instead of dashboard range (#17352) * Update latest (#17456) * NavModel: Fixed page header ui tabs issues for some admin pages (#17444) * Update changelog for 6.2.2 (#17452) * PluginConfig: Fixed plugin config page navigation when using subpath (#17364) * Tracing: allow propagation with Zipkin headers (#17009) * Perf: Fix slow dashboards ACL query (#17427) * Explore: Fixes crash when parsing date math string with whitespace (#17446) * Cloudwatch: Add AWS DocDB metrics (#17241) * Provisioning: Support folder that doesn't exist yet in dashboard provisioning (#17407) * Codestyle: Fix govet issues (#17178) * @grafana/runtime: expose location update (#17428) * Fix: Adds context to list of keys that are not part of query (#17423) * Prometheus: Correctly escape '|' literals in interpolated PromQL variables (#16932) * Explore: Makes it possible to use a different query field per mode (#17395) * DataSourceApi: remove ExploreDataSourceApi (#17424) * Fix: change angular loader paths (#17421) * Build: specify build flag for `docker-compose up` (#17411) * Add a @grafana/runtime package with backendSrv interface (#16533) * Database: Initialize xorm with an empty schema for postgres (#17357) * docs: configuring custom headers in the dataproxy (#17367) * Explore: Queries the datasource once per run query and uses DataStreamObserver (#17263) * Feature: Adds redux action logging toggle from url params (#17368) * Build: Adds e2e tests back to master workflow with better error messages and with artifacts (#17374) * Explore: Handle datasources with long names better in ds picker (#17393) * Annotations: Improve annotation option tooltips (#17384) * InfluxDB: Fixes single quotes are not escaped (#17398) * Chore: Bump axios to 0.19.0 (#17403) * Alerting: golint fixes for alerting (#17246) * Batch disable users (#17254) * Chore: Remove unused properties in explore (#17359) * MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros (#13086) * Security: Prevent csv formula injection attack (#17363) * LDAP: remove unused function (#17351) * Enterprise: remove gofakeit dep (#17344) * Explore: Update time range before running queries (#17349) * Build(package.json): improve npm commands (#17022) * Chore: upgrade webpack analyser (#17340) * NewDataSourcePage: Add Grafana Cloud link (#17324) * CloudWatch: Avoid exception while accessing results (#17283) * Build: ignore absence of docker-compose (#17331) * Build(makefile): improve error handling (#17281) * adds auth example for the cli cherrypick task (#17307) * docs: remove my email from docs examples (#17325) * 16365 change clashing variable names (#17140) * Frontend/SeriesData: Fix for convert SeriesData to Table format (#17314) * Frontend/utils: Import has only from lodash (#17311) * Frontend/utils: Add missing type (#17312) * update v6.2-beta1 changelog with missing pr (#17308) * explore: don't parse log levels if provided by field or label (#17180) * HTTP Server: Serve Grafana with a custom URL path prefix (#17048) * update latest.json to latest stable version (#17306) * release: v6.2.1 changelog update (#17303) * Build: Removes e2e-tests from Grafana master workflow (#17301) * Build(devenv): correct the context issue (#17291) * Build: Enables end-to-end tests in build-master workflow (#17268) * Gauge/BarGauge: font size improvements (#17292) * Chore: Update jquery to 3.4.1 in grafana ui (#17295) * CLI: Add command to migrate all datasources to use encrypted password fields (#17118) * Auth Proxy: Log any error in middleware (#17275) * devenv: metricbeat and kibana for elasticsearch 7 block (#17262) * LDAP: reduce API and allow its extension (#17209) * database: retry transaction if sqlite returns database is locked error (#17276) * Tech: Update jQuery to 3.4.1 (#17290) * fix typo in basic_concepts.md (#17285) * Feature: do dev environment via makefile (#17136) * devenv: adds auth proxy load test (#17271) * Table: various minor fixes (alpha panel) (#17258) * Singlestat: fixes issue with value placement and line wraps (#17249) * Devenv: Update Graphite port in dev datasources (#17255) * Chore: bump grafana-ui version (#17256) * Release: Updated latest.json * Auth: Logout disabled user (#17166) * docs: fixes typo in provisioning docs (#17248) * CloudWatch: Made region visible for AWS Cloudwatch Expressions (#17243) * Panel: Pass transparency prop down to React panels. (#17235) * Build: Fix filter for building msi during release (#17236) * DataSourcePlugin: Avoid anuglar injector if only one parameter (#17239) * Alerting: Support for configuring content field for Discord alert notifier (#17017) * Explore: Update the way Loki retrieve log context (#17204) * Docs: Fix grammar in docs (#17233) * LDAP: consistently name the LDAP entities (#17203) * Panels: Show Drilldown links in top-left corner of custom React panels (#17142) * Build: Fix final prompt for @grafana/ui npm publish confirmation * Docs: Updated versions selector * Docs: Example for multiple LDAP servers (#17216) * Release: Updated changelog * Release: updated changelog with v6.2 entries (#17201) * Search: removed old not working search shortcuts (#17226) * azuremonitor: revert to clearing chained dropdowns (#17212) * Search: changed how search filter on current folder works (#17219) * AzureMonitor: docs for multiple subscriptions (#17194) * Defer closing of files (#17213) * Docs: Add guidelines for PR/commit messages (#17190) * Users: Disable users removed from LDAP (#16820) * docs: what's new in v6.2 fixes (#17193) * DataSourceMeta: add an option to get hidden queries (#17124) * Panel: Apply option defaults on panel init and on save model retrieval (#17174) * BarGauge: Fix for negative min values (#17192) * Azuremonitor: multiple subscription support for alerting (#17195) * AppPlugin: add types for jsonData (#17177) * MSI: Generate sha256sum during MSI build process in circleci (#17120) * explore: fix null checks (#17191) * Fix: Fixes so new data is pushed during live tailing (#17189) * testdata: logs scenario (#17182) * testdata: scenarios returned are now sorted in a consistent way (#17181) * TablePanel: Check for table using keys (#17185) * Fix gosimple issues (#17179) * AppPlugin: add an init function (#17150) * Fix: Changes WebSocket protocol to wss:// for https (#17173) * alerting: golint fixes for alert notifiers. (#17167) * LDAP: add tests for initialBind (#17132) * Explore: Adds Live option for supported datasources (#17062) * alerting: fix a bunch of lint issues. (#17128) * chore: mocks plugin loader for DataSourceSettingsPage tests (#17157) * Release: Improved cherry pick task (#17087) * Explore: Fix selection/copy of log lines (#17121) * Explore: Fix empty space in toolbar on smaller devices (#17110) * Explore: display log line context (#17097) * Plugins: expose rxjs matching 6.4.0 (#17148) * Chore: fix codespell issue with build (#17144) * Feature: LDAP refactoring (#16950) * explore: fix issues when loading and both graph/table are collapsed (#17113) * explore: make sure datasource is added to target (#17116) * Fix: tighten revive exit code & make it happy (#17127) * GraphPanel: Don't sort series when legend table & sort column is not visible (#17095) * Chore: Update grafana-ui version to 6.2.0-alpha.0 (#17109) * add support for periodically reloading mysql client certs (#14892) * Chore: Deduplicate sqlstore transaction code (#17069) * Alertmanager: Replace illegal chars with underscore in label names (#17002) * Adjusted documentation for gcs to reflect the code (#16947) * fix: Initial url update in Explore should replace existing url history #17030 (#17061) * Explore: Allow switching between metrics and logs (#16959) * Chore: explore possibilities of using makefile (#17039) * Chore: Bump jest to 24.8.0 (#17094) * Chore: Bump ts-node to 8.1.0 (#17093) * Release: Updated changelog * backend: replace /pkg/errors with errutil (#17065) * Explore: Fixes filtering in Prometheus queries when clicking in Table (#17083) * Remotecache: Avoid race condition in Set causing error on insert. (#17082) * Build: Support publishing MSI to grafana.com (#17073) * InputDataSource: better empty value support (#17075) * Panels: Fixed alert icon position in panel header (#17070) * GraphPanel: use SeriesData directly (skip legacy transformation) (#17037) * Streaming: support streaming in MetricsPanelCtrl (#17034) * Gauge: Fix switching orientation issue when switching from BarGauge to Gauge (#17064) * serverlock: run tests async should be more linear time wise (#17059) * InfoPopover: Fixes transclude undefined error (#17063) * Dashboard: Fixes lazy loading & expanding collapsed rows on mobile (#17055) * fix: Azure Monitor adds missing closing div tag to query editor (#17057) * Chore: Use executable dir instead of pwd in CLI for isDev check (#16974) * Search: Set element height to 100% to avoid Chrome 74's overflow (#17054) * Docs: adds note about removing session storage (#17003) * Chore: remove use of `== false` (#17036) * Explore: use @grafana/ui legend (#17027) * tech: avoid alias for importing models in alerting (#17041) * DataSourcePlugin: support custom tabs (#16859) * Dashboard: Fixes scrolling issues for Edge browser (#17033) * SeriesData: remove color from Field (#17044) * chore: remove x character in explore * Dashboard: show refresh button in kiosk mode (#17032) * Devenv: Updated gauge test dashboard * Chore: reintroduce gosec (#17021) * Gauge: tweaks to background color and height usage (#17019) * Feature: provide multildap server configuration (#16914) * (feat/explore): Support for new LogQL filtering syntax (#16674) * fix(explore): Prevent double querying for Prometheus and Loki (#17004) * Chore: No implict any fixes (#17020) * move log package to /infra (#17023) * Chore: Lowered implicit anys limit to 5386 * Chore: Updated snapshot * Select: Fixed isOpen issue * Chore: Typescript no-implicit any fixes progress (#17018) * GraphPanel: show results for all SeriesData (#16966) * Fix: Wrap value of multi variable in array when coming from URL (#16992) * GettingStarted: add key and remove ng-class (#17007) * explore: add some extra time for angular query editors to update query (#16955) * Explore: Align Explore with Dashboards and Panels (#16823) * Explore: Fix empty result from datasource should render logs container (#16999) * Explore: Fixes zoom exception in Loki/Graph (#16991) * PanelEditor: Fix queries tab now showing, wrong skipDataQuery logic (#16994) * DataSourceApi: convert interface to abstract class (#16979) * Panels: Fixed error panel tooltip (#16993) * Docker: Prevent a permission denied error when writing files to the default provisioning directory (#16831) * Notification: attempt to send notifications to all given email addresses (#16881) * GettingStarted: convert to react panel plugin (#16985) * Plugins: Remove dataFormats key and add skipDataQuery (#16984) * AlertList: removed icon * MetricsPanelCtrl: use shared queryRunner to support query execution (#16659) * TableData: support name (#16983) * Changelog: Typo guage -> gauge (#16982) * TestData: stream via fetch (#16963) * plugins: fix how datemath utils are exposed to plugins (#16976) * NewDataSource: Updated page header title * fix(prometheus): issue with click label to filter for recording rules in Explore * Explore: Removes Promise.All from runQueries thunk (#16957) * Chore: Add prometheus basic auth proxy (#16882) * Snapshot: use given key and deleteKey (#16876) * DataSourcePlugins: more generics improvements (#16965) * AddDataSource: Updated page design & categories (#16971) * Templating: Support selecting all filtered values of multi-value variable (#16873) * Chore: Add Input stories (#16897) * FieldDisplay: Don't use group ui elements in field editors (#16953) * GettingStarted: Fixes layout issues, fixes #16926 (#16941) * PanelModel: Fix crash after window resize, fixes #16933 (#16942) * Singlestat: fixed centering issue for very small panels (#16944) * Tests: Adds end-to-end tests skeleton and basic smoke test scenario (#16901) * Chore: Replaces moment with Grafanas DateTime (#16919) * InfluxDB: Fix HTTP method should default to GET (#16949) * Chore: Skip unnecessary checks on pre commit (#16946) * http: remove dualstack since its deprecated (#16940) * devenv: add slow reverse proxy (#16943) * AppPlugin: Menu Edit Url Fix (#16934) * DataSource Plugins: consistent generics order (#16936) * Plugins: update beta notice style (#16928) * Chore: update version number for 6.3 (#16927) * Plugins: Support templated urls in routes (#16599) * changelog: add 5.4.4 release * docs: add download link to what's new in v6.2 * update changelog * Update changelog for 6.2.0-beta1 * AzureMonitor: adds support for multiple subscriptions per datasource (#16922) * docs: what's new in v6.2 (#16909) * Chore: ban importing from @grafana/ui in grafana ui files (#16920) * BarGauge: New multi series enabled gauge like panel with horizontal and vertical layouts and 3 display modes (#16918) * alerting: no notification when going from nodata -> pending (#16905) * rpm: start grafana after mysqld process (#16917) * Build: fix failing grafana/ui build (#16913) * BarGauge: Updated test dashboards and threshold fix (#16911) * PanelModel: Clear queryRunner on destroy (#16906) * Panels: No title will no longer make panel header take up space (#16884) * Elasticsearch: Fix pre-v7.0 and alerting error (#16904) * Gauge: Better handling of gauge repeat title (#16886) * Refactor: move datemath to grafana/ui (#16890) * PanelQueryState: check for existing running query (#16894) * devenv: add alert list panel (#16896) * Security: Add new setting allow_embedding (#16853) * build: fix integer overflow in pkg/tsdb tests on 32bit platforms (#16818) * Security: Responses from backend should not be cached (#16848) * Alert: Support variables in Alert List filters (#12583) (#16892) * Chore: Lowered implicit anys limit to 5617 * FieldDisplay: shared options model for singlestat panels (#16703) * Refactor: rename statsCalculator to fieldReducer (#16867) * PanelModel: expose isInView property to PanelModel (#16877) * CSV: escape quotes in toCSV (#16874) * Dashboard: Lazy load out of view panels (#15554) * LDAP: Added reload endpoint for LDAP config (#15470) * PluginsList: Removed icons and updated snapshots (#16872) * Panels: Fixed issue with panel type change and data updates (#16871) * Chore: fix modes for non-executable files (#16864) * DataSourceSettings: Minor fix for uncontrolled input (#16863) * Chore: Lowered implicit anys limit to 5623 * TestData: Add dashboards to testdata (#16855) * Input Datasource: convert from angular config to react ConfigEditor (#16856) * DataSources: minor typescript cleanups and comments (#16860) * TestDataDatasource: Add config editor (#16861) * App Plugins: support react pages and tabs (#16586) * Add Windows MSI generation to build process (#16502) * Datasources: add support for POST HTTP verb for InfluxDB (#16690) * Add pattern validation in configs (#16837) * Search: Enable filtering dashboards in search by current folder (#16790) * FormLabel: allow any rather than just a string for tooltip (#16841) * prometheus: fix regression after adding support for tracing headers (#16829) * area/circleci: Speed up circleci build process for branches and pr (#16778) * DataProxy: Restore Set-Cookie header after proxy request (#16838) * docs: clarify page parameter version support for folder/dashboard search (#16836) * Chore: revise some of the gosec rules (#16713) * Refactor: consistant plugin/meta usage (#16834) * Explore: Use SeriesData format for loki/logs (#16793) * Refactor: move NavModel to @grafana/ui (#16813) * Auth: Enable retries and transaction for some db calls for auth tokens (#16785) * Provisioning: Show file path of provisioning file in save/delete dialogs (#16706) * Add tracing headers for prometheus datasource (#16724) * Config: Fixes bug where timeouts for alerting was not parsed correctly (#16784) * build: removes gopkg files from dev docker file (#16817) * Provisioning: Trying to fix failing test (#16800) * Table: React table fix rotate support in storybsck (#16816) * TestData: add log level in dummy message (#16815) * removes gopkg.lock from root folder * Explore: Support user timezone (#16469) * Plugins: rename vizPlugin to panelPlugin (#16802) * Plugins: move app/feature/plugin properties into PluginMeta (#16809) * Plugins: move PanelPluginMeta to grafana/ui (#16804) * Plugins: move datasource specific meta out of the main meta type (#16803) * updates changelog for 6.1.6 * Fix: Fetch histogram series from other api route (#16768) * phantomjs: set web-security to true * Chore: Lowered implicit anys limit to 5668 * build: restore postgres integration tests (#16801) * docs: explain correct access control model of GCS buckets (#16792) * Chore: Fixed no implicit any Typescript errors (#16799) * Feature: introduce LdapActiveSyncEnabled setting (#16787) * Plugins: ReactPanelPlugin to VizPanelPlugin (#16779) * UX: Improve Grafana usage for smaller screens (#16783) * ThresholdEditor: Minor style fix for smaller screens (#16791) * Build: Use isolated modules for ts-jest (#16786) * LDAP Refactoring to support syncronizing more than one user at a time. (#16705) * build: removes unused vendored files * (fix/explore): remove vertical-align looks better for long logs (#16736) * Chore: bump jQuery to 3.4.0 in grafana/ui (#16781) * Devenv: Updated home dashboard and added new influxdb test dashboard * Chore: Lowered implicit anys limit to 5946 * RefreshPicker: minor design update (#16774) * Streaming: support streaming and a javascript test datasource (#16729) * GraphLegendEditor: use stats picker rather than switches (#16759) * Feature: add cron setting for the ldap settings (#16673) * Build: Disables gosec until identified performance problems (#16764) * Chore: bump jQuery to 3.4.0 including prototype pollution vulnerability fix (#16761) * elasticsearch: add 7.x version support (#16646) * Provisioning: Add API endpoint to reload provisioning configs (#16579) * Config: Show user-friendly error message instead of stack trace (#16564) * Chore: Lowered implicit anys limit to 5954 * Feature: Enable React based options editors for Datasource plugins (#16748) * sqlstore: use column name in order by (#16583) * user friendly guide (#16743) * Provisioning: Interpolate env vars in provisioning files (#16499) * admin: add more stats about roles (#16667) * Feature: Migrate Legend components to grafana/ui (#16468) * playlist: fix loading dashboards by tag (#16727) * CloudWatch: Use default alias if there is no alias for metrics (#16732) * Provisioning: Support FolderUid in Dashboard Provisioning Config (#16559) * Refactor: Make SelectOptionItem a generic type to enable select value typing (#16718) * docs: fix upgrade instructions * Chore: Small improvements to grafana-cli (#16670) * Chore: Use x/xerrors instead of pkg/errors (#16668) * Chore: a bit of spring cleaning (#16710) * Fixes #15863 (#16684) * Docs: Update notification services (#16657) * PanelQueryRunner: add datasource name to queries (#16712) * Chore: remove session storage references (#16445) * Dashboard: Minor settings UI Update (#16669) * Templating: Do not copy hide option (#16696) * Docs: Fix advanced variable formatting examples (#16691) * QueryEditors: pass PanelData and filtered PanelData to each editor (#16692) * Chore: remove extra logging (#16688) * DashboardSrv: export getDashboardSrv to react (#16687) * Refactor: split PanelQueryRunner into runner and state (#16685) * Docs: Googlechat provisioning config example (#16682) * TestDataDatasource: add the query refId to each result * AppPlugin: avoid app plugin navigation slowness (#16675) * Refactor: improvements to PanelQueryRunner (#16678) * Refactor: move getQueryRunner() to PanelModel (#16679) * Docs: initial backend plugins development guide (#16631) * build: remove dep config files since they are not used anymore * Fix typo in PULL_REQUEST_TEMPLATE.md * refactor: move timeInfo to DataRequestInfo (#16664) * QueryRunner: Move queryRunner to panelModel (#16656) * PanelQueryRunner: move error handling to QueryRunnerOptions (#16654) * refactor: Merge PanelChrome and DataPanel, do query execution in PanelQueryRunner (#16632) * Search: Fixed search issue introduced in recent PR (#16652) * Cloudwatch: fix for flaky tests (#16649) * UI: Remove old icons (#16335) * Search: Fixes search limits and adds a page parameter (#16458) * Chore: Upgrade lodash to v4.17.11 (#16645) * Chore: Lock dependencies (#16644) * tech: replace bmizerany/assert with stretchr/testify (#16625) * Chore: update yarn.lock (#16637) * Panel Plugins: pass query request/response to react panel plugins (#16577) * Explore: Adds logs highlighting in Explore on keypress (#16596) * Build: adding dependency used by extensions (#16622) * TimePicker: Re-add apply button in time picker (#16619) * Chore: refactor auth proxy (#16504) * Docs: updated help for changelog cli task (#16615) * replace dep with go modules (#16017) * Docs: Updated changelog for 6.1.4 * Heatmap: Fixed auto decimals when bucket name is not number but contains dots, fixes #13019 (#16609) * build: partially replace gometalinter with golangci-lint (#16610) * Explore & Dashboard: New Refresh picker (#16505) * Build: Fix missing icon typing (#16601) * Plugins: added missing prop to type * CloudWatch: GetMetricData refactoring & fix label handling (#16383) * Chore: prepare our SQL for cockroach db (#16471) * AppPlugins: fix app support and add an alpha example (#16528) * Switch: made minor styling tweaks to switch to align to 4px grid (#16593) * Docs: minor docs update for old urls * Chore: Add more explicit typing (#16594) * Chore: Lowered implicit anys limit to 5977 * Chore: Adds typings to lodash (#16590) * PanelEditor: Change Queries heading to Query (#16536) * Security: Store datasource passwords encrypted in secureJsonData (#16175) * More development dashboards (#16550) * build: upgrades to golang 1.12.4 (#16545) * Use package libfontconfig1, instead of libfontconfig (#16548) * Adjust Send on all alerts to default label (#16554) * Chore: Lower limit of implicit anys to 6676 * DirectInput: new alpha datasource that lets you enter data via CSV * Plugins: expose getBackendSrv() to plugins (#15268) * DataPanel: Added built-in interval variables to scopedVars (#16556) * TestData: Add minInterval query option * Chore: Remove implicit anys for DashboardModel and tests (#16553) * Pushover alert, support for different sound for OK (#16525) * Chore: Lowered implicit anys limit to 6816 * CloudWatch: Fix template variable expand bug (#16405) * CloudWatch: fix color order (#16408) * Plugins: Unifying alpha state & options for all plugins (#16530) * Revert "Build: Upgrades to go 1.12.3 (#16491)" (#16544) * Annotations: Annotation list style improvements (#16541) * QueryInspector: Now shows error responses (#16514) * Build: Upgrades to go 1.12.3 (#16491) * Build: Update master version number (#16532) * Elasticsearch: Format elasticsearch test dashboard json (#16537) * Update jwt regexp to include = (#16521) * Chore: docs fixes underscore formatting (#16516) * Fix: Pass missing maxDataPoints to query in Explore (#16513) * Fix: Recalculate intervals in Explore on run queries (#16510) * devenv: add elasticsearch v6 filebeat integration (#16493) * devenv: add worldmap panel panels for elasticsearch (#16313) * Plugins: Optionally preload some plugins during frontend app bsct (#15266) * Panels: Add types for DataList and range (#16500) * Chore: Lowered implicit anys limit to 6818 * PanelData: Rename ColumnStats type to FieldStats (#16494) * DataSourceApi: add getCollapsedText(query) to DataSourceApi (#16482) * Graph: Add some typescript types for data (#16484) * Build: Updates goconvey to work on go1.12 (#16483) * Provisioning: Do not allow deletion of provisioned dashboards (#16211) * Chore: lower limit for implicit anys to 6829 * Singlestat-v2/Gauge: Show title when repeating (#16477) * Docs: fix grammar in query hint, tests, and documentation (#16444) * Heatmap: Fix empty graph if panel is too narrow (#16460) * Release: updated latest.json * Docs: Updated changelog * docs: fixes and update current version * Docs: Updated changelog for v6.1.3 * Graph: fixed png rendering with legend to the right (#16463) * Fix: Disables auto open datasource picker on focus (#16398) * add some mock/stub guidelines to testing guideline (#16466) * Feat: Suggestion list in Explore is virtualized (#16342) * Docs: Updated roadmap issue to link to the pinned roadmap issues * Graph: Fixed auto decimals in legend values (#16455) * Styling: Aligned heading (#16456) * add PromQL keyword for adhoc filter (#16426) * Singlestat: Use decimal override when manually specified (#16451) * Graph: follow-up graph decimals fix, #16414 (#16450) * Chore: use remote cache instead of session storage (#16114) * Docs: Minor changelog tweak * Docs: Updated changelog with v6.1.2 release issues * datasource: fix disable query when using mixed datasource (#16409) * Graph: Fixed series legend color for hidden series (#16438) * Templating: Fixed loading React variable query editor (#16439) * Styles: Fixed left menu highlight (#16431) * Fix: remove test artefact (#16411) * Theme: Reworking button styling (#16362) * Graph: Fixed tooltip highlight on white theme (#16429) * BarGauge: Round sizing to avoid float widths * Graph: Allow override decimals to fully override (#16414) * Units: Correctly use the override decimals (#16413) * Docs: Remove broken youtube link in timerange reference (#16415) * BarGauge: Fixed minor margin issue (#16419) * Docs: Updated GitHub PR Template * Bar Gauge: Show tile (series name) & refactorings & tests (#16397) * Fix: align panel padding between sass & js theme (#16404) * Fix: playlist now preserve the correct url query params (#16403) * Fix: Graphite query rendering fix (#16390) * Fix: Query editor toggle edit mode fix (#16394) * Refactor: Plugin exports & data source / panel types (#16364) * Chore: Update lockfile (#16380) * Alerting: Notification channel http api fixes (#16379) * Chore: Add task to find FocusConvey tests (#16381) * CloudWatch: Update AWS/IoT metric and dimensions (#16337) * Fix: Table Panel fix to re-render panel when options are updated (#16376) * Docs: Fix typo in Prometheus documentation (#16369) * build: Fixed incorrect permissions for repo folders in ci-deploy. (#16360) * Docs: remove embedd info about samesite cookie from app, docs only is better * Chore: Lowered error count limit * build: fixes bug in verification script. * Tech: Bump typescript and jest (#16354) * Automation: Updates to yarn cli cherrypick & changelog tasks (#16357) * Feat: Improve embed panel info text (#16344) * Fix: Cloudwatch fix for dimension value (#16356) * build: Script to check that our repos work and what the latest package version is (#16350) * Fix: Autoprefixer is now working (#16351) * Chore: docs updates to what's new for 6.1 (#16346) * build: Fix for renamed package for armv6. * Chore: bump storybsck and add build script (#16340) * Refactor: React Panels to only use SeriesData[] (#16306) * Docs: Suggest add-apt-repository to install APT repos (#16333) * Units: Add angle units, Arc Minutes and Seconds (#16271) * Chore: Lowered implicit any limit to 6850 * Feat: Adds reconnect for failing datasource in Explore (#16226) * docs: improve alert notification channel provisioning (#16262) * Build: Moved the failing appveyor file so we can get green builds in master * Fix: Build report the correct directives before failing (#16312) * Fix: input elements autofill background (#16295) * Fix: Bring back styles on Switch components when checked * Chore: breaks build if certain FrontEnd limits are exceeded (#16301) * Fix: Graphite query ast to string fix (#16297) * Fix: Template query editor this bind exception fix (#16299) * Fix: Alerting Notification channel http api fixes (#16288) * Refactor: Move LogLevel and Labels utils to @grafana/ui (#16285) * Refactor: Rename Tags to Labels in SeriesData (simple) (#16284) * Elasticsearch: Fix view percentiles metric in table without date histogram (#15686) * Configuration: Improve session_lifetime comments (#16238) * Alerting: Makes timeouts and retries configurable (#16259) * Fix: Correct SnapshotData typing (#16279) * Feat: Angular panels & SeriesData to Table/TimeSeries (#16266) * Fix: React Graph & Show message on no data (#16278) * Feature: added actionable message in Explore when no datasource configured (#16252) * Feature: Case insensitive Loki search (#15948) * Feat: Singlestat panel react progress & refactorings (#16039) * Chore: Implement gosec (#16261) * Fix: Updated snapshot unit test that was failing * Refactor: Theme & Removed the last rems (#16245) * Refactor: Theme input padding variables (#16048) * Feat: More robust csv support (#16170) * Docs: Fix rpm dependencies example (#16272) * Fix: HTML meta tags fix for iOS (#16269) * Feature: Introduced CallToActionCard to @grafana/ui (#16237) * Refactor: Rename TimeSeriesVM to GraphSeriesXY (#16216) * Chore: Implement revive (#16200) * InfluxDB: Fix tag names with periods in alerting (#16255) * Fix: Table Panel and string values & numeric formatting (#16249) * Tech: Patch lib updates, update yarn.lock (#16250) * Chore: docs whats new article for the 6.1 release (#16251) * Chore: Storybsck improvements (#16239) * Feat: Introduce Button and LinkButton components to @grafana/ui (#16228) * Chore: changelog adds note for #16234 * Fix: Prometheus regex ad-hoc filters w/ wildcards (#16234) * Chore: changelog notes for #13825,#15205,#14877,#16227 * Fix: Alert email variable name typo fixed (#16232) * Fix: scripts changelog cli per page set to 100 * Fix: Dashboard history diff & white theme fix (#16231) * Merge pull request #16241 from grafana/hugoh/no-implicit-any * Chore: Theme consistency, rems => pixels or variables (#16235) * Chore: Theme consistency, rems => pixels (#16145) * changelog: adds notes for #16229 and #16227 * Fix: Elasticsearch fix template variables in the alias field (#16629) * Fix: TablePanel column color style now works even after removeing styles, fixes #16162 (#16227) * Docs: Updated changelog for 6.1 release (#16224) * Alerting: Notification channel http api enhancements (#16219) * Upgrades: Patch updates to yarn lock (#16215) * Fix: DatasourceApi query response typing fix (#16214) * chore(influx): no point of reading response when bad status (#16212) * docs: loki provisioning * docs(dev): Update docs about devenv dir (#16208) * fix(dashboard): time regions spanning across midnight (#16201) * fix(InfluxDB): Reads body and close request body even for error status codes (#16207) * chore: more TableData to SeriesData renaming (#16206) * fix(panels/graph): Default option name for spaceLength was accidentally changed (#16205) * fix(explore): only show split close button when split is active (#16203) * fix(react2angular): Fixed react to angular wrapper watching function expressions causing infinte digest loop, fixes #16194 (#16196) * fix(Alerting): Fixed alert rules with eval in day units, fixes #16174 (#16182) * fix(panel/table): Fix for white text on white background when value is null * refactor(grafana/ui): Replace with Input component from grafana/ui (#16085) * fix(loki): Hide empty labels column * build: fixes publishing version. * refactor(data models): Renamed TableData to SeriesData (#16185) * chore(core/utils): Add typings to datemath.ts (#16195) * only call onPanelMigration when the version actually changes (#16186) * feat(explore): make it possible to close left pane of split view (#16155) * feat(Explore): make sure Loki labels are up to date (#16131) * build: makes sure grafana.version is available when deploying. * fix: added missing event to function signature Fixes: #16055 * build: refactoring * build: updated build container with support for rpi1. * build: support for publishing armv6. * build: builds armv6 with rpi1 compat gcc. * fix: added target and datasource as isMetric property Fixes: #15862 * chore: Removed implicit anys in react container and test helpers * Pamels: Options are always there * Panels: Support angular -> react migration via PanelMigrationHandler * Panels: Added more tests for change panel plugin * Panels: Refactoring how panel plugins sets hooks and components, #16166 * clarify notifications API docs * remove processTimeSeries * merge master * don't use process timeseries * rename stat to show in UI * use display value in pie chart * keep plugin versions * remove panel plugin setters * renamed float to flot * prevOptions should be optional * moved migration hook to its own function * Minor refactoring of stats picker / shared singlestat code * Makes it possible to navigate back/forward with browser buttons in Explore (#16150) * Moved DisplayValueOptions type back, #16134 * adding check for decimals * add one more test * Graphite: fixed variable quoting when variable value is nummeric, fixes #2078 * Minor refactoring of #16127 * Update provisioning.md * Graphite: Fixed issue with using series ref and series by tag, fixes #15237 * move typings to types, * Link license corrections * remove logging * add stat picker to single stat * removed option to not check strings * drop one level of nesting * cleanup and guess all columns * Small license correction * update cloudwatch metrics/dimensions list * Enable sass theme change in Storybsck * replaced rems with pixels or variables * adding test * updating usages in singlestat * Sorting imports * adding function * Use grafana's logger implementation * another change that didn't come with earlier commit * change that didn't come with in last commit * reversed dashboard-padding * Update CloudWatch metrics/dimension list (#16102) * brought back dashboard-padding and panel-padding variables, made dashboard-padding more specific * replaced rem with pixels or variables * fix(prometheus): Change aligment of range queries (#16110) * fix, assign by event.time * Minor refactoring of testdata query order PR #16122 * simplify * deduplicate same value annotation * cleaner version * maintain query order * Remove sleeps in test code by overriding time.Now() * Update PLUGIN_DEV.md * Abstract encrypt/encode and decode/decrypt into their own functions * Rename dispatched commands to make them easy to grok * show all colums in graph * Use structured logging instead of printf * Make all http auth setting labels the same width * Merge with master, and updated logo and name * Rewrote creation of images tag * Added missing commas * Don't include non-existing image in MS Teams alert * cast to column * update table data model * show all columns in singlestats * fix(graphite): nonNegativeDerivative argument hidden if 0, fixes #12488 * Correct table names of sql storage for remotecache * more fixes to snapshot * more fixes to snapshot * Fixed gofmt issue in PR #16093 * removed empty space in snapshot * fix: Update snapshot related to new jest version * fixed snapshot for test * Regenerate lockfile due to the amount of merge conflicts. * removed dashboard variables, removed headings-font-family variable, created theme variables for links and z-index, removed unused class in _panel_editor and _dashboard * Remove commented code * flot pairs * add more functions and tests * Update org_user.go * Minor progress on fixing no-implicit any issues * refactor: merged types and updated references * Remove leftover from first iteration * Only keep certain query params when going to next playlist * Snapshot update * fix: ts issue on SelectOption test * chore: Bump react and react-dom to 16.8.4 * Update latest.json * Update templating.md * chore: cleaning up noimplicit anys in search_srv and tests progress: #14714 * Fix threshold editor color picker not working for custom colors * Updated comments * Updated threshold editor test * Re-render gauge / singlestat panels when changing options * fix: refactored so members are loaded by TeamPages and use hideFromTabs instead of filtering out children in navModel * teams: explains the external property of a team membership. * fix: fixed snapshots and permission select not beeing able to click * fix: new team link goes nowhere for viewers * teams: refactor so that you can only delete teams if you are team admin * permissions: removes global access to bus from MakeUserAdmin. * teams: local access to bus, moving away from dep on global. * teams: better names for api permissions. * teams: refactor. * permissions: refactor. * teams: refactor. * teams: hide tabs settings and groupsync for non team admins * teams: refactored db code. * teams: disable new team button if user is viewer * refactor: moved test from TeamMembers to TeamMemberRow * refactor: splitted TeamMembers to TeamMemberRow * teams: comment explaining input validation * teams: cleanup. * teams: cleanup. * dashboards: simplified code. * teams: disable buttons for team members * teams: moved logic for searchteams to backend * teams: viewers and editors can view teams * teams: editor/viewer team admin cant remove the last admin. * teams: changed permission to permission type instead of int * teams: defaulting invalid permission level to member permission level * team: uses PermissionType instead of int64 for permissions. * teams: editors can't remove the last admin from a team. * teams: tests use the new message for modifying team members. * team: renames teams.CanUpdate teamguardian.CanAdmin * teams: remov permission select for non admin users * docs: First take on describing feature toggle * config: updated feature toggle name * teams: cleanup. * dashboard: only admin permission added to dashboard in folder. * dashboards: better error handling * teams: team listing shows only your teams (editors). * teams: teams guard on all teams update methods. * teams: added delete team guard * teams: removed feature toggle as it is already in middleware * teams: added feature toggle and refactor tests * teams: cleanup. * teams: test refactorings. * teams: bugfix, user pointer. * teams: start of team update guardian for editors * teams: team update test * teams: change back to permissionlevel for Member to 0 * teams: make sure we use TeamPermissionLevel enum * teams: update only the selected user * teams: only write error message if error * teams: enabled so that user can update permission for team members * teams: feature toggle component * teams: test for update team member. * teams: can update team members permission. * teams: basic ui for permission in team members view * teams: editor added as admin for created teams. * teams: editors can work with teams. * teams: show teams and plugins for editors that can own * teams: make test cases pass again * folder: uses service to make user admin of created folder. * permissions: broken out func for making creator admin. * folders: admin for created folders * dashboards: user automatically becomes admin for created dashboards * fix(ci): frontend tests was accidentially commented out * Use SecretFormField in MSSql and Postgres datasources * Add SecretFormField component * Add possibility to pass custom input component to FormField * Allow angular react bridge to use kebab case attribute names * adding story and fixing tests * build: migrates the build container into the main repo. * build: updated deploy container with crcmod. * build: crcmod speedups rsync to gcp for deploy. * Update style_guides/backend.md * remove the error collector * Copied from new timepicker and unified component branch * docs: renamed file and added redux framework file * docs: moved examples to frontend.md * docs: intial draft for frontend review doc * Use ora#fail instead of console.log * reorder imports * test * rename to char * sorting imports * moving * Remove .only function * Add more patterns to no-only-test task * chore: Cleaning up implicit anys in DashboardExporter and tests progress: #14714 * rename reducer to statsCalculator * Great progress on bar gauge look * Explore: Fix log stats for long labels * calculate the column width * disable react table cell measure * dont test exists in the test... it will fail if not found * add random_walk_table scenario * adds backend code style guide * add test file * add startAt to random walk scenario * get values from base options * use singlestat base where appropriate * feature(explore/table): Add tooltips to explore table (#16007) * Update changelog * Bar gauge gradient mode * Bar gauge auto lcd cell count * Add check for Env before log * Update index.md * chore: Cleaning up implicit anys in manage_dashboard.ts and manage_dashboard.test.ts progress: #14714 * chore: Cleaning up implicit anys in app.ts progress: #14714 * panels: fix loading panels with non-array targets (add tests) * changelog: adds note about closing #15836 * set correct return type * panels: fix loading panels with non-array targets (refactor) * Bar gauge styling tweaks * panels: fix loading panels with non-array targets * changelog: adds note about closing #6359 and #15931 * add partial * no inheratance * improve single stat display * revert most options sharing * Refactoring the bar gauge and the orientation modes * add migration tests * renaming function * using refId from panel model * Tooltip: show percent instead of value * Add check so that header is not sent for anonymous users * Update config docs * Add custom header with grafana user and a config switch for it * changelog: adds note about closing #10816 * Right tooltip position * Add "No data points" message * use constants for cache type * makes variables template prettier complient * Make recently used auth_module test more robust by adding another 'log in' * changelog: adds note about #15744 * updates old distcache names * dont allow inifinite expiration * chore: Upgrade all babel related packages that is lagging behind * return error if cache type is invalid * Add more info to victorOps alert notifications * fix: papaparse must have gone missing during rebase * chore: Bump jest to 24 * fix: describe() should not be async * fix: Use proper syntax for plugin-syntax-dynamic-import * fix: Downgrade ts-node to 8.0.2 due to broken theme generation * chore: Bump ora * chore: Bump tslint (again) * chore: Bump axios * chore: Bump npm * chore: Bump glob * fix: Invalid css * chore: Bump clean-webpack-plugin, html-webpack-harddisk-plugin, postcss-reporter * chore: Bump file-loader and css optimizer webpack plugin * chore: Bump css-loader and remove minimize option since its removed in css-loader * chore: Bump npm packages and lock down some versions * chore: Bump mini-css-extract-plugin * chore: Lock down versions of expose-loader and html-loader * chore: Bump fork-ts-checker-webpack-plugin * chore: Prod builds should not cache * chore: Replace Uglify with Terser * chore: Bump webpack, webpack-bundle-analyzer, webpack-cli and webpack-dev-server to latest * reuse more gauge settings in bargauge * set the unit on time data * add error when not found * Added metric math docs * check types better * check types better * docs: Change type of 'tags' in annotationQuery result example to list * single hook * Change import path for social in the tests * Change import path for social since it has moved * generic repeater * generic repeater * Remove todo about index on user_id in user_auth because it exists * Add function in ds_proxy to handle oauthPassThru headers * Remove auth_module settings from oauthPassThru ui * Remove auth module from ds_proxy oauth test * Get most recent oauth token from db, rather than lookup by auth_module * Improve tooltip look * explore/logs: Hide empty duplicates column * merge master * fix for firefox checkboxes not appearing properly, added appearance as none * Always return most recently used auth_module from GetAuthInfo * used regex instead of string replacing * Fixed issue with alert links in alert list panel causing panel not found errors, fixes #15680 * Add comments * Add simple test for the ColorPicker * Use render props pattern in color picker * Move ColorPicker trigger to separate component and cleanup css * Improved error handling when rendering dashboard panels, fixes #15913 * fix return type * Only send ci metrics to hosted metrics instance * adding types * Added back branch guard * moved delete button from sidebar to general tab and renamed it * Refactoring the ci metrics a bit more making it easier to re-use * removed unused and very specific variables, also variables with same value as general variable * reduce loglevel to debug * Updated bar gauge snapshot * added some comments about state of components things * better comments * comment cleanup * force circleci to try again * format * touch * touch * make sure the validator is called before setState * API to fix/update properties before load * more tests * more options in storybsck * adding simple widget to pick the reducer * heatmap: fix for negative values * Fixed more typescript no implicit any issues * Also push to ci metrics to new shared HM instance * move sort to table processing * Fixed type issues introduced by adding angular types * Typescript noAny fixes, start of a long journey * Updated code stats collection * Updated path to new script * POC on collecting metrics in ci process * changelog: add notes about heatmap issues #15683 #14019 * added two new variables in default theme for panel padding, replaced panelhorizontalpadding and variables.panelverticalpadding with new variables * renamed default variables: s -> sm, m -> md, l -> lg * removed gf-form-margin variable and replaced with space- variables where it was used * add table reducer * heatmap: able to hide buckets with zero value #12080 * s -> sm, m -> md, l -> lg * heatmap: fix prometheus buckets sorting, closes #15637 * s -> sm, m -> md, l -> lg * removed headings-margin-bottom variable * rename to displayValues * remove kbn test * more tests * use new settings * fix tests * make value processing reusable * Call ora instead of instantiating it * Added scopedVars argument in datasourceSrv.get in DataPanel * MutableColumn * cleanup after review * rename handleXXX to onXX events * torkel feedback * onCellClick * heatmap: able to reverse Y buckets order, #15683 * fix(explore/logs) not collapsing whitespace (#15737) * Refactoring of multi-value datasource PR #15812 * fixed minor misstake with dashboard padding * removed -margin, replaced with new general variables * Move oauth token migrations in user_auth_mig * heatmap: fix middle bucket bound for prometheus * Refactoring / fixing password hint PR #15868 * chore: Move sidemenu out of context service and use the logic we have in the router already for hiding the sidemenu * Fix deduplication results displaying wrong data (#15755) * added new space variables to margins in AddPanelWidget, add_data_source, dashboard_settings and sidemenu * use `Get` instead of `Find` * avoid exposing cache client directly * add docs about remote cache settings * renames distcache -> remotecache * renames key to cache_key * build steps for cache servers * code layouts and comments * rename put -> set * reverts package.json I made during the flight >.> * `memcache` -> `memcached` * removes memory as distcache option * test redis and memcached during integration tests * adds config to default settings * avoid exporting test helpers * uses set instead of add for memcache * adds memory as dist storage alt * extract tests into seperate files * avoid exposing internal structs and functions * heatmap: don't display cut cards * heatmap: fix error when series empty * heatmap: middle bucket bound option, #15683 * rotate! * added new variables for spacing, set margins in _cards with new variables * better css * Revert "Fix Datasource Update to no User/Password" * rotate! * fix imageurl in notification test * add comment * attach themes to table story * reuse deprecationWarning * move to string.ts * move stringToJsRegex * get field mapping to actually work * add variable size storybsck * cell builder cleanup * minor storybsck cleanup * fix typos * autofill space rather than force with/height values * return table directly, not the debug info * Minor fix in values to histogram conversion * Fix histogram x-axis min/max * moved utillities to util * Change xaxis min and max form input types to number * Fix histogram xaxis min/max tests * Optionally set histogram x-axis min/max * table using MultiGrid * cleanup * cleanup * adding toolbar * adding stub table input CSV * docs: Fix indentation level for OAuth2 config * docs: update CONTRIBUTING.md * merge master * docs: update slack alert notification settings * docs: update admin and user http api documentation * feat(api): support list/revoke auth token in admin/current user api * support get user tokens/revoke all user tokens in UserTokenService * @grafana/ui - release docs v1 (#15835) * Minor refactoring of copy tags when saving feature, #15446 * Simple implementation for preserve tags, closes #11627 * Updated prettierignore * Refactoring of PR #14772 * Simple storybsck * fix typo in pr template * add nil/length check when delete old login attempts * Minor refactoring of new react text panel * Improve rendering * fix allow anonymous server bind for ldap search * changed all rems to pixels in defaults and template, changed back root font size * piechart -> pieChart * Rename: Piechart -> PieChart * Import only what is used from d3 * less nesting and add test * remove type field and add helper functions to check if data isTableData * add storybsck * fixes typo in redis devenv * add support for memcached * add support for redis storage * add garbage collector for database cache * test at interface level instead impl * cache: initial version of db cache * don't include stuff from app/... * fix scss * rename to Table * rename to Table * fix type errors * move to grafana/ui * better sort function * use TableData, not interface * Make password hint configurable from settings/defaults.ini * move toTableData to grafana/ui * don't require x & y columns for timeSeries * use TableData for timeseries in react * Update README.md * heatmap: reduce number of legend segments to reasonable value and round x values to prevent gaps * heatmap: fix legend padding * heatmap: fix legend for small values, #14019 #15683 * status: alpha * changed root font to 100%(default 16px), changed font-size from px to rem, updated rem sizes in template and default.ts files, removed display classes and variables since not used, removed lead class and variables since not usedremoved serif font since not used and probably never should be used * Update core:start cli command to watch theme changes again (#15856) * Updated pull request template * Updated pull request rtemplate * Removed title case from issue template title * Updated issue template titles * Updated issue templates * Updated templates * fix: Update error message and replace npm with yarn #15851 * fix: Make sure we dont add &autofitpanels to the url if it already exists #15849 * fix: Update test snapshot * fix: Logo goes Home instead of toggling side menu #15482 * Update upgrading.md for wrong spell * remove _ * cleanup * use pure component * return the same panelData unless it changes * sortable class * Map dataSourceTypeSearchQuery state from redux to search input. * move rendering to its own file * try virtualized * Initial tooltip * Minor refactoring of PR #15770 * Revert "Fix for leaving playlist mode" * Alternative fix to detecting when to stop a playlist, fixes #15701 and #15702 * fix discord notifier so it doesn't crash when there are no image generated * fix: Consistency in unit labels #15709 * Update latest.json * Run prettier * position from add panel, dimensions from copied panel * Fix donut rendering * Run prettier * Fix pieType change * changelog: add notes about closing #14509 #15179 * Render svg instead of canvas * fix: Add class for input fields with help icon to avoid icon hiding the text #15771 * restore to current folder when restoring old dashboard version * fix(renderer): Vendor ansicolor as typescript * log phantomjs output even if it timeout and include orgId when render alert * keep size from copied panel and not from add panel widget * Added basic cherry pick helping task * Prevent search in VizPicker from stealing focus (#15802) * fix only users that can edit a dashboard should be able to update panel json * Updated changelog task * Fixed image rendering issue for dashboards with auto refresh, casued by missing reloadOnSearch flag on route, fixes #15631 * use props.replaceVariables rather than templateSrv * Updated to add PR author, skip PR issue references * Added first iteration/poc of changelog task * Enable @grafana/ui version bump based on package.json contents * Fixed styling of gicon's in dropdown menus * cleanup plugin versions * use explore icon * fix comments * typescript functions on replace * remove console.log * add ScopedVars to replace function * Make datasource variables multiselect and dashboard repeatable * set height * add test file (ignored) * fix variable name * use typescrit in angular table * use react-table * add a basic alpha react table * Ensure clean master only when publishing package to npm * Remove log * Ensuring master branch when performing release * upgrade xorm packages to latest versions * Expose onQueryChange to angular plugins * docker: update prometheus2 block to version 2.7.2 * use replaceVariables * Add a keybinding that toggles all legends in a dashboard * fix allow anonymous initial bind for ldap search * changelog: adds note for #8253 * prettier * Aftermerge fixes * use default min interval of 1m for sql datasources * changelog: adds note about closing #15608 * Fixed scrollbar not visible due to content being added a bit after mount, fixes #15711 * Added comment to Docker file * moving * style: add gicon-shield to sidemenu class Closes #15591 * remove `UseBool` since we use `AllCols` * fix: Move chunk splitting from prod to common so we get the same files in dev as prod * fix: update datasource in componentDidUpdate Closes #15751 * changelog: add notes about closing #15739 * Moved Server Admin and children to separate menu item on Side Menu (#15592) * update version to 6.1.0-pre * Viewers with viewers_can_edit should be able to access /explore (#15787) * Fixed scrolling issue that caused scroll to be locked to the bottom of a long dashboard, fixes #15712 * reordered import * Wrapperd playlist controls in clickoutsidewrapper * Turn off verbose output from tar extraction when building docker files, fixes #15528 * Hide time info switch when no time options are specified * Made sure that DataSourceOption displays value and fires onChange/onBlur events (#15757) * Updated react select fork to 2.4.1 * utils: show string errors. Fixes #15782 * Update frontend.md * Update frontend.md * Minor refactor of cli tasks (core start, gui publishing) * Fixed url of back button in datasource edit page, when root_url configured (#15759) * use onOptionsChange * use replaceVariables rather than onInterpolate * use updateOptions rather than onChange * changelog: add notes about closing #15650 * changelog: add notes about closing #15765 * fix: Kiosk mode should have &kiosk appended to the url #15765 * changelog: add notes about closing #15077 * org admins should only be able to access org admin pages * only editor/admin should have access to alert list/notifications pages * Added MaximumUsedTransactionIDs metric to list of AWS RDS metrics. * fix: When in tv-mode, autofitpanel should not take space from the navbar #15650 * devenv: fixes incorrect influxdb config. * Fixes #15739 * Don't mutate seriesList parameter in mergeSeriesByTime (#15619) * new stable docs version * Fix: #14706 Incorrect index pattern padding in alerting queries * fix * changelog: adds note about closing #14239 * fix: prevent datasource json data stored as nil (#15508) * changelog: adds note about closing #10506 * changelog: adds note about closing #15651 * Return 404 on user not found (#15606) * Catch bad regex exception at controller level * Prettier fix * Add PiechartOptionsBox * docs: missing field added to example * 11780: invalid reg value can cause unexpected behaviour * Fixed right side scrollbar margin on dashboard page * fix: Return url when query dashboards by tag * Fix prettier * Initial rendering * Add PiechartType enum * Install d3 * Remove extra props * Removed commented code * Fixed alias in Cloudwatch Expressions * Explore: Enable click on name label * Bumping grafana ui version (#15669) * Style and grammar fixes * big text option * Need this to be available for plugins * service: fix for disabled internal metrics. * docs: 6.0 whats new * Toggle stack should trigger a render, not a refresh * Updated latest.json with 6.0 * docs: grafana 6.0 has been released. * moves social package to /login * moves tracing packge into /infra * changelog: adds notes for #14509 and #15179 * graph: fixes click after scroll in series override menu * moves metric package to /infra * Explore: Make sure line graphs get different colors * stackdriver: change reducer mapping for distribution metrics * stackdriver: fix for float64 bounds for distribution metrics * update * style tweaks * Refactoring orientation stuff * Refactoring bar gauge * Refactoring bar gauge * Added missing file * refactoring repeater and code in gauge and bar gauge to reuse more code * docs: link to azure monitor from what's new in v6.0 * Fixed value dropdown not updating when it's current value updates, fixes #15566 * docs: tweaks to AzureMonitor docs * Added feature toggle to defaults.ini and sample.ini after PR comments * Moved variable to config struct after PR comments * Added feature toggle editors_can_own * updates all cols except created so user and password of the database can be chaned to no user and password * Fixed bug with getting teams for user * Improve Loki logs render with ANSI colors (#15558) * grafana/ui 6.0.0-alpha.0 release version bump * removed color in color variables names * changelog: add notes about closing #15303 * changelog: add notes about closing #1441 * update changelog * grafana/ui 1.0.0-alpha.0 release * Update grafana/ui readme * docs: landing page update * Bring back plugins page styles * docs: layout fixes * prettier fix * Make published package public by default * docs: fix link * docs: fix order of datasources in menu/index and update alert support * Fixed prettier issue in color picker * Update docs to match current npm scripts * Added keywords and description go grafana/ui package * Fixed failing tests because of circular dependency * Fix version and name in grafana/ui package.json * Imports updates * Implemented scripts for building and releasing grafana/ui * changed some more color variables to use variables * fixed tests * panel: defensive coding that fixes #15563 * Minor fix/polish to gauge panel and threshold editor * copying options between visualizations * fixed issue in dark sass template * Updated body & page variables to use variables from code theme * updated building from source docs * fixed snapshots failing in master * Synced variable template files * fix: mysql query using __interval_ms variable throws error * Fixed scrollbar issue introduced in theme changes * Fix build * minor touch ups * Fix heading levels in generic-oauth.md * updated colors in light, dark and theme files, in template file basic colors uses variables from dark/light files, also changed to -basic in some files * ValueOptions -> PiechartValueEditor * Make it build * fixes * added orientation option * export PiechartDataPoint from @grafana/ui * change valueOptions * get label and color from series * prettier fix * PieChartDataPoint -> PiechartDataPoint * Rename PieChartPanelEditor to PiechartPanelEditor * docs: adds Azure Monitor docs * Fix blue in dark theme * Readme update * Minor fixes * Review fixes * Fixes after merging #15468 * Pass dashboardModel to PanelCtrl class. Fixes #15541 * Add piechart to builtInPlugins * logo: svg -> png * Remove old overwritten sass vars * first draft of repeater component * docs: howto for recreating our debian repositories. * fix: Filter out values not supported by Explore yet #15281 * Bump Prettier version (#15532) * updated theme variables to master * updated theme template files variables to master * add new issue templates * Fixes #15506 * chore: graph2 panel plugin should use the new ReactPanelPlugin from @grafana/ui * fix: Have the tab param removed from the url when leaving edit mode #15485 * reduce loglevel to debug * Fixes #15505 * fix native annotation filtered by template variable with pipe * Fixed navbar backbutton padding * Updated explore icon and style tweaks Lowered icon size and improved paddings, tried to align placement between dashboard and explore * Display graphite function name editor in a tooltip * Fixing array direction, adding simple render test, fixes #15478 Fixed unit test and updated gauge Added migration for threshold order * changelog: adds note for #15500 * fixed page-header-bg * cli: chmod 755 for backend plugin binaries * reversed most of grays in dark theme * Fixes #15477 * Changed how react panels store their options (#15468) * Remove maxDataPoints and interval props from props to remember in panel model * Fix typo in view mode cykle button * Variables regenerated * Make clear that variable scss files are generated from templates * Fixed spelling issue in templating docs * Removed primary class from Add Query button, and changed name of Panel Options tab o General Options * improved formatting of variable docs * Datasource docs for Loki * Replace require with import in start task * Added enable_gzip documentation (#15322) * Add Lux to units * Fixed issue with PanelHeader and grid-drag-handle class still being applied in fullscreen, fixes #15480 * Began work on handling panel type switching and keep setting * Fixed unit tests * Fixed gauge issue that will require migration later and also value options editor did not handle null decimals or 0 decimals * Added missing Gauge props * Bar gauge icon updated * Added bar gauge icon * Began work on adding options * Added basic tests * bar-gauge storybsck * Began experimenting with a bar gauge * Also remove nested options prop that was there due to bug * Moved gauge value options into a sub oject and made editor more generic, will be moved out of gauge pane later and shared between singlestat, gauge, bargauge, honecomb * Added a ReactPanelPlugin as the interface that react panels export, this way react panels have clearer api, and gives us hooks to handle migrations and a way for panel to handle panel changes in the future * Changed how react panels store their options * Fixed prettier issue (#15471) * Initial commit * Added bar gauge icon * Began work on adding options * Added basic tests * run db tests in all packages * bar-gauge storybsck * new dark-3 became new dark-2, created new lighter dark-3, changed panel-bg, empty-cta etc to dark-2 * Began experimenting with a bar gauge * docs: suggested changes * docs: fix header * fixed handling of alert urls with true flags, fixes #15454 * Fixed dashboard navbar buttons being visible in fullscreen, fixes #15450 * Added missing strict type checking options to grafana/ui and fixed type errors * Extracted common code for diff calculation * fix spelling error * whats new: rename security section * Fix percent_diff calculation when points are nulls * Restored loading spinner to DataPanel * rearrange bullet points in PR template * added another error message scenario * link to contributing guidelines in pr template * Fixes to error handling and clearing, also publishing of legacy events so old query editors work with react panels fully * contributing: adds link to help wanted label * contributing: adds link to our CLA * removes testing instruction from contributing doc * docs: move alerting above session * docs: mention samesite setting * increased blue in dark-1-5, dark-3 and dark-4 * docs: adds note about new login cookie name * changed color for blue light in light theme + small changes in naming etc * Add missing nodemon dependency * make bug/feature titles more verbose * mentioned closes/fixes for new features * docs: improve removal of session storage for what's new in v6.0 * docs: add upgrade notes for v6.0 * docs: add note regarding auth proxy and user session requirement * docs: fix typo * removed more unused variables, restyled scrollbar * allow 90 percent of alertTimeout for rendering to complete vs 50 percent * Fixed issue with sass variables used from typescript, the prettier lowercases export variables * using error callback from datapanel instead * docs: add availability note regarding non-compliant providers * Fixed sass vars template files * Added deprecation warning to npm watch script - use start script instead * added new dark variable to dark theme(the color used for page-bg), changed some backgroud colors that doesn't use variables to use variables, made some slight tweaks to dark variables, fixed so item hover is the same as card hover * Simple CLI for running grafana in dev env * Added common theme variabless generation, created GrafanaThemeCommons interface * contributing: improve guide for bug fixes * Changed devenv default data source to testdata * added support for influxdb non_negative_difference function in tsdb * added support for influxdb non_negative_difference function in tsdb for alerting * Remove precommit from npm scrips * More files that has fixed with prettier * Added prettierignore and check script * devenv: use grafana:dev image in ha test per default * devenv: send nginx logs to loki in ha test * devenv: proper fluentd conf for grafana and loki * devenv: use grafana/fluent-plugin-loki * devenv: trying to make fluentd with inoffical fluent-plugin-loki work * fixed issue with updatePopperPosition * Prettier had not been running as a precommit hook for some time so had to run in on all files again * removed _plugins.scss and _settings_permissions.scc, removed unused classes in _login.scss, reduced dark variabels in light theme and alignied light theme a bit with dark theme, turned blue-gray, dark-3 and panel-bg variables into one variable and removed gray-7 in dark theme * feat: Add EmptySearchResult ui component and use it in VizTypePicker * Revert "feat: Add css-support for invalid form input elements" * Revert "feat: Highlight vizpicker input when there are no panels matching the search query" * Regenerating variabless sas on theme edit v1 * Fixed a minor plugin json lingering issue * Removed some icons in action button Trying to align some title case issues * implement show error in panelcorner * Forgot about the snapshots * Renamed to FilterInput and added label and search icon * feat: Highlight vizpicker input when there are no panels matching the search query * Updated a few plugin json files with dataFormats * feat: Add css-support for invalid form input elements * remove comments * bubble error from datapanel to panelchrome * Changed noQueries to a dataFormats array that will allow a panel to define supported formats and prefered (first in array) * use authtoken for session quota restrictions * Fixed issues with double page body and husky pre-commit hook * fix: No need to have edit permissions to be able to "Save as" a dashboard * Revert "chore: wip: Replace brace with ace-builds to get latest version of ace" * chore: wip: Replace brace with ace-builds to get latest version of ace * fix: Error tooltip should have white text on red background. Not red text on red background * Move explore selectors to a separate file * removes unused session code * chore: Rename renderPanel to renderPanelBody * chore: Rename renderDataPanel to renderPanel * chore: Rename renderHelper > renderDataPanel and move logic to smaller functions * chore: PR feedback, shorten bsclean check * chore: Rename isDataPanel to noQueries * chore: Only show Queries tab for panel plugins with isDataPanel set to true * feat: Only use the DataPanel component when panel plugin has isDataPanel set to true in plugin.json. And fix PanelData when using snapshots * feat: Add util to convert snapshotData to PanelData * feat: Introduce IsDataPanel attribute to plugin.json * fix: Add missing typing * Fixes #15372 with number input and parseFloat * Revert "hard move" * chore: PR feedback, shorten bsclean check * chore: Rename isDataPanel to noQueries * Merge with master * Found another input that was tied to a regexp * Fixes bug #12972 with a new type of input that escapes and unescapes special regexp characters * enable testing provsioned datasources * Fixed elastic5 docker compose block * Added one more test case for color resolving helper * Fix error caused by named colors that are not part of named colors palette * Fixed issue with gauge requests being cancelled * Update package.json * changelog: adds note for #15363 * Move deduplication calculation from Logs component to redux selector * style tweak to alert * Removed plus icons * hard move * restoring green CTA * Removed double page container * chore: Only show Queries tab for panel plugins with isDataPanel set to true * Removing default thresholds values. * adds edition to build_info metric * Updated lint-staged * changelog: adds note for #14623 * Fixed double page class on api keys and org details page * Color tweaks * azuremonitor: don't use make for maps and array * changed back to old green in light theme * changelog: add notes about closing #15258 * changelog: add notes about closing #15223 * changelog: add notes about closing #15222 * changelog: add notes about closing #15122 * changelog: add notes about closing #15219 * changelog: add notes about closing #14432 * update changelog * changelog: adds note for #15131 * changelog: add notes about closing #15284 * Fixed issue with light theme introduced by #15333 * devenv test dashboard * minor style update * revert ds_proxy timeout and implement dataproxy timeout correctly * changelog: adds note about closing #15295 * azuremonitor: fix auto interval calculation on backend * Minor style fixes * Remove not related code * make sure opentsdb takes dashboard timezone into consideration * make sure influx takes dashboard timezone into consideration * Do not read store state from toggle panelaction creator * make sure graphite takes dashboard timezone into consideration * Review changes * return series label if selected stat is name * Fix plugin loading failure message not being displayed * fixes invalid folder check * extract notifiers folder creation to new if statement * interval: make the FormatDuration function public * Fixed missing time axis on graph due to width not being passed * make sure notifiers dir exists for provisioning in docker * should be able to navigate to folder with only uid * renames usage state name for auth token * Clear visualization picker search on picker close * Update README.md * changelog: adds note about closing #15288 * v1 * removed extra semi-colon * Commented out the Loki dashboard query editor * added old green to dark-theme * Fixed issue with logs graph not showing level names * set secondary to new blue * removed unused directive * Fixed issue where double clicking on back button closes sidemenu * changelog: add notes about closing #8570 * update changelog * changelog: add notes about closing #14233 * changelog: add notes about closing #15189 * changelog: add notes about closing #13324 * azuremonitor: small refactoring * azuremonitor: handles timegrain set to auto on backend * Navbar back button, no title edit this time * provide time range to angular query controllers * azuremonitor: add test for dimension filter * azuremonitor: refactor azure monitor api code into own file * azuremonitor: handle multi-dimensions on backend * use timeSrv in metricFindQuery as timeRange * remove unnecessary spy * azuremonitor: add support for aggregations on backend * Fix formatting * Add aws ec2 api metrics for cloudwatch * Improve usability showing disabled lines in forms * Fixed issues with plus button in threshold and panel option header, and current state in viz picker, fixes #15329 * support three letter hex color strings * azuremonitor: simple alerting for Azure Monitor API * use unique datasource id when registering mysql tls config * azuremonitor: builds a query and sends it to Azure on the backend * mark packages as Apache license * Minor refactoring around theme access * Use TS instead of JS to store theme variables at next * Do not use js theme variables in sass (poor dev experience for now) * Update config mock in metrics panel controller test * ldap: refactoring. * ldap: fixes #14432. Fix for IPA v4.6.4 * ldap: adds docker block for freeipa * feat: Only use the DataPanel component when panel plugin has isDataPanel set to true in plugin.json. And fix PanelData when using snapshots * feat: Add util to convert snapshotData to PanelData * feat: Introduce IsDataPanel attribute to plugin.json * fix: Add missing typing * slight tweaks * fixed explore width-0 issue, fixes #15304 * Persis deduplication strategy in url * Support ANSI colors codes in Loki logs * adds usage stats for sessions * Panel edit navbar poc * make sure to create provisioning/notifiers directory for deb and rpm packages * log root cause error when reading from provisioning directories * moves usage stats sender to new package * changelog: add notes about closing #15291 * Removed unnecessary code from ColorPicker and extended theme type * Selecting theme variable variant helper function * added reducers tests * update docs * added way to test action called from react component * Added annother initDashboard test * removes cleanup setting from docs * make hourly cleanup the default behavior * fix single gauge * removed direction and series mode options, cleaned up the code somewhat * Simplified condition * support json format templating * support /api/v1/labels * devenv: update ha test and load test * run token cleanup job when grafana starts, then each hour * Added another error object message detection * Fixed some remaining issues * Improved dashboard page test * Improved dashboard page test * Big refactoring for dashboard init redux actions * Fix SemVersion.isGtOrEq * making changes suggested in review and improving typings * fix * show timeseries label under gauge * Minor cleanup * Added test for SASS variable retrieval function from JS definition * Updated stories to use new theming * move authtoken package into auth package * vertical and horizontal, removed mode option * move UserToken and UserTokenService to models package * Add failing test * Rename version_test to version.test * change UserToken from interface to struct * replaced some hex values with variables * some changes i forgot to save in first push in variables.dark * removed trailing whitespace * removed unused theme variables, removed empty sections, aligned the order of sections in the files * combine mode with avg value * Fix issue with graph legend color picker disapearing on color selection * changelog: add notes about closing #12546 * Added a basic test for initDashboard thunk * docs: update annotaions http api * azuremonitor: improve autocomplete UX * Added DashboardPage tests that tests view mode transition logic * azuremonitor: fix autocomplete menu height * Revert "chore: Replace sizeMe with AutoSizer in DashboardGrid" * Revert "chore: Remove react-sizeme" * fix spelling * wip: tests * middleware fix * enhanced expiration logic for lookup token * changelog: add notes about closing #15265 * Address review comments * auth token clean up job now runs on schedule and deletes all expired tokens * changes needed for api/middleware due to configuration settings * change configuration settings in auth package * document login, short-lived tokens and secure cookie configurations * refactor login/auth token configuration settings * remove unused code * Added ServerlessDatabaseCapacity metric to list of AWS RDS metrics. * changelog: add notes about closing #8207 * Minor code simplification * Delete template.html * cloudwatch: Add tests for resource_arn template query * cloudwatch: Add resource_arns template query function Implements feature request #8207 * update to aws-sdk-go v1.16.15 * Updated add panel related flows * Update types and themes usage in components * Implemented theme context and renamed/moved theme related types * refactor panel * changelog: adds note for #15182 * Breaking init dashboard up in to fetch & init * stackdriver: fixes #15182 * Closing timepicker when clicking outside the picker * Optimized so we only do checks when dropdown is opened * stackdriver: add some more typings * Fixed so that we close angular TimePicker when user clicks outside the dropdown * Moved remove panel logic to dashboard srv * first working draft * Removed unused controllers and services * Improved error handling * fix: Update snapshot * chore: Explore: Remove inner AutoSizer, spread the size-object to width/height, change height type to number * chore: Remove react-sizeme * fix: Calculation issue with AutoSizer in explore * chore: Replace withSize with AutoSizer in explore/Graph.tsx * chore: Replace sizeMe with AutoSizer in DashboardGrid * Prevent viewers from going into edit mode * Expand rows for panels in collapsed rows * Basic loading state for slow dashboards * Fixes #15223 by handling onPaste event because of bug in Slate * Fixed add panel should scroll to top * minor layout change, simple render test * azuremonitor: improve autocomplete experence * docs: fixes #14940 * Added custom scrollbar and remember scroll pos to jump back to same scroll pos when going back to dashboard from edit mode * created new color variables, changed primary to blue, changed success-btns to primary-btns. * azuremonitor: more autocomplete suggestions for built-in functions * Updated playlist test * added missing typing to explore props * added comment to initDashboard * improve the stackdriver logo * Fixed so onBlur event trigger an QueryChange and QueryExecute if values differ * Renamed initialQueries to queries * Added PATCH verb end point for annotation op * move auth token middleware/hooks to middleware package * auth package refactoring * render after leaving fullscreen * added flags to vizpicker from query param * Added playlist controls to new react DashNav * Fixed lots of loading flow issues and updated solo route page * Set page title on dashboard load * now /api/login/ping returns Response * Added handling of kiosk mode * WIP Enable js defined theme to be used in SASS * fix: Explore: Query wrapping on long queries #15222 * azuremonitor: fix where suggestions * prepping go to visualization * azuremonitor: use kusto editor for App Insights * basic layout * fixed unit test * Made dashboard view state srv panel view state obsolete * fix: Set ace editor min height to avoid problem with scrollbar overlapping ace content #15122 * Missed to save * fix: Data source picker in panel queries options should overlap content below, including ace scrollbar #15122 * Fixed handling of orgId * Fixed template variable value changed handling * Fixed bug with removing a QueryRow thats not part of nextQueries * Now handles all dashbord routes * Replaced intialQueris with queryKeys * fix util for splitting host and port * azuremonitor: where clause autocomplete * azuremonitor: don't go back to dashboard if escape pressed in the editor * azuremonitor: suggest tables initially * azuremonitor: add more builtin functions and operators * Reverted redux-logger * Added more typings * added submenu, made sure submenu visibility is always up to date * changelog: add notes about closing #14231 * Removed modifiedQueries from state * fixing logging action * devenv: switching back using loki master plus various fixes * Fix save provisioned dashboard modal * Merge with master * Refactor of action, actionTypes and reducer * More types and some refactoring * Alignment of interfaces and components * Removed the on every key change event * Add AWS/Neptune to metricsMap and dimensionsMap * added time picker * refactorings and cleanup * mssql: pass timerange for template variable queries * improving dash nav react comp * fixed panel removal * Added more buttons in dashboard nav * wip: progress * Url state -> dashboard model state sync starting to work * Dashboard settings starting to work * wip: dashboard in react starting to work * wip: minor progress * wip: dashboard react * base64 encode encrypted oauth token fields * Add string quote func * Remove option used to control within browser * Remove length from text columns * Add oauth pass-thru option for datasources * did not add file, removing centerered * Legend toggle should only trigger a re-render, not a refresh * first stuff * updated snapshot * Adding pointer to colorpicker * Minor post review changes * More style tweaks to panel option group add button * Made some style tweaks * setting margin on label * Make runQueries action independent from datasource loading * fixing test * add button in header * minor fix * Made really good progress on loki support in dashboards * Temporarily run queries independently from UI state of explore panels * Remove extra newline * Clearify the Run from master instructions * Use slate-plugins from app/features/explore * Remove newline && runner plugins * Move prism to app/features/explore * Restoring explore panels state from URL * Remove version.ts * introduce samesite setting for login cookie * sending paneldata to component, gauge can handle table data * always delete session cookie even if db delete fails * New solo panel route working in all scenarios I can test * Removed unused factory and fixed index based mapper lookup * Fixed dashboard row title not updating when variable changed, fixes #15133 * Removed comment from panel editor * signout user if /api/login/ping returns 401 unauthorized * must return json response from /api/login/ping * adds more tests signing out session * changes some info logging to debug * wip * tailing grafana logs and temporaily using an older build * add missing ngInject annotation * renames signout function * delete auth token on signout * typing data * changelog: adds note about closing #10780 * Do not render time region line or fill if colors not provided * Fixed row options html template location, fixes #15157 * creating table data type * wip: New react container route for solo panels that supports both angular and react panels * build: enterprise release co project. * Fixed another type of fluent reducerFactory * Moved dashboard state components to state folder * Moved time_srv to services folder, this should not belong to dashboard feature but it is too dependant on dashboard to move it out now, needs a bigger refactoring to isolate from dashboard * Moved a few things around * Removed then clauses, no need to test the test within the test * Updated what's new article * Added reducerTester, reducer tests and tests * Removed ActionTypes and fixed a noPayloadActionCreatorFactory * Replace usages of kbn.valueFormats with ui/getValueFormat * Refactored Datasources as POC * Fix anchor * Added download links to docs * Updated docs * Updated version again * Updated version and made some changes to changelog and what's new article * docs: Added version notice for time range variables * Added loki video * spell fixes * chore: Add typings for react-grid-layout and react-virtualized * fix: Don't open panel menu when dragging (react-)panel in dashboard #14946 * chore: Add missing typings in PanelResizer * chore: Fix typings and remove bindings for arrow functions in DashboardGrid * Updated explore section again * Updated explore section * fixe merge issue * updated what's new article * adjusting types to match * Add storybsck script to run it from root dir * Minor change to Action interfaces * Simplified inteface for reducerFactory * Fixed a small bug and added case sensitivity * docs: whats new tweaks * Added reducerFactory and tests * Minor updates to text and image placements * docs: add video link to what's new * whats new: note about session storage * first implementation * Added actionCreatorFactory and tests * whats new: provisioning for alert notifiers * Rename SetInitialQueries action to QueriesImported * Add missing code * changelog: adds note for #15129 * docs: update to what's new * docs: wip - what's new for 6.0 * Minor style fix to button group * Fixed failing unit test * Added basic docs * Minor refactoring and adding some typing * changelog: add notes about closing #14709 * fixed sqlite issue introduced by #14709 * Change primaryAggregation to crossSeriesReducer in Stackdriver * update changelog * changelog: add notes about closing #12764 * fix: Remove legacy title-prop and update document.title when navModel is changed #15108 * Explore: query field should not propagate non-text change * Wait for queries to be imported before proceeding with datasource change * removing alpha * Remove commented code * Tweaked panel option group styles * Import queries before datasource is changed * fixed prettier on switch component * adding from and to built in variables * azuremonitor: adds macros to slate intellisense * Fixed issue with explore changeTime redux action not being hooked up, fixes #15115 * Fixed explore query editor styling issues * azuremonitor: remove wrong completions * azuremonitor: autocomplete on enter * Progress on tooltip style update * azuremonitor: fix tests * devenv: loki provisioned datasource * azuremonitor: revert "memory for webpack build" * Azure Monitor: replace monaco by slate with initial Kusto syntax * docker: block for loki * Make language provider cancelable in Loki and Prometheus QueryField, to avoid setting state on unmounted component * Add util for handling promise cancelation to avoid setting state on unmounted components * stackdriver: remove beta notice from config page * increasing font size on longer strings * magic number solution * Propagate event to onChange prop in Switch component * two minor bug fixes introduced in recent refactorings * Minor progress on react query editor support, solving updating query persisted state * did some styling changes * Updated Explore query styles to align them to other query editor to make them fit in better * chore: Fix typings and add Page-component to FolderPermissions #14762 * chore: Fix typings and add Page-component to ServerStats #14762 * chore: Fix typings and add Page-component to AlertRuleList #14762 * chore: Fix typings and add Page-component to DataSourceDashboards #14762 * fix: Add plugins to StoreState interface * chore: Fix typings and add Page-component to NewDataSourcePage #14762 * chore: Fix typings and add Page-component to DataSourceSettingsPage #14762 * chore: Fix typings and add Page-component to FolderSettingsPage #14762 * test: Updated snapshot * chore: Fix typings and add Page-component to TeamPages #14762 * fix: Add pageName default to avoid "Loading undefined..." * changelog: adds note about closing #10487 * pkg/util/{filepath.go,shortid_generator.go}: Fix golint issues * pkg/util/{ip.go,url.go}: Fix some golint issues * pkg/util/*: Add missing function comments. * docs: updates docs to refer to using uid * azuremonitor: increase memory for webpack build * gofmt issue * moves test files into testdata folder * renames alert_notifications -> notifiers * changelog: add notes about closing #14711 * update inline documentation * extract parsing of datasource tls config to method * extract tls auth settings directive from datasource http settings directive * changelog: add notes about closing #13711 * changelog: add notes about closing #5699 * Fix for annotations not clearing when switching dashboards, fixes #15063 * Import fix * build: ignore latest * Spelling/grammar fixes in top level markdown files * build: publishes armv6 to grafana.com. * Removed the initial data source as I could not see it being used anywhere * Initialize named colors palete lazily * Fix thresholds default colors not being applied * removes unnessecary db request * Making sure we do not pass a long invalid queries and save to state * single import for types from @grafana/ui * tab/spaces formatting * Revert "Updated home dashboard, removed home dashboard header" * Fixed wrong line in test * Made sure we only resetTypeahead if mounted * Delayed explore query loading indicator and implemented minor ux improvements to it * fixing test * support both uid and id for showing/removing notifiers * Revert "Use the same panel loading indicator in explore as on dashboard's panel" * Firing off an action instead of listening to location changes * Handle undefined graph and table results * enable explore by default * Use the same panel loading indicator in explore as on dashboard's panel * Prevents query result cleaning when new query trransaction starts * Changes after PR Comments * Made ExplorerToolbar connected and refactored away responsabilities from Explore * Removed some split complexity * Fixed some more styling * Fixed close split look and feel * Fixed position of Closesplit * Fixed small issue with TimePicker dropdown position * Simplified some styles and dom elements * Fixed some more with the sidemenu open and smaller screens * Fixed so heading looks good with closed sidemenu * Restructure of component and styling * Refactored out ExploreToolbar from Explore * updating state if no panel * updated the color palette * Fixed reinitialise of Explore * changelog: add notes about closing #13929 * changelog: add notes about closing #14558 * changelog: add notes about closing #14484 * changelog: add notes about closing #13765 * changelog: add notes about closing #11503 * changelog: add notes about closing #4075 * changelog: add notes about closing #14722 * update changelog * changelog: add notes about closing #10322 * changelog: add notes about closing #12991 * update changelog * Update datasource before the loading has started * Add cursor pointer to color swatches * Fixed import path * changelog: adds note about closing #14701 * upgrade golang to 1.11.5 * moves timeout tests to an integration test * Moving a few things from dashboard folder * Correct formatting of sqlstore_test.go * pkg/services/dashboards/dashboard_service.go: simplify return * Updated url query param encoding to exctly match angular encoding * Updated snapshot * Added missing props not being passed to scrollbar component, fixes #15058 * Parse database host correctly when using IPv6 * Document /api/health * some working solution, needs refactor * changelog: adds note for #15062 * Do not update color picker popover position on tab change * change default rotate_token_minutes to 10 minutes * Rename deprecation warning helper * Implemented tests for ColorPickerPopover and NamedColorsPalette * fix * load test/ha fixes * set low login cookie rotate time in ha mode * Fix light theme issues with named colors disabled * Stories cleanup * fix multiple piechart instances bug * scripts/build/*: Fix some golint issues * scripts/build/*: Fix golint issues Url => URL * build: fixes building grafana completely within docker. * dont specify domain for auth cookies * monaco-kusto: fix imports * use @alexanderzobnin/monaco-kusto package for kusto syntax highlight * New snapshot reflecting changes * Makes the clickable side menu header look great in light theme again * org id fix for load test * user auth token load tests using k6.io * add global datasource proxy timeout setting * moves cookie https setting to [security] * Azure Monitor: build monaco with webpack WIP * Use Switch to control y-axis in series color picker * Move Switch component to grafana-ui * improves readability of loginping handler * Bug Fix #14961 * minor styling changes to gaps, font-size and width * makes sure rotation is always higher than urgent rotation * use defer to make sure we always release session data * Enable custom picers on color color picker popovers (for y-axis support in legend picker) * feat: Use CustomScrollbar in explore #14752 * chore: Better comment * chore: Remove comment and unneeded export * fix: Enable -webkit-scrollbar related css when there's no overlay scrollbar #14807 * fixes broken test * Make series overrides color picker display correctly * removes unused/commented code * removes old cookie auth configuration * makes auth token rotation time configurable * Update story for NamedColorsPalette * Update imports of NamedColorsPalette * Restore missing styles * Fixed issue with color name retrieval not being aware of current theme * Fixed dashboard import issue after move * Moved add panel panel and renamed it to add panel widget * Fixed react key warning for loki start page * Moved row options to it's own component folder * Removed old query inspector (that was opened by clickin error in panel title) think the new query insector from Queries tab can replace this old one. * Moving files to better locations * Disable query should trigger refresh * added docs entry for check_for_updates config flag, fixes ##14940 * Loki query editor is starting to work, had to make changes to explore query field in order to update query from the outside without unmount between * store oauth login error messages in an encrypted cookie * Removed sass import of spectrum.scss * replaced palette colors with current palette adjusted for dark and light theme * Remove spectrum.js vendor dependency from grafana/ui * changed light-theme tool-tip to be a bit lighter, trying different paddings * Fix hide timeout for color picker * Rename colorsPalette util to namedColorsPalette * Make small swatches react to theme changes * redirect logged in users from /login to home * Explore: Fix scanning for logs * Update styles of selected named color swatch * restrict session usage to auth_proxy * Implement pointer component for spectrum palette sliders * minor updates * Make default color picker close on trigger mouse leave * Moved ad hoc filters and upload directive * Added deprecation warning to old color picker API props. Moved named color support handling to color popovers * changed color for label tooltips from blue/red-yellow gradient to black/white * Moved dashboard srv and snapshot ctrl * Moved share modal * Moved dashboard save modals to components folder * Moved unsaved changes service and modal * Removed unused alertingSrv * Moved view state srv to services * Moved timepicker to components * Moved submenu into components dir * Moved dashboard settings to components * Moved dashboard permissions into components dir * Moved history component, added start draft of frontend code style guide * fix: Use custom whitelist for XSS sanitizer to allow class and style attributes * Reduce padding in color picker popover * Began work on improving structure and organization of components under features/dashboard, #14062 * Fix a typo in changelog * Implemented new spectrum palette * Update ROADMAP.md * use resetfolder instead so it shows current folder * Updated home dashboard, removed home dashboard header * fixes nil ref in tests * add setting for how to long we should keep expired tokens * stores hashed state code in cookie * creates new config section for login settings * based on encodeURIComponent() using strict RFC 3986 sub-delims * fix: Dispatch the correct action (#14985) * passing middleware tests * Stories update for color picker * Make named colors optional in color picker, enable named colors in graph legend series picker * Storybsck - add actions addon * fixes:#14282 - Do not change folder for persisted dashboards * extract auth token interface and remove auth token from context * Fixed issues with the sanitizie input in text panels, added docs, renamed config option * build: removes arm32v6 docker image. * Updated version in package.json to 6.0.0-pre1 * build: armv6 docker image. * build: skips building rpm for armv6. * build: builds for armv6. * CustomScrollbar - expose underlying's react-custom-scrollbars API to allow scroll tracks config. * Explore: mini styling fix for angular query editors * Removed unused props & state in PromQueryField * chore: Remove logging and use the updated config param * chore: Reverse sanitize variable so it defaults to false * feat: wip: Sanitize user input on text panel * fix: Text panel should re-render when panel mode is changed #14922 * Minor rename of LogsProps and LogsState * Splitted up LogLabels into LogLabelStats and LogLabel * Make popover hide delay configurable to enable better UX * Stories - fix import * Enable new color picker in Gauge and Thresholds editor, use ThemeProvider instead of ContextSrv * Updated table tests to new behavior for colors (values are always rendered as hex/rgb) * Make named colors usable in angular code pt 1 * Story updates * Update grafana/ui exports * Refactor color picker to remove code duplicartion (introduced colorPickerFactory). Allow popver position update on content change * Fix lint * Updated stories * Rendering arrows for color picker, applying color changes to time series * Fix TS errors * Stories updates * Unified color picker API, allowed for color specified for theme selection, updated code to changes in PopperController API * Get rid of unused renderContent prop on PopperController * Enabled knobs for storybsck and implemented some stories * Lint fix * Render series color picker with correct theme * Added config provider to be able to access config easily from react components * Migrating color pickers to Popper from drop.js pt1 * Updates to Popper to be positions correctly within window * Move tooltip themes to Tooltip component making Popper/PopperController theme agnostic * WIP Basics of named color picker * Refactored out LogRow to a separate file * Removed strange edit * Added link to side menu header and fixed styling * Moved ValueMapping logic and tests to separate files * more auth token tests * Fixed data source selection in explore * Added refId to missing queries on panel model init * adds cleanup job for old session tokens * Fixed loading of default query editor * Changed null logic for range value mappings after PR comments * fix tests after renaming now * Added check for null value in ValueMappings and added tests * s/print/log * avoid calling now() multiple times * passing auth token tests * fixed trailing whitespace * handle expired tokens * fixed circleci script run path for gometalinter * Fixed circleci name for gometalinter exec step * moved script and added exit_if_fail * Moved gometalinter to a script instead of seperate commands in circleci file, removed megacheck and added staticcheck * set userToken on request when logging in * moves initWithToken to auth package * set cookie name from configuration * Added function hasAccessToExplore in ContextSrv and refactored tests * change rotate time * mixor fixes * dead code * fix ip address parsing of loopback address * removes commented code * moves rotation into auth since both happens before c.Next() * fix: Viewers can edit means that viewers have acces to Explore #14281 * Add loop counter for full refresh in playlist * decreased panel height in edit mode * toggle collapse when clicking on collapse state text * Query editor row style update & sass cleanup * Delete .all.ts at neomake_22624_74.ts * Further refinements of typings * more typings work around data query and data source * wip: progress on adding query types * wip: more typings * wip: typings * Revert "Specify expected encoding for access/secret key" * Moved add query button to the right * Updated removing notification channel by uid * Check that alert notification with id already exists in notification settings * change enabled to true * Fixed scrollbar issue where it jumped to the top * Added test case dashboard * fix: Hack for getting the same height in splitted view, view could use refactor IMHO #14853 * Minor refactoring and name changes * Fixed issue with explore angular query editor support introduced by recent angular query editor changes * Redid logic for fontcolor and thresholds in Gauge and added tests * Make sure we do not change -Infinity * Passed the theme to Gauge * Added tests for formatted value * Small refactor of Gauge and tests * Added typings and refactored valuemappings code * Moved Gauge to ui/components * Preparing move to ui/viz * Fixed getFontColor, added tests and fixed thresholds logic * Removed baseColor * add timeout test for alert handling. * remove maxage from session token * fix broken code * fix cannot set cookie when response is written * began work on react query editor props and integration * Added data source type to explore state * updated snapshot * renaming DataSource type to DataSourceSettings and moved to grafana ui * Fixed issue with team and user picker, fixes #14935 * Moved data source and data query types * Moved plugin types to @grafana/ui * log fix * inital code for rotate * wip: moved plugin exports * build: usage instruction for repo test. * build: comments * Minor fix scrollpos when duplicating * build: updates ci deploy. * build: fixes the path for gsutil and gcloud. * build: fixes permissions issue. * removed unused props from angular query component interface * Additional query editor row tweaks * Query editor row in react is working * shortening callback functions * Explore: Fix datasource selector being empty with single datasource * Scroll to top when visualization picker is opened * Made scrollbar have scrollTop and setScrollTop props so we can control scroll position * build: only build amd64 for enterprise. * azuremonitor: guard for when switching from monaco editor * azuremonitor: move files into grafana * Query editor row react progress, buttons working * build: test script for rpm repo. * chore: Replace the deprecated SFC with FC * chore: Wrap footer with React's memo hoc * chore: Reduce code duplication by letting the page component adding the header and taking care of the page title * mini stylefix to select component * cloudwatch.md - quick typo fix * removing Label and going with FormLabel * Use light theme in storybsck * Toggle edit mode works * login users based on token cookie * test: Update snapshots and mocks * build: deb repo update test usage instructions. * fix: Use Page component on "Api Keys" and "Preferences" under Configuration * build: uploads binaries before metadata in deb repo. * feat: Generate page titles from navModel * test: Updated snapshots * chore: Better way of getting the body node * chore: Reactify footer * fix: Add Pages component to Plugins and TeamList * fix: Configuration: Users should also use the Page component * feat: Possibility to change document title on pages using the Page component * fix: Add CustomScroller on DataSources page * fix: Proper types for linter * test: Snapshot update * fix: Fix import path after Scrollbar move to @grafana/ui * POC of page layout component * Added uid to AlertNotification json * Converted notification id to uid via fmt for old alert notification settings * Returned id for alert notifications which were created without uid * Formatted errors to err * Using func InitNotifier for verifying notification settings * Added uid for alert notifications * Renamed validation funcs for alert notification * Commented alert_notifications sample config * Instantiating notifiers from config before using * Added parameter org_name of alert notification to documentation * Added orgName parameter for alert_notifications * Added alert_notification configuration * redoing input props * another minor style change * More style tweaks to thresholds * fix: Manually trigger a change-event when autofill is used in webkit-browsers #12133 * move styling * renaming after pr feedback * minor style change * wip: testing new query editor row design * Removed snapshot * Refactored ValueMappings * Moved ValueMappings to grafana/ui/component and renamed it ValueMappingsEditor * Moved Label to grafana/ui/components * build: repo update testable and more robus. * Experimenting with generating doc for ui component * Move action properties to payload * Fixed small bug with entries outside the min max values * Fixed NaN issue when parsing * Remove BasicGaugeColor from state * Fixed so that we can not change base threshold * Fixed so added threshold colors are always unique * Fixed issue with changing value not changing index * Fixed styling for small screens * Reordered the input row * Fixed the circle * Fixed styling * Refactored logic in ThresholdEditor * File organization, action naming, comments * Fix reducer issues * Connect Explore child components to store * Update comments * Move types to types/explore * Save state in URL and fix tests * Allow multiple Explore items for split * WIP Explore redux migration * Fixed a bug with prefix and suffix not showing when using value mappings * fixing imports, minor fix on mapping row * test and minor fix on mapping row * updated snapshot * Added suffix interpolation * Scrollbar select fix * Remove duplicated import * Initial commit * changelog: adds note for #14795 * Move ColorPicker leftovers to @grafana/ui * inject login/logout hooks * begin user auth token implementation * utils * fix: It should be possible to scroll in the unit picker before selecting a value #14871 * fix go fmt * [Feature request] MySQL SSL CA in datasource connector https://github.com/grafana/grafana/issues/8570 * removes debug2 logging * removes error2 logger * WIP: good progress on react query editor support * Updates to latest checking. * 5.4.3 changelog * changelog: adds ntoe about closing #12864 * fix that alert context and result handle context do not use the same derived context. * docs: add a title to the Explore docs * stackdriver: converts some variables from any to types * FormGroup component and implements * Restored http settings directive that was hidden in an unused angular controller page * stackdriver: small fixes after reactifying * changelog * stackdriver: add help text for bucket alias * Prometheus: Fix annotation step calculation * stackdriver: fixes space before caret icon in query editor * Fixed Syntax for folder permission's JSON * avoid infinite loop in the dashboard provisioner * build: fixes release problems. * changelog: add notes about closing #5968 * wip: another wip commit * Moved panel editing components to it's own folder * removed old unused angular stuff, rename * wip: react query editors * Move panel width/height calculation to PanelChrome * Updated singlestat to use new value format function syntax and capitalized unit categories, fixes #12871 * build: build specific enterprise version when releasing. * Fixed Gauge being cropped when resizing panel * units: adds back velocity units. Fixes #14851 * Fix bug tls renegociation problem in Notification channel (webhook) #14800 * Fix Error 500 on unexisting /api/alert-notification/ * updated snapshot * Minor renames and other fixes * pushover: add support for attaching images (closes #10780) * panel option section moved to grafana-ui and new panel option grid component * Simplified folder structure in grafana-ui lib * Addedd assertions about raw time range when panel time overriden * Panel time override tests * add feedback to what interval is being used (calculated in the backend) * use typings for ds and template srv * value formats: another rename and updates code to use new valueFormats func * value formats: renamed folder * Reverted move of defaults for GaugePanelOptions * refactoring alias by * Move Select styles to grafana/ui * Moved defaultProps to ui/components * Moved the rest of Threshold dependencies to ui/components * Renamed Threshold files * Renamed Thresholds to ThresholdsEditor * Moved Thresholds and styles to grafana/ui/components * Removed default export for colors * Fixed typings * Small change in SeriesColorPickerPopoverProps * Moved colorpicker to ui/components * Fixing test and small refactor * Moving to grafana ui, fix issue with TestRuleResult * Fix panel time overrides not being applied fully * access scope directly from this. update tests * build: makes sure all builds use the latest container. * changelog: docker images for arm. * Renamed Select related components: Picker* to Select*, Option* to SelectOption* * build: removes curl install from build. * build: tags arm as well as amd64 as latest. * Docker image for ARM * Fixing TS and updating snapshot * make sure frequency cannot be zero * refactoring. fix broken test * Migrate Select components to @grafana/ui * provide angular directive scope props correctly * docker: enable flux in influxdb docker block * Moved Thresholds and styles to grafana/ui/components * Update README.md * 11503: escape measurement filter regex value * 4075: Interpolate tempvar on alias * rename * fixing unitpicker * removing tests * React graph panel options component rename * Minor refactor of Gauge panel * Revert "Docker image for ARM" * Revert "build: fixes docker push." * build: fixes docker push. * feat: Add brand as tooltip theme and use it on panel edit tabs #14271 * Docker image for ARM * fix broken test * chore: Remove ScrollBar component, superseded by CustomScrollbar * Update storybsck static files option to load statics correctly * unregister event listener correctly * Changes after PR comments * Removed unused refClassNameprops from Propper * Fixed a small bug when toggling items in toolbar * build: deploys enterprise to its own repo. * build: inline docs * build: publishes beta releases to separate repos. * refactoring * build: makes repo update enterprise compatible. * build: uses official deployment image. * build: adds aptly and createrepo to deploy tools. * build: handles unexpected cases. * build: only adds the correct packages to the repo. * build: rpm repo deploy. * build: repo update input error. * build: release of debs to our debian repo. * Added tests for TestRuleButton * Removed Test Rule button from Angular and view * Added TestRuleButton * Hint for user on when the repeat is applied * Removes unnecessary warnings from webpack output about missing exports * Use factors for max repeated panels per row * Fixing TS errors and updating snapshot * Move Portal to @grafana/ui * chore: Move sass code related to custom scrollbar into @grafana/ui #14759 * Post merge updates * chore: Move CustomScrollbar to @grafana/ui #14759 * changed light theme page background gradient * WIP * Max number of repeated panels per row * wip * Make tooltips persistent when hovered * docs: rpm/deb beta repo. * update snapshot * add form grow * fix: Clean up per PR feedback. Thanks @dprokop * removing duplicated things * minor code refactor * splitting into more files * Moved AlertTab and StateHistory to app/features/alerting * fix: When loki is default data source, datasource is passed as undefined to QueryOptions #14667 * remove redundant max-width. it's already declared in gf-form-select-box__menu-list * add typing for metric descriptor * Removed unused Popover component * Update components to fit updated PopperController API * make templateSrv a prop * Refactored withPoper HOC to PopperController using render prop * use correct event handler name convention. register directive on startup * fix: Remove the onRenderError prop and add an ErrorBoundary component * replace fragment with empty jsx tags * refactoring tests * ugly fix. will be removed later on * adds note for #13914 and #14581 * moved all units * fix: GraphPanel should be a PureComponent * fix more broken tests * feat: Display error when plot fail to render * wip: fix broken tests * adding more units and functions * Remove the jump effect on run query button * ugly temporary fix for scope issue. will be removed later on * refactoring * fix filter bug * fix: Light theme corner bg color update * set max width on the whole menu list instead * bind array instead of function * feat: Add "theme" to Tooltip * Notify user on query error * Revert "Revert "add max width to group header description"" * Revert "add max width to group header description" * remove not used property * fix broken tests * use correct type for select option * set issearchable default value to true * make variable type more slim * remove group name from select component. let the parent set group name instead * move component to components dir. also move directive registration out from datasource * add template variable type * rename template variables prop * rename selected prop * rename searchable prop * improve component performance * add max width to group header description * remove debug logging * rollback test state to before template variables were added * cleanup * move template variable logic to component * remove extra arrow div * fix condition that expands group if it has a selected child. also make it possible to pass expanded as a prop * align input widths * remove console log * rename directive * remove linebreak * remove old group heading * use new generic picker * remove on metric type change * fix remove filter bug * use same color for label as in explore dropdown * cleanup query filter * update failing tests * remove redundant default value * use new option group in aggregation directive * remove redundant default value * wip: add option group component * wip: add basic option header * Wrap react select component in angular directive * updated scrollbar snapshot * remove not used files * Fixed new gometalinter issues * fix JSON in responses for Admin API documentation * 14722 - removing unnecessary arn check that breaks assume role feature in other AWS partitions * Fixed issue with cut legend in firefox & mobile devices, fixes #14744 and #14489 * Some cleanup * EqualFold() * forgot go fmt * pull connection string args from url instead * Add mean on distribution as well * docs: updated debian and centos repo. * Fix stackdriver aggregation series merge * first stuff * Updated documentation for new macros * Minor refactoring of EditorTabBody * Fixed timepicker css issue introduced by PR #14700 and remove hotfix from 297241c * AlertTab style fixes * Updated alert tab layout & markup * Changed datasource list page default layout mode * Fixed timepicker css issue introduced by PR #14700 * Added macros to mysql * FIxed syntaxis mistake unixEpochNanoFrom and unixEpochNanoTo * Added previous macros to mssql * Added unixEpochNanoTo and unixEpochNanoFrom macros to postgresql * Renamed unixEpochFilterNano to unixEpochNanoFilter * cleanup * add aggregation tests * add tests * Fix issue with value disappearing when selecting stat * Fixing issue with value color being wrong * initial design for way to build value formats lazily and a backward compatability layer via Proxy * fix template variable bug * Don't cut off subsecond precision for postgres macros * Nanosecond timestamp support postgresql * remove not used file * Fixed new gotmetalinter warning * add support for defining additonal database connection string args via extra_connection_string_args * clear history * cleanup. remove comments, not used files etc * state history tab * fix broken tests * use correct type for select option * set issearchable default value to true * make variable type more slim * remove group name from select component. let the parent set group name instead * move component to components dir. also move directive registration out from datasource * add template variable type * rename template variables prop * rename selected prop * rename searchable prop * improve component performance * add max width to group header description * remove debug logging * rollback test state to before template variables were added * cleanup * move template variable logic to component * remove extra arrow div * fix condition that expands group if it has a selected child. also make it possible to pass expanded as a prop * align input widths * remove console log * rename directive * remove linebreak * remove old group heading * use new generic picker * remove on metric type change * fix remove filter bug * use same color for label as in explore dropdown * cleanup query filter * update failing tests * remove redundant default value * use new option group in aggregation directive * remove redundant default value * wip: add option group component * wip: add basic option header * Wrap react select component in angular directive * s/initialDatasourceId/initialDatasource/ * add alert in react instead of angular * Fixed issues with panel size in edit mode, fixes #14703 * hide protip if not defined * fix filter bug * add help text component * Tweak datetime picker layout for mobile * Explore: Remember last use datasource * Update yarn.lock * Logs data model: add more log levels * Review feedback * Explore: fix loading indicator z-index on panel container * Loki: change query row to be single field again * Explore: logging UI style fixes * Loki: query limit configurable in datasource * Removed rxjs compat * ldap: adds extra debug logging * reactify annotation query editor * adds orgId to user dto for provisioned dashboards * Update rxjs * closes the body properly on successful webhooks * makes cache mode configurable * Fix general tab typos * added node-sass as dev dependency, needed after I removed grunt-sass * Husky and sasslint fixes, fixes #14638 * Added a form component to @grafana/ui * created visualizations folder * Fixed JQuery typing issues * Typings issues * wip: moving react graph component to grafana/ui * Don't do a full frontend release build in test-frontend job, added typescheck (tsc noEmit) instead, fixes #14639 * Moved sass for component to @grafana/ui lib * Moving a couple of types to @grafana/ui * Testing moving out one type to grafana/ui * Increased margin between controls in logs panel, fixes #14637 * Fixed dashboard links not updating after variable or time range change, fixes #14493 * Fixed group button tooltip placement from auto to bottom, fixes #14634 * Removing erroneous backtick in docs * Updating docs for auth_proxy whitelist CIDR support * Add timestamp back to log entry type * Update public/app/plugins/datasource/loki/result_transformer.ts * Loki: fix timestamp field * Fixed panel height & scroll issue with flexbox in firefox, fixes #14620 * remove segment srv prop * use ds template srv reference * remove not used stuff * add event handler * add help component * Add support for InfluxDB's time zone clause (backend) * note to future me * delete works * grunt test task update * Add support for InfluxDB's time zone clause * @grafana/ui lib now contains one components, seperate lint & tsc steps * changelog: add notes about closing #14519 * Grafana ui lib is starting to work * typings and renamings * breaking up grafana into multiple packages poc * add project and help component * add alias by component * add alignment periods component * cleanup aggregation picker * move alignment population code to parent component. make alignment a stateless component instead. * flatten target obj * Grafana ui library poc * elasticsearch: support bucket script pipeline aggregations * Add units for blood sugar concentration ???? * on deselect when reducer is set to none * add alignment component * Fixes undefined issue with angular panels and editorTabs * changelog: adds note about closing #14562 * refactor aggregation picker * use render props pattern * Update field name * Add documentation * use template variable prop * cleanup * Rename the setting and add description * export init notifier func * render editor toolbar buttons * Increase recent and starred limit in search and home dashboard, closes #13950 * changelog: adds note about closing #14486 * Panel help view fixes * rewrite angular view * Add min/max height when resizing and replace debounce with throttle * changelog: adds note about closing #14546 * Adding tests for auth proxy CIDR support * fix only add column if not exists for mysql * changelog: adds note about closing #14109 * fix handling of indices with multiple columns (mysql) * fix only create/drop database indices if not exists/exists * fix signed in user for orgId=0 result should return active org id * Another take on resizing the panel, now using react-draggable * only update session in mysql database when required * Raise datasources number to 5000 * improve component performance * add max width to group header description * copy props to state to make it visible in the view * remove debug logging * rollback test state to before template variables were added * cleanup * move template variable logic to component * remove extra arrow div * refactor to not crash when no links * updating snaps * renaming component * panel help working * snapshots: Close response body after error check * fix condition that expands group if it has a selected child. also make it possible to pass expanded as a prop * align input widths * Update sample and default configs * Add OAuth provider flag to indicate if it's broken * Register BrokenAuthHeaderProviders if needed * Add units for Floating Point Operations per Second * remove console log * rename directive * remove linebreak * remove old group heading * use new generic picker * remove on metric type change * fix remove filter bug * use same color for label as in explore dropdown * cleanup query filter * update failing tests * remove redundant default value * use new option group in aggregation directive * remove redundant default value * wip: add option group component * wip: add basic option header * Wrap react select component in angular directive * Minor update * Make sure panel id is unique since some datasources (Graphite) will cancel ongoing requests with the same panel id * changelog: adds note about closing #14548 * Adding CIDR capability to auth_proxy whitelist * Minor cleanup now that angular panel edit is no longer * Gauge option form markup fixes * toolbaritems viztab * filter out table responses that don't have columns and rows * enable goto explore from query panel editor for all datasources * started with component for generic panel help * moves migrations to /sqlstore/migrations * adds integration tests to ci build * renames main lock function * clean up integration tests * change from db_text to nvarchar * adds server lock package * initial verison of server lock * Minor react graph panel refactorings and fixes * sorting tests for change value * Fixes issues with user and team picker * fixing coloring * upgrade to golang 1.11.4 * remove printed index * updating test * adding threshold * Refactoring react graph * updated dropdown typeahead to place down instead of up, works better when inside scrollable area * minor style tweak * propagate initial state back to explore query runner * Update gitlab.md * Update github.md * minor style fixes * Updated snapshot * Switched to react-select fork * ldap: upgrades go-ldap to v3 * table: fixes #14484. Renders epoch string if date column style * changelog: adds note for #14483 * Fix for no metrics panels, now goes to viz tab and does not show queries tab * minor style fix * minor change to table panel edit options * minor tweaks to text panel * Fixes and cleanup * Show predefined time ranges as first in timepicker on small screens * code cleanup in add panel, and switched off grid css transforms to fix z-index issuse * minor tweaks to alert tab * fixed name of alert tab * removed unnessary test * updated add panel a bit * minor style fix * updated snapshot * fixes to unit picker * updates on thresholds component * remove check on axis.used in flot #13765 * Added custom scrollbar to select component * removed a test that isn't neccessery any more * replaced content in addpanelpanel with three buttons that can create new panel, paste copied panel, and add a new row, to paste panel one must copy one first, code is still quite rough * fixed cloudwatch issue * select refactor fixes * gauge working without thresholds * changin colors * explore using data source picker * fixing issue with copy invite link * getting closer with no thresholds * renamed folder to select * User picker using common select componnet * wip: unifying select components * fixing input unit test failure * fixed issue with switching panels * refactored panel-option-section into react component * removed console log * updated styles * starting with threshold refactor * wip: convert angular directives to react components * wip: style change progress * Update latest.json * wip: styles are starting to come together * wip: styles * wip: testing new styles * wip: style changes * fixed ordering changing panel types, fixes issues with loading panel options * moving min/max to gauge options * log error when resolvePath * wip: minor style changes * wip: changes * break out metric picker and filter * migration: renames logging ds to loki ds in data_source table * loki: updates the logo * fixing tests * mixing color when * wip * wip * remove on metric type change * things are working * fix remove filter bug * use same color for label as in explore dropdown * cleanup query filter * changelog: add notes about closing #8843 #11175 * fixed unit tests * update failing tests * remove redundant default value * wip * wip * redone state * display value map or range map * add oauth_auto_login setting to defaults file * use new option group in aggregation directive * wip * remove redundant default value * Adding mixed query * Check with lowercase * wip metrics tab changes * changelog: adds note about closing #13754 * wip: making things work again * React-select refactorings * wip: add option group component * wip: add basic option header * wip: react select css refactoring * docs: fix broken link on explore page * wip * changing type and started on Gauge * fix threshold test * Adding label * styling on dropdowns * Using drop down instead * Filter tags select box on text input #14437 * fixed id bug * Using an id to identify mappings * Change KeyboardNavigation from hoc to render prop component * Clean up hoc and extend component props automatically * Let VizTypePicker use the keyboard navigation hoc * Moved more metrics tab to react * Wrap react select component in angular directive * Don't show heading for first tab * snapshots: Add support for deleting external snapshots * docs: explore * snapshots: Move external snapshot creation to backend * snapshots: Add external_delete_url column * Add keyboard navigation to datasource picker via a hoc. * Use react's onKeyDown event on the input instead of event listener on document * Explore: Improved line parsing for logging * fixed typings and remove * updated publish script * Unmount component when fading out to reset its state, such as search.. * Variable rename. Did not make sense at all. * Fix styling for vizPicker keyboard nav and change so only arrow up/down is OK to use * fixed styling * Start adding keyboard navigation to VizPicker * use links instead of bridge network * fix time regions bugs * fixed issue with colorpicker position above window, fixes #14412 * fixed issue with singlestat and repeated scopedVars, was only working for time series data sources, and only if there was any series, now scoped vars is always set, fixes #14367 * fix search tag issues, fixes #14391 * Clear query models when changing data source type, fixes #14394 * fixed issue with grid responsive mode * fixed max height issue not being respected by react select dropdown * removed side menu for column styles, added small header to column styles with a border * Use correct variable name in fail text * Fix search field styles * Enable search also after editing * Explore: Split logging query into selector and search * Fix logs panel meta wrap * Explore: dont pass all rows to all rows, fixes profiler * Explore: Logging dedup tooltips * Explore: Hide scanning again after result was found * Explore: Fix timepicker inputs for absolute dates * Switch to global match for full browser support of escaped custom vars * Allow backslash escaping in custom variables * Fixed issue with logs graph and stacking * align yellow collor with graph in logs table * minor style change * Add the AWS/SES Cloudwatch metrics of BounceRate and ComplaintRate. Pull request #14399 * logs style polish * allow sidemenu sections without children still have a hover menu/header * explore logs options styling * transparent toggle style and new button group style * Toggle buttons * render a value mapping row * removed side menu from display options, kept overrides in display options, moved thresholds and time regions to its own section in visualization * changelog: adds note about closing #11221 * removes unused code * fixes merge error * remove result format. might add this later * filter out build in datasources. add unit test * click on dashboard title moves you back to dashboard instead of search * graphInterval needs to update after query execution, fixes #14364 * Explore: Parse initial dates * Aligned styling of stats popover/box with rest of grafana & minor css refactoring * Remove Explore > "New tab" from sidebar * initialize empty variables array in constructor so that datasources can use the array in explore * Prometheus: Make result transformer more robust for empty responses * add table support flag in influx config * add scoped vars to query options * Rebase fixes * Explore: Logging line parsing and field stats * fixed unit tests * made unknown color theme aware and sync with graph color, some minor cleanup * initial stuff * Explore: improve error handling * use render props instead of cloneElement * sort of a hacky way to figure if the small variation should be used for the label * add basic button group component, using the the same label style as is * Restore PluginEditCtrl accidently removed * explore logs styling * wip: alternative level styling & hover effect * wip: explore logs styling * more detailed error message for loki * If user login equals user email, only show the email once #14341 * UserPicker and TeamPicker should use min-width instead of fixed widths to avoid overflowing form buttons. #14341 * wip: explore logs styling * restoring monospace & making sure width are correct when hiding columns * fixed logs to time series calculation issue, increased bucket size, fixes #14248 * Always open panel links in new window if user asked for it #14333 * Changing from PureComponent to Component to re-render on link updates made in Angular #14333 * minor tweaks, now table renders faster and changes less on second stage rendering * explore logs css refactoring, step1 * explore logs styling poc, WIP * Fix transparent option #14333 * Add prop key to panelPropsString to avoid a bug when changing another value and the render doesnt trigger * loki: adds proper error handling for config page * renames Grafana Logging ds to Loki * Pass some panel props down as strings to trigger render #14333 * Trigger panel.render on title, description, links change #14333 * Put issue number to test code * Fix bug what updating user quota doesn't work * Fix bug what updating org quota doesn't work * public/app/plugins/*: Fix some misspell issues * public/sass/*: Fix misspell issue * public/app/features/*: Fix some misspell issues * public/app/core/*: Fix some misspell issues * README.md: Fix small typo * fix snapshots * Added isDefault switch on settings * fix to switch component * Rename BodyPortal to Portal and accept prop "root" which is where the portal should be placed * Create a portal and use it with our popper component (tooltip and popover) to avoid potential overflow-/zindex-bugs * add icon * explore data source selector fix * Update css to use the border-radius variable and add a new variable for the popper's distance to its ref * Update README.md * fix for panel-initialized event not being called * refactored and added tests for panel model remember properties * redact value for plugin proxy routes * pkg/*: Fix misspell issues * fix for panel embedding. Solo panel height was not correctly set. Made panel--solo into panel-solo class. in develop branch we have remove the need for the panel class * added support for influxdb cumulative_sum function in tsdb * Use buildTableConstraint instead of buildSchemaConstraint to find the datatype of a column if using a table from a different database schema * Readme: We should write Node.js the same way in all places in the readme * Small tooltip css-adjustments and add css for position "bottom-start" used by the panel header corner * Explore: Display duplicate row count as number * Adapt styles * Explore: Logging query live preview of matches * added max-widths to explore start pages boxes * Alert tab fails when datasource method targetContainsTemplate doesnt exist #14274 * improve comments * fixed promql and loggging syntax so all punctuation chars are treated the same, remove hover move * remove all query empty related code. root cause of the problem was to fix hasNonEmptyQuery * Let the cached props from previous visualization be the masters, unless specified in keepLatestProps const * POC on how to save away settings from a viztype and restore when switching back to it #14274 * remove redudant spread * Set query empty condition in render function. Also clear query transactions when no valid query is present * Remove query empty from model * fixed logging start page * Use popover styles for stats popover * Fine tune stats styles * Tests for label stats calculation * Explore: Logging label stats * stop scanning when clear all button is clicked * build: update latest when pushing docker. * Use origin meta * only display scan button if there is at least one existing selector that returned an empty result * minor refactoring * Explore: return to grid layout for logs table * Add VizPicker search #14274 * changelog: add notes about closing #11067 * fixed grabage in markup * fix: align input backgrounds for code editors * fixedUnit for Flow:l/min and mL/min * feat: #11067 prevent removing last grafana admin permissions * another style fix for broken dark theme word highlight * fix time regions using zero hours * Misc styling fixes to explore: start page, slate code editor colors, text highlight in auto completeter suggestion * Revert commit * only make it possible to scan for older logs if there is at least one non failing selector * update package.json to next version * Stick to .tsx? for babel file test * changelog: add notes about closing #13815 * changelog: add notes about closing #14246 * arrow function * changelog: add notes about closing #12653 * fix for add/remove labels * Hid "Forgot your password" link from login menu when reset is disabled * Prevent password reset when login form is disabled or either LDAP or Auth Proxy is enabled * fix for initial options * minor css fixes * update changelog * update latest.json to latest stable version * new stable docs version * minor css fix * redid props for gauge options * dataproxy: Override incoming Authorization header * changelog: add notes about closing #14228 * Explore: Show logging errors from backend * change obj order when merging so that correct format is being used * Explore: Fix logging query parser for regex with quantifiers * Update README.md * Fixed typo in function name * Explore: Fix label and history suggestions * tidy import * let each sql datasource handle timeFrom and timeTo macros * style changes for panel placeholder (move and resize) effect * never load fallback query field. remove commented code * add an error alert component that will be displayed when there was an error loading ds in explore * fix: minor style changes, removed hover scale increase * react-panel: Add nullcheck to prevent error on datasources without meta options * react-panel: Options button should always be enabled now when Time Range-options are there * react-panel: Move time range options to its own component and render it under the options button instead * created color enum * make sure target obj is not destructured so that angular copy of objected can be mutated * Review feedback * react-panel: Add test for Input with validation on blur * react-panel: Input validation should be optional * react-panel: Clean up input validation and increase code readability * react-panel: Time range options moved to "Queries" tab * react-panel: Remove mock response button for now * react-panel: Remove comments and improve readability in render() * react-panel: Use correct type for children prop to avoid the use of fragments <> * react-panel: Remove json-formatter-js since we will continue with the "patched" version * react-panel: Move all query inspector logic into QueryInspector component and start with the "Mock response" * react-panel: Toggle Expand/Collapse json nodes in Query Inspector * react-panel: Add CopyToClipboard-component and separate QueryInspector to its own component from QueriesTab * react-panel: Trigger panel refresh when opening inspector. Add loading-message * react-panel: Replace JSONFormatter npm package with the current monkey patched JsonExplorer * react-panel: Clean up the JSONFormatter and make sure it updates both on mount and when props update * react-panel: Get real datasource query for query inspector * react-panel: Create component for JSON formatting and use it on query inspector * changelog: add notes about closing #14167 * make getAll return array instead of object * remove obsolete test * Update README.md * Add AWS/CodeBuild namespace for CloudWatch datasource * Fixed styling issues with new checkbox style * Fix other misspell issues * docs/*: Fix misspell issues * CHANGELOG.md: Fix misspell issues * Explore: Logging render performance * remove log * min and max value * update gauge on remove threshold * user added thresholds state * console logs and code layout * pass data correctly to event handler * revert Label change * update color on gauge when changing * remove explore check - make it possible to load all datasources * add table support flag for stackdriver * add table support flag for prometheus * add table support flag for postgres * add table support flag for opentsdb * add table support flag for mysql * add table support flag for mssql * add table support flag for logging * add table support flag for graphite * added google_tag_manager_id from defaults.ini * removed extra whitespace * Update export_import.md * added new icons, fixed so different icons in different themes, added animation to hover on icons, styled choose visualization and datasource for both themes, made som styling adjustments to whole panel editor * sorting tests * remove border * color indicator * add new flag in order to be able to indicate whether the datasource has native support for tables * prevent explore from crashing when table is not present in response * Explore: Logging label filtering * Logging: fix query parsing for selectors with multiple labels * using percentage to not hide search when smaller screen * build: explaining the linux build. * check for null with toLocalString (#14208) * Fix elastic ng-inject (build issue) (#14195) * add current editor to panel targets * Added stop scan button * Explore: Scan for older logs * color picker * remove time srv initialization * restructure imports * get intervals from explore function * unregister all query editor event listeners * remove comments * temp remove until stackdriver implements explore * sort on value * use default range from time picker * Requested Backend changes, removed link in popover description for the offset field * Remove confusing <> from variable intro * includes ranges correctly in the options object * docker: Upgrades base packages in the images. * small fixes * logic for adding rows, styling * chore: correct pause-all-alerts auth in docs * Requested Backend changes, added details to popover description for the offset field * Explore: Fix JS error when switching between 2 prometheus datasources * color touches * Add support for Offset in elasticsearch datasource, date_histogram aggregation, fixes grafana #12653 * Fix tests to account for sortText * build: always test publisher. * build: packages linked to dl.grafana.com. * Fix tests to account for loglevel long names * Explore: Filter logs by log level * styling * created test for some functions * update changelog * mock interval data * fix handle of elasticsearch 6.0+ version * rename variable * hide row specific buttons when query editor is rendered from explore * add support for explore events * minor style fix * minor fixes * docs: various fixes of what's new in v5.4 * use plugin_loader directly instead of using the wrapper * docs: fix old ldap url redirect * fixed issue with babel plugin proposal class properties that initiated properties to void 0. This breaks angularjs preAssignBinding which applies bindings to this before constructor is called. Fixed by using fork of babel plugin. * Explore: make query field suggestions more robust * Fix abbreviations of Litre/min and milliLitre/min (#14114) * Sort Prometheus range suggestions by length * docs: what's new in v5.4 * Explore: swtiching to logging should keep prometheus labels in case of error * tweaks to gf-inline-form style PR #14154 change * adding back button * styling tweaks * initial commit * docs: signout_redirect_url description in auth overview * minor style changes * Sticky footer for all pages * edit mode styling * edit mode styling * edit mode styling * Added comments * style tweaks * render and sort * return actual error if failing to update alert data * Fix issue with deleting a query (empty string not updating) * Fix history rendering for DataQuery * margin when listing multiple gf-form should be right * styling progress * Fix a typo * panel edit ux experiments * changelog: add notes about closing #14150 * temporary fix for starting grafana not running systemd * cloudwatch: handle invalid time ranges * cloudwatch: recover/handle panics when executing queries * Combine query functions * Renamed targets to queries * added icons for panel-edit side menu * updates time range options for alert queries * format: remove and align tabs * updating state * Explore: Introduce DataQuery interface for query handling * Fix set utilities for explore section * typos in docs/sources/alerting/rules.md * typos in docs/sources/alerting/rules.md * fixed failing graph tests * gfdev: fixes unparseable for duration * fixed issue with new legend not checking if panel.legend.show * gfdev: adds alert always in pending state * docs: adds example timeline for alerting for * build: docker build for ge. * react-panel: Avoid duplicate keys * added alert tab to new react panel editor * update path to alerting for image * started on thresholds * react-panel: Add data source "options". Needs UX, WIP. * update release publish script links * fixes to view mode for panels, can now go back as before * Add visibility toggle for explore graph series * what's new in v5.4 placeholder * fix label and default threshold * react-panel: Add data source "help" * fix for issue with error view in production builds * changelog: adds note for #13561 * update changelog * stackdriver: remove not used variable * fixed menu to go to panel view mode * stackdriver: use angular dropdown so that we can restrict user input * stackdriver: make sure object type queries are also checked for vtemplate variables * minor style update * changelog: adds note about closing #13577 * adds basic auth configuration to default.ini * added header section to legacy tabs * stackdriver: reset defaults.ini * changelog: add notes about closing #14120 * changelog: add notes about closing #14129 * switch slider changes * linters. * build: correct filters for ge build artifacts. * build: releaser supports releasing only some artifacts. * Revert "docs: building Grafana on arm." * Add doc for api "GET /api/users/:id/teams" * Re-organize packages and add basic auth test * Revert "Update google analytics code to submit full URL not just path" * Add Cloudwatch/CloudHSM Metrics and dimensionMaps * remove react warning * added chekbox and other tweaks * refactor options, show labels and markers * docs: building Grafana on arm. * stackdriver: add query keyword to service, metric and project since these were the only fields in the editor that was missing it in the whole editor * Explore: POC dedup logging rows * stackdriver: add query keyword style to query fields * stackdriver: fix failing test * stackdriver: reimplementing service variable query type * Revert "typo fix" * typo fix * prefix and suffix * decimals * update snapshot * stackdriver: fix failing tests * changelog: add notes about closing #13352 * changelog: add notes about closing #13810 * changelog: add notes about closing #13605 * changelog: add notes about closing #13876 * changelog: add notes about closing #13946 * changelog: add notes about closing #13555 * changelog: add notes about closing #13425 * changelog: add notes about closing #13655 * stackdriver: update docs * stackdriver: add support for template variables * react-panel: Finish the data source search on query tab and start moving switch-data-source-logic from angular * linter. * fixed issue switching back from mixed data source, introduced by react panels changes * build: minor refactor. * build: fixes a bug where nightly rpm builds would be handled as stable. * some touch ups on unit * go meta lint errors * update changelog * builds: introduces enum for relase type. * fix group sync cta link * picker and functionaliy * fixed issue with panel size when going into edit mode * stackdriver: join resource and metric labels. split them in values and keys * changelog: add notes about closing #13924 * build: table-driven tests for publisher. * fix id returned from google is a string * changelog: adds note about closing #7886 & #6202 * changelog: adds note about closing #11893 * Fix param * Add GET /api/users/:id/teams for orgAdmin * Tooltip should be able to take up space when used on an absolute positioned element * minor fixes * panel-header: Move the corner information in the panel header to its own component * changelog: add notes about closing #12550 * fix selected home dashboard should show as selected even though its not starred * panel-header: Move the panel description/links/error container outside of panel header to not interfere with the react-grid stuff * reload browser after preferences been updated * panel-header: Unmount popper when not needed. * fix snapshot tests * panel-header: Updated snapshots for popper * panel-header: Add fade in transition to tooltip * Trying to reduce the amount of duplication with preferences * panel-header: Make it possible to style the reference element and fix so panel description looks good * filter out alpha plugins in api call, fixes #14030 * panel-header: Simplify condition * panel-header: Avoid undefined classNames and use the real panel description * panel-header: Updates for the new react-popper api and make it possible to hover the tooltip popper without it closing * panel-header: Bump @types/react, @types/react-dom, react, react-dom, react-popper to latest versions * panel-header: Display description in modal * update changelog * changelog: add notes about closing #11977 * changelog: add notes about closing #6367 * docs: team http api update * [elasticsearch] Do not set a placeholder to index name, if it's already specified. * changelog: adds note about closing #14043 * fixed issue with save. * fixed mutability issue in dashboard dropdowns * Explore: Fix table pagination styles * team preferences ui * feat: team preferences * Explore: Dont set datasource in state if navigated away * fix switching from es raw document metric breaks query editor * alerting: reduce the length of range queries * Mitigate XSS vulnerabilities in Singlestat panel * Retain decimal precision when exporting CSV * Added Id to BasicUserInfo returns * Added google oauth account id * switch style tweaks * Explore: collapsible result panels * removing test page * format value * default value * created classes for new checkbox and variables * Prometheus: fix rules expansion * handle default value * various fixes to angular loading * Explore: POC for datasource query importers * build: enabled darwin build. * expand groups when searching * build: darwin compatible build env. * maxHeight and style overrides * moved slider into label to make it clickable, styled slider in dark and light theme, created variables for slider * fix: dont setViewMode when nothing has changed * fix redirect issue, caused by timing of events between angular location change and redux state changes * fix datasource testing * panel options now load even when changing type * fixed issues when changing type, need to remove event listeners and cleanup props * build: refactoring. * React edit mode for angular panels progress * minor fixes * fixed order of time range tab * Update ReadMe. * Update google analytics code to submit full URL not just path * devenv: elasticsearch datasources and dashboards * fix pipeline aggregations on doc count * changelog: add notes about closing #5930 * fixed alert tab order and fixed some console logging issues * Add tooltip * some progress on groups and options * changed time region color modes * panel-header: Move the corner information in the panel header to its own component * changelog: add notes about closing #12550 * fix pending alert annotation tooltip icon * alert rule have to be pending before alerting is for is specified * fix selected home dashboard should show as selected even though its not starred * build: internal metrics for packaging. * panel-header: Move the panel description/links/error container outside of panel header to not interfere with the react-grid stuff * alerting: improve annotations for pending state * reload browser after preferences been updated * panel-header: Unmount popper when not needed. * fix snapshot tests * panel-header: Updated snapshots for popper * panel-header: Add fade in transition to tooltip * Trying to reduce the amount of duplication with preferences * stackdriver: revert project test stuff * stackdriver: revert test code * panel-header: Make it possible to style the reference element and fix so panel description looks good * adds pending filter for alert list page * adds pending state to alert list panel * alertmanager: adds tests for should notify * Extracted language provider variables for readibility * devenv: graph time regions test dashboard * fix time regions mutable bug * set default color mode * filter out alpha plugins in api call, fixes #14030 * alerting: support `for` on execution errors and notdata * poc: handling panel edit mode in react even for angular panels poc * panel-header: Simplify condition * wip: minor update * minor fix * css update to switch slider * tests for supporting for with all alerting scenarios * should not notify when going from unknown to pending * Fix formatting and remove enabled toggle * panel-header: Avoid undefined classNames and use the real panel description * wip: switch slider test * panel-header: Updates for the new react-popper api and make it possible to hover the tooltip popper without it closing * panel-header: Bump @types/react, @types/react-dom, react, react-dom, react-popper to latest versions * Add basic authentication support to metrics endpoint * panel-header: Display description in modal * minor panel options type fix * docs: description about graph panel time regions feature * update changelog * changelog: add notes about closing #11977 * changelog: add notes about closing #6367 * docs: team http api update * wip: adding general tab for react panel edit mode * [elasticsearch] Do not set a placeholder to index name, if it's already specified. * devenv: graph time regions test dashboard * create time regions solely based on utc time * started on options and groups * fix: added events to MetricsTabCtrl to closer mimic MetricsPanelCtrl * minor css change * Moved query manipulations from metrics controller to metrics tab so they are more easily shared between angular and react panels * fixed panel focus for react panels * minor changes to react panels * changed how size is calcualted and propagated and added proper interval calc to DataPanel * changelog: adds note about closing #14043 * first stuff * pkg/cmd/grafana-server/server.go: Check sendSystemdNotification return value. * pkg/cmd/grafana-server/server.go: check serviceGraph.Provide() errors * pkg/cmd/grafana-server/main.go: Fix error value not checked * wip panel size handling * fixed issue with save. * fixed mutability issue in dashboard dropdowns * adced clickoutside wrapper * fixed singlestat guage ceneterd dot rendering issue * refactoring back the interval calculation, needs to be different for react panels * fix case where timeshift and time override is used * wip: refactoring interval and time override handling * updates latest to 5.3.4 * changelod: add release date for 5.3.3 and 5.3.4 * devenv: graph time regions test dashboard * graph: Time region support * Explore: Fix table pagination styles * devenv: update alerting with testdata dashboard * stackdriver: use arrow functions * stackdriver: use new naming convention for query editor all over * adds redis devenv block * restore user profile preferences * changelog: add notes about closing #13328 #13949 * updates macaron session package * minor react panels refafactor * removed console.log * some cleanup of unused stuff and type fixes * completed work on panel not found view * Clarify wording of playlist protip * team preferences ui * feat: team preferences * Explore: Dont set datasource in state if navigated away * Explore: Don't suggest term items when text follows * wip: panel plugin not found * fixed scrollbar autohide prop * wip: panel-header: On panel refresh, get new timeRange from timeSrv, not the old one from the state * wip: panel-header: Avoid null returning to get better code readability. High five @ peterholmberg * wip: panel-header: Remove the TimeData type * wip: panel-header: Add proper typings to maxDataPoints and interval + remove code in comment * wip: panel-header: Move getResolution and calculateInterval into utils-functions and use the same code from react and angular * wip: panel-header: Start implementing the applyPanelTimeOverrides in the react panels by moving it to a util, make it pure and call it from angular and react. * import changes * updated text styling when switching views * Add `gofmt -s` to CircleCI * minor fixes based on code review * Fix gofmt issues * Add pic into actionCard message * minor style fixes & polish * minor update * disable custom webkit scrollbar styles * refactoring & cleaning up css * Minor progress on edit mode * improve dropdown pane connetion to tab toolbar * Add megacheck to gometalinter CircleCI target * pkg/tsdb/influxdb/influxdb.go: Fix surrounding loop is unconditionally terminated. * scripts/build/release_publisher/publisher_test.go: Fix trivial megacheck warning. * draw gauge * data source picker demo state * stackdriver: remove service query tyhpe * stackdriver: correct aligner name * fix in to not render multiple labels * stackdriver: typescriptifying props * stackdriver: remove redundant try catch * Update stackdriver.md * Adjust UI depth of query statistics * stackdriver: rename query function * stackdriver: rename query variable * stackdriver: remove debug log * stackdriver: add documentation for the template query editor * stackdriver: test saved variable * stackdriver: fix failing tests * stackdriver: remove services query type * stackdriver: update tests * stackdriver: add tests for render snapshop and default query type * stackdriver: remove lodash since object assign will do the trick * stackdriver: make sure we don't crash when selected service doesnt have a value * stackdriver: add simple render test * stackdriver: rename params * stackdriver: remove not used prop * stackdriver: persist template variable definition * stackdriver: add default value for query type * stackdriver: pass query definition from react, making it possible to use another definition than the query string only * stackdriver: make it possible to use alignment period template variable * stackdriver: make it possible to use aligner template variable * stackdriver: make it possible to use aggregation template variable * stackdriver: make it possible to use aggregation template variable * stackdriver: make it possible to use metric type template variable * stackdriver: set currentdatasource when editview is enabled * stackdriver: return correct value * stackdriver: reset query value on datasource changed * stackdriver: fix default value bug * stackdriver: extend label width * stackdriver: revert refactoring * stackdriver: extract variables for pickers * stackdriver: cleanup * stackriver: rename interface * stackriver: use type for state * stackdriver: rename state vars * stackdriver: extract common function * stackdriver: streamline the way labels are refreshed when a new value is picked in the dropdowns above * stackdriver: handle default state * stackdriver: refactor dropdown component * stackdriver: replace components with basic stateless select * stackdriver: remove not used func. wrap query in exception * stackdriver: reload all child dropdown and update selected accordingly * stackdriver: improve default state handling * stackdriver: use standard naming convention for selects * stackdriver: streamline label change * stackdriver: refactor TemplateQueryComponent * stackdriver: use enum for query type * stackdriver: add aggregation query * stackdriver: add alignment periods * stackdriver: add aligner query * stackdriver: add resource types query * stackdriver: add support for resource label queries * stackdriver: return friendly display name * stackdriver: add metric labels query * stackdriver: move response parsing to datasource file * stackdriver: return values for services and metric types * stackdriver: rename default component * stackdriver: more renaming * stackdriver: refactoring - rename react components and file structure changes * stackdriver: remove not used code * stackdriver: add selector components for service and metric type * stackdriver: refactor stackdriver query ctrl * stackdriver: make sure default template query editor state is propagted to parent angular scope * stackdriver: conditional template component rendering * stackdriver: add react component for template query editor * stackdriver: make it possible to load react plugin components from template query page * stackdriver: add basic directive for loading react plugin components * Preserve suffix text when applying function suggestion * wip: progress on edit mode ux with tabs * can render something * don't drop the value when it equals to None * changelog: adds note about closing #13993 * Remove Origin and Referer headers while proxying requests * Refactored log stream merging, added types, tests, comments * docs: improve helper test for `For` * alerting: adds docs about the for setting * panel-edit-ux-tabs on top alternative * Add new option to set where to open the message url * added loading state * Fixes #13993 - adds more options for Slack notifications * fix switching from es raw document metric breaks query editor * add auth.proxy headers to sample.ini * add auth.proxy headers to default.ini * refactored how testing state was handled, using redux for this felt way to require way to much code * adds debounce duration for alert dashboards in ha_test * fixed issue with reducer sharing url query instance with angular router * fixed exporter bug missing adding requires for datasources only used via data source variable, fixes #13891 * minor text change in export modal * build: removes unused. * clear test box if success * Fixed issues introduced by changing to PureComponent * Added testing state in reducer * further refactoring of #13984 * minor fix * refactorings and some clean-up / removal of things not used * Update docs/sources/permissions/dashboard_folder_permissions.md * Fix typo in docs/sources/reference/scripting.md * experimental option boxes * ux: changed panel selection ux * move enterprise down in menu * wip: panel-header: Fix shareModal compatibility with react and angular * wip: panel-header: Remove custom menu items from panels completely * wip: panel-header: Reverted a lot of code to pause the "custom menu options" for now * wip: panel-header: More merge conflicts during cherry pick * wip: panel-header: More merge conflicts during cherry pick * Update docs/sources/permissions/datasource_permissions.md * Update docs/sources/permissions/datasource_permissions.md * Update docs/sources/permissions/dashboard_folder_permissions.md * Update docs/sources/http_api/datasource_permissions.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * minor change * wip: panel-header: More merge conflicts * Fix loglevel tests for Explore loggging * wip: panel-header: Merge conflicts * wip: panel-header: Fragment not needed anymore * wip: panel-header: Add possibility to add custom actions to the menu by passing them in as props * wip: panel-header: Separate all panel actions to its own file so we decouple them from react * wip: panel-header: Start implementing the Toggle legend, but its not taken all the way * wip: panel-header: Change DashboardPanel to a PureComponent to avoid unwanted rerenders * wip: panel-header: Refactor so "Share" use the same code in angular+react * wip: panel-header: Add "Edit JSON" functionality + make sure everyone using the json editor pass in the model property instead of the scope property when triggering the json modal * wip: panel-header: Add "Copy" functionality * wip: panel-header: Add "Duplicate" * wip: Add "Share" to the react panels * wip: panel-header: Move code existing in both angular+react to utility functions * wip: panel-header: Remove panel * Mobx is now Redux * wip: Initial commit for PanelHeaderMenu * changelog: add notes about closing #13903 * changelog: add notes about closing #13932 * unify log level colors between rows and graph * Graph log entries by log level * fix selecting datasource using enter key * Adaptive bar widths for log graph * changelog: add notes about closing #13970 * build: fixes * build: publisher handles nightly builds. * rename and mark functions as private * drag handle css * moved drag handle * fixed options * Time selection via graph * minor code style change * basic panel options working * Adding Cloudwatch AWS/Connect metrics and dimensions * wip: react panel options architecture * export: provide more help regarding export format * build: minor publisher fixes. * extract store from configurestore * added actions * build: publishes grafana enterprise to grafana.com * changelog: adds note about closing #13322 * build: publisher uses local time. * build: publisher supports both local and remote. * build: publisher can find artifacts from local sources. * build: refactor releaser. * build: prepares release tool for finding local releases. * build: improved release publisher dry-run. * build: use build workflow id instead of build number. (#13965) * alerting: delete alerts when parent folder is deleted * refactor dashboard alert extractor * for: use 0m as default for existing alerts and 5m for new * panel options wip * Exposing digest from angular component * adds tests for extracting for property * minor fix * changelog: add notes about closing #13606 * devenv: table panel links * renames `debouceduration` to `for` * introduce state `unknown` for rules that have not been evaluated yet * fixes go meta lint issue * wire up debounce setting in the ui * adds db migration for debounce_duration * introduces hard coded deboucing for alerting * always execute the user teams query * handle error before populating cache * build: fixes gcp push path. * alerting: adds tests for the median reducer * add minimal permission * typo fix for "has" * Gitlab -> GitLab * changelog: adds note about closing #13945 * Add tests covering alternate syntax for aggregation contexts * Handle suggestions for alternate syntax aggregation contexts * fix terms agg order deprecation warning on es 6+ * fix failing tests * removed file I added accidentally * fixed to template PR issues, #13938 * alerting: increase default duration for queries * Explore: Logging graph overview and view options * Load hash based styles in error.html, too * Add [hash] to filename of grafana.{light,dark}.css * minor tweak to back to dashboard buttons * Fix minor JSON typo in HTTP API docs * remove replaced components * reverting babel change * remove this * removed these unused components * reverting script change * updated snap * tests * minor doc tweaks * updated enterprise page * Added new backend setting for license file * updating state and save * make permission sub items in sidemenu cleaner * changelog: add notes about closing #13925 * Explore: fix metric selector for additional rows * fix for responsive rule for footer * Updated login page logo & wordmark and responsive behavior * added new workmarks * fixed react whitespace warning on teams page * renamed org files to match new naming guide * moved profile pages to it's own feature folder * moved new teams page * reload page after preferences update * Add delta window function to postgres query builder * Increase Telegram captions length limit. * docs: enhanced ldap * Explore: async starts of language provider * listen for changes in angular land and propagate that back to react * docs: fix datasource permissions keywords * build: grafana enterprise docker image. * added caching of signed in user DB calls * added actions * IE11 fix for legend tables below graph * cleaned up render * renders angular component * updated api keys snapshot * restored transition * removed logging call * add table column date format * fixed memory leaks and minor refactoring * build: gpc credentials added to deploy. * changelog: add notes about closing #13762 * update changelog * build: deploys to gcp. * build: deploys to gcp. (#13911) * datasource permission http api * restructure administration/permissions page into a section with sub pages * Fix TimePicker test by enforcing UTC on date string * updated view to use angular loader * Explore: repair logging after code restructuring * docs: schema -> database * build: deployment ci container. (#13902) * docs: mysql * minor progress * Make Explore plugin exports explicit * add functionality to override service in registry * moved state * register datasource cache service with proper name * revert application lifecycle event support * changelog: adds note about closing #13876 * Add new build info metrics that contains more info (#13876) * JS tooling: run TS grunt tasks only when files changed * revert file name change * remove unused code * log error on datasource access denied * include teams on signed in user * application lifecycle event support * refactor datasource caching * Fix cell coloring * Fix bug with background color in table cell with link * add dashnav responsive rule to hide tv button on smaller screens * Implement oauth_auto_login setting * Explore: fix copy/paste on table cells * rename type * using label component * Pluggable components from datasource plugins * fixed type * removed angular code * test and some refactoring * build: adds branch info to binary build * now that css is loaded sync again I can remove some styles from index html body css * WIP babel 7 * Revert to sync loading of css, sometimes js loaded before css which caused issues * Update grafana_stats.json * Makefile: dependency-driven target to build node_modules * removes old invalid release guide * added missing alpha state prop to graph2 panel * minor update * added switch form component * updated graph tests dashboard * fixed width of panel edit mode * Fix query hint tests after refactor * Fixing issue 13855 * Add tests to cover PlaceholdersBuffer and sum hint * Add sum aggregation query suggestion * fixes to angular panel edit mode * Reduce re-renderings when changing view modes * updated singlestat logo * more ux progress * Add tests to cover aggregation context cases * Fix label suggestions for multi-line aggregation queries * panel edit mode changes * Update snapshots. * Use jest.fn instead of string. * Explore: error handling and time fixes * ux experiments * build: builds grafana docker for enterprise at release. * Add code to flot that plots any datapoints which to not have neighbors as 0.5 radius points - fixes https://github.com/grafana/grafana/issues/13605 * adding default value and update actions * build: ge build fix. * build: grafana enterprise docker. (#13839) * moved state to redux, renamed entities * testing panel edit ux idea * changelog: add notes about closing #13769 * add test * cache region result * use default region to call DescribeRegions * fix: updated backend srv to use appEvents and removed parts of alertsSrv * simple select * build: correctly adds enterprise to the filename. (#13831) * docs: improve ES provisioning examples * changelog: adds note about closing #13723 * stackdriver: don't set project name in query response since default project is now loaded in its own query * Optimize the Dingding match values format * Add Dingding message type to support mass text notification * graph legend: fix table padding * Moved prom language features to datasource language provider * Split text template into variable * Add match values into Dingding notification message * graph legend: fix phantomjs rendering when legend is on the right * fix for annotation promise clearing, bug introduced last week when merging react panels step1 * fix panel solo size * mysql: fix timeFilter macro should respect local time zone * load preferences * support template variable in stat field * only look in current database in findMetricTable * graph legend: fix table alignment * fix dingding doc error * fixed routes and page * graph legend: minor refactor * Added types to query rows * update latest.json to latest stable version * changelog: update * cleaned up the flow * changelog: add notes about closing #13280 * delete provisioning meta data when deleting folder * Update the regex-matching in templateSrv to work with the new variable-syntax and be more flexible to regex-changes #13804 * changelog: add notes about closing #13600 * changelog: update * Move the variable regex to constants to make sure we use the same reg??? (#13801) * docs: fix tutorials index page. Fixes #13799 * graph panel: fix legend alignment * Explore: fix graph resize on window resize * changelog: adds note for #13691 * docs: fix tutorials index page. Fixes #13799 * Resource type filter (#13784) * Fix race condition on add/remove query row * moving things * typing changes * changelog: add notes about closing #13764 * pkg/tsdb/stackdriver/stackdriver.go: Fix regular expression does not contain any meta characters. * pkg/tsdb/graphite/graphite.go: Fix regular expression does not contain any meta characters. * pkg/login/ldap.go: Fix warning comparison to bscl constant * Added margin and correct border radius * Fix rebase, fix empty field still issuing query problem * Changelog: Adds curl to docker image in 5.3.2 * fix: another fix for #13764 , #13793 * Submit query when enabling result viewer * Get query hints per query transaction * docker: adds curl back into the docker image for utility. (#13794) * Explore: query transactions * connected to store, self remove logic * fix: kiosk url fix, fixes #13764 * changelog: add notes about closing #13633 * changelog: add notes about closing #13666 * fix: Text box variables with empty values should not be considered fa??? (#13791) * renaming things * graph legend: review fixes * add debug logging of folder/dashbord permission checks * sync mysql query editor template with postgres * add char as datatype for metric and group columns * build: indentation mistake. * build: fixes filename issues. * fix injecting dependencies to graph legend directive * changelog: adds note for #13669 * docs: update debian installation instructions * stackdriver: some tweaks to the text on the config page and in docs * stackdriver: refactoring request builder * stackdriver: remove not used struct * stackdriver: remove not needed scope * stackdriver: add provisioning example for gce authentication * stackdriver: add documentation for gce default account authentication * stackdriver: change name of authentication type * stackdriver: improve config page info box documentation * stackdriver: prevent backend query from being made when there are not yet any defined targets * stackdriver: fix failing tests * stackdriver: improve error handling * graph legend: fix legend when series are having the same alias * stackdriver: remove not used query file * stackdriver: remove test datasource query. use ensuredefaultproject instead * stackdriver: remove debug comments * stackdriver: improve error handling in the datasource * stackdriver: fix typo * stackdriver: add debug logging * stackdriver: fix broken braces * stackdriver: fix broken condition after rebase * stackdriver: use constant instead of variable * stackdriver: remove debug log * stackdriver: fix failing test * stackdriver: use gce variable * stackdriver: add variable for gce authentication type * stackdriver: get default project from backend. also ensure default project could be retrieved when authentication type is gce * stackdriver: only load default project from backend if it's not available on the target. this might happen when using gce authentication and provisioning * stackdriver: display error message if project name is not present in jwt file * stackdriver: only load project name if it's not already stored in the ds info json * stackdriver: add default value for authentication type * stackdriver: wip - remove debug code * stackdriver: improve ui for toggling authentication type * stackdriver: only get default token from metadata server when applying route * stackdriver: only get default token from metadata server when applying route * stackdriver: make backend query a pure test datasource function * stackdriver: add status code * stackdriver: wip - return metric descriptors in the format of tablew * stackdriver: wip - get metric descriptors in the backend * stackdriver: wip - add logic for retrieving token from gce metadata server in the auth provider * stackdriver: wip - add very basic checkbox for gce auto authentication * stackdriver: break out project name resolving into its own function in the stackdriver.go file * stackdriver: wip - temp remove jwt token auth * stackdriver: wip - always use gce default account for stackdriver * stackdriver: wip - add scope and remove debug code * stackdriver: WIP - test retrieving project id from gce metadata * skip jwt token auth if privateKey is empty * fetch token from GCE metadata server * Revert "for development" * for development * graph legend: fix quotes displaying * graph legend: minor refactor * Enterprise crosscompilation (#13783) * component working * graph legend: fix rendering after legend changes * graph legend: refactor, fix another review issues * fix: DataPanel isFirstLoad state fix * Fix click-based selection of typeahead suggestion * ux: remove duplicate placeholder attribute * initial work to add shortcut to toggle legend - generic * scripts/build/publish.go: Fix warning on err variable. * pkg/services/alerting/reader.go: Fix should use for range instead of for { select {} }. * pkg/middleware/middleware.go: Fix empty branch warning. * pkg/plugins/plugins.go: remove ineffective break statement. * fix order for mysql, remove postgres specific code * using react component * Explore: reuse table merge from table panel * graph legend: refactor, move behaviour logic into component * stackdriver: add default project to provisioning documentation * adjust meta data queries for mysql * fix references to postgres datatypes * graph legend: review fixes * changelog: add notes about closing #13667 * changelog: add notes about closing #13718 * fixed gofmt issue after go update * fix cannot receive dingding alert bug * fix: fixed variable srv tests * stackdriver: only add unit to resonse obj if it has a value * make interpolateVariable arrow function * fix: another set of fixes for refresh * fixed issue with template refresh * Fix tslint errors * stackdriver: fix failing tests * stackdriver: make sure unit is not returned to the panel if mapping from stackdriver unit to grafana unit can't be made * Fix variable highlighting * Fixed yarn.lock (previous merge took out integrity) * changelog: add notes about closing #13710 * wip: enterprise docs * allow unit override if cloudwatch response unit is none * Revert "don't overwrite unit if user set" * don't overwrite unit if user set * changelog: add notes about closing #13674 * fix LDAP Grafana admin logic * graph legend: remove unused code * graph legend: refactor * docs: cleanup of how to build for docker. * Review feedback, increased height * changelog: add notes about closing #12342 * update changelog * remove not used file * simplify code * Explore: fix render issues in split view * A list of where to make changes when upgrading Go and Node.js (#13693) * tests * Update PromQueryField tests to address fixed bug * Fix typeahead behaviour for QueryField * permissions: cleanup. * hooked up actions * Explore: Use react-table as table component * created view * docs: installing custom plugins in docker. * Document oauth_auto_login setting * changelog: add notes about closing #13692 * postgres: use arrow function declaration of interpolateVariable * Use closure for calling interpolateVariable * changelog: add notes about closing #12308 * Add socket support for mysql data source * changelog: adds note about closing #12330 and #6696 * remove addpermissions component * cloudwatch: return a distinct list of regions * docs: update cloudwatch iam policy description * removes d in disableResolvedMessage * removed snaps * alerting: tests default value for disable resolve message * re-add hard coded region list * update doc due to client layout change * clean up tests * fix gofmt, add test, correct noted concerns with default value * fix gofmt, add test, correct noted concerns with default value * changelog: add notes about closing #13629 * add encrypt connstr param conditionally on the value chosen via GUI. * graph legend: add color picker (react) * removing datasource permissions states from grafana * update latest.json to latest stable version * update changelog * build: Upgraded nodejs to 8 on appveyor * codestyle * rename UI Option, align with control, update tests * pausing for now * Remove unwanted char * Fix incorrect alt text on logo * return default region list from backend * don't merge hard coded region list * add error message * get regions from after datasource save * show all CloudWatch regions * get region list from ec2:DescribeRegions * fix concurrent map writes * update, don't remove 'Known Issues' docs section. * update provisioning docs. * fix new setting default value handling. * rename new JSON data attrbute. * changelog: add notes about closing #13464 * changelog: add notes about closing #13553 * update changelog * doc(documentation) license * doc(documenation) * add channel option to disable the resolved alert (OK Message) that is sent when condition returns to normal. * Can render graph * Add 'encrypt' setting to MSSQL data source. * rendering settings * build: makes sure publisher.sh is available when deploying. * Fix grammar in log message * changelog: add notes about closing #13641 #13650 * Escape typeahead values in query_part * Escape values in metric segment and sql part * changelog: add notes about closing #13628 * update .bra.toml for using latest bra version * progress on react time series infra * wip: began first steps for a react graph component * various fixes to to queries tab (in react mode) * react panels query processing * react panels: got data * working on react data / query exectution * changed DataPanel from HOC to use render props * fixing unit tests * Removed reference to plugin_api.md (SDK Readme) on the development page as the file that it points to no longer exists. This addresses an open issue on the grafana.org repo * Adding tests * Adding time clockms and clocks * pkg/cmd/grafana-server/main.go: remove os.Kill as it cannot be trapped * changed to plain errors further down the alerting validation model so error did not get double wrapping in ValidationError * alerting: propagate alert validation issues to the user instead of just 'invalid alert data' message * updated gitignore * fix for graph time formating for Last 24h ranges, fixes #13650 * pkg/services/sqlstore/user_auth_test.go: comment unused users slice * fixed a typo * fixed a typo * fix: label values regex for single letter labels * created component for http settings * removes debug log. * make sure to add all variable nodes to dag before linking variables * changelog: adds note for #13607 * updated jest to 23.10 * Adds backend hooks service so extensions can modify index data * fix route issue * removed unused setting variable * minor setting refactorings * renamed extension point in the frontend * updated circleci build-container version * minor change to cloudwatch code formatting * minor ux fix for new select * fmt * grafana/grafana#13340 complete oauth doc * changed property name to UserWasDeleted and added an assert for it * Update check for invalid percentile statistics * pkg/services/alerting/notifiers/telegram.go: check error before close. * pkg/tsdb/*: Fix do not pass a nil Context * devenv: fix influxdb block * docs: refer to v5.3 instead of v5.2 * removed unsused function * docs: stackdriver fixes after review * fix mutability bug, removed unused constructor * stackdriver: check if array is empty to prevent filter from crashing. This closes #13607 * Handle DescriptionPicker's initial state #13425 * stackdriver docs: metric query editor and annotations * Update snapshots after merge * Requests for ds via backend blocked for users without permissions. * Removes unused code. * Remove CTA when CTA-action is clicked instead of a /new route #13471 * Add fancy delete button for ApiKeys. * Add form to both the CTA page and the regular list. * Add onClick handler to CTA. * Updated tests for new protip. * Updated protip, not sure what to write there. * Update tests for ApiKeys CTA screen. * changelog: add notes about closing #13616 * Show CTA if there are no ApiKeys, otherwise show table. * Extract ApiKeyCount from state. * made it possible to have frontend code in symlinked folders that can add routes * Added Loading state on org pages * fix phantomjs render of graph panel when legend as table to the right * changelog: add notes about closing #13172 * add test for es alert when group by has no limit * poc: frontend extensions * added the UserWasRemoved flag to make api aware of what happened to return correct message to UI * Remove user form org now completely removes the user from the system if the user is orphaned * remove tab * bug fix * Update time_series_query.go * changelog: add notes about closing #11711 * add admin page to show enterprise license status * docs: add version notes * tests * Css fix for selected option * User without permission to a datasource won't see it. * Updated test snapshot #13425 * Initialize Explore datasource correctly * Refactors ds permissions to a filter. * Remove the fixed widths and make it possible to pass it in as a prop instead #13425 * User filtering now works properly at the backend #13425 * Removed old code #13425 * Rename css class "gf-form-select2" to "gf-form-select-box" #13425 * Use new class names #13425 * Fixes for the tag filtering in the search #13425 * Start implementing the upgraded react-select in the tag filter box #13425 * fix /api/org/users so that query and limit querystrings works * Bump grafana/build-container to 1.2.0 * Revert "Lock down node version to see if we get rid of the circleci build issue" * Revert "Try to remove circleci cache to see if that solves the build issue" * Try to remove circleci cache to see if that solves the build issue * Generate yarn.lock from older yarn * Revert "Add node version output for debugging" * Add node version output for debugging * Lock down node version to see if we get rid of the circleci build issue * Lock down webpack to 4.19.1 to avoid issue with webpack-cli (https://github.com/webpack/webpack/issues/8082) * Bump react-select to 2.1.0 #13425 * Updated lockfile to get rid of build error #13425 * Add frontend filtering of users in user picker #13425 * Replace $white with a color working in both themes #13425 * Replace System.import() with import() to get rid of warning * Clean up css for react-select v2 #13425 * Upgrade Datasources-picker on Explore page #13425 * Enable trailing on the debounce in the TeamPicker (same as in UserPicker) #13425 * Update typescript notifications #13425 * Update (js-) tests and snapshots for react-select 2 #13425 * Remove variables not used #13425 * wip: Remove code for old react-select component #13425 * wip: The pickers are stateful nowadays, no need to pass in the current value #13425 * wip: Upgrade react-select #13425 * set v5.3 as root docs * disable permissions * whatsnew: adds image for Stackdriver * fixing weird arrow in select * update latest.json to 5.3.0 * changelog: set date for 5.3.0 release * fixing permission rows * changelog: add notes about closing #13575 * enable permissions for data source * Use correct naming convention * Fix typo * Provide more information about what's included in the Stackdriver plugin * changelog: add notes about closing #13575 * cloudwatch: return early if execute query returns error * fix tab switching * add test for automatically unit set * fix crach bug * fix id validation * refactoring after review comments * changelog: adds note for #13559 * added setting top hide plugins in alpha state * wip: fixed issues now things are starting to work as before for angular panels * pausing permissions list * Block graph queries from being queued until annotation datasource promises resolve * Redone with DataSourcePermissions * remove datasource permission admin for now * reverted AddPermissions * Explore: highlight typed text in suggestions * Update provisioning.md (#13572) * stackdriver: update docs, showing how to escape private key and use yaml multiline strings * modified AddPermissions component * set unit for CloudWatch GetMetricStatistics result * Remove duplicate labels in the datasource query * render drag handle only in edit mode * ux: minor update to look of stackdriver query help * changelog: adds note for #13495 * add gopkg.in/square/go-jose.v2 to dependencies, update github.com/hashicorp/yamux * adding permissions component * reverted back and using angular for settings and dashboards * stackdriver: improve filter docs for wildcards and regular expressions * stackdriver: always use regex full match for =~ and !=~operator * stackdriver: add tests from regex matching * stackdriver: always use regex full match for =~ and !=~operator * stackdriver: test build filter string * stackdriver: test that no interpolation is done when there are no wildcards * stackdriver: remove debug logging * stackdriver: add more tests * stackdriver: fix broken substring. also adds tests * stackdriver: remove not necessary helper functions * stackdriver: interpolate stackdriver filter wildcards when asterix is used in filter * stackdriver metric name fix. Fixes #13562 * Fixed nav model * fix for influxdb annotation issue that caused text to be shown twice, fixes #13553 * wip: restoring old angular panel tabs / edit mode * ux: final fixes to new datasource page * Fix text overflow on playlist search #13464 * docs: fix minor typos * ux: more minor ds setting tweaks * ux: more minor ds setting tweaks * ux: tweaks to add datasource page and datasource settings page * Fixed typo in query editor placeholder text. * Explore: do not show default suggestions after expressions * Explore: trigger a query field render to fix highlighting * Explore: compact state URLs * fix gofmt tests output * removed duplicate route * Use size-me to resize explore Graph, added types * algorithm to find new name if it exists * ux: misc react migration fixes and info box style improvement * docs: new variable type text box that allows free text input * docs: annotations tag filter with template variable support * docs: whats new in 5.3 - a few tweaks * mysql: note about connection max lifetime and wait_timeout * Explore: reset typeahead on cursor move * Explore: resize graph on window resize * Fix rate function hint for series with nulls * Extract query hints * Prevent Explore from updating when typing query * Avoid new metrics options being passed selector, made PromField pure * Perf on query field and typeahead * Dont rebuild datasource options on each render * contributing.md * changelog: add notes about closing #13326 * react-2-angular: added generic angular directive loader util that can be used from react * search data source types * mini fix * css: minor fix to search * bump master version to 5.4.0-pre1 * provisioning: adds more logging about failed to deletion of provisioned dashboards * various fixes and improvements * changelog: set date for 5.3.0-beta3 release * build: fix for invalid pathing for release publisher * changlog: adds note about closing #13551 and #13507 * new grid layout add data source * test: updated react snapshot * ux: minor tweak to link * stackdriver: adds missing nginject attribute * docs: better wording and docs links. * Fix issue with updating role permissions #13507 * fixed toggle buttons * dataproxy should forward a trailing slash to proxy * add datasource proxy test to verify trailing slashes are forwarded * centered dashboard icon in search with flexbox * mssql: fix tests * build: automatically publish releases to grafana.com. * updated after pr feedback * pkg/tsdb/postgres/postgres_test.go: pass context.Background() instead of nil * pkg/tsdb/mysql/mysql_test.go: pass context.Background() instead of nil * pkg/tsdb/mssql/mssql_test.go: pass context.Background() instead of nil * adjust mssql tests * pkg/tsdb/elasticsearch/client/client_test.go: pass context.Background() instead of nil * added data source type type * pkg/services/alerting/notifiers/telegram_test.go: pass context.Background() instead of nil * remove generic macros from macros_test and add integration test for generic macros * Revert "Revert "Org users to react"" * Revert "Org users to react" * add postgres test for global macros * add test * stackdriver heatmap support * added slow queries scenario to test data source, added new panel test dashboard with slow queries * Fix "appropriate"-typo * Update configuration doc to include socket at server * move timeFrom, timeTo, unixEpochFrom and unixEpochTo macros to sql_engine * wip: began work on support for testdata tables & annotations support * docs: connection limits for sql datasources * ux: put connection limits under own section * fiddling with validation * changelog: adds note about closing #13492 * view and route * wip: made sqlstore dialect accessable from outside * better comment about state changes * get or create alert notification should use transaction * use notification state id instead of notifier id * merges defaultShouldNotify and ShouldNotify * move version conflict logging for mark as complete to sqlstore package * removed duplicate route * improve local variable name * avoid exporting notificationState and notificationStateSlice * avoid sending full notification state to pending/complete * deleting obsolete things * Make max open, max idle connections and connection max life time configurable * snap * fix after merge from master * rename GetNotificationStateQuery to GetOrCreateNotificationStateQuery * reminder: uses UpdatedAt to track state changes. * snaps * invitees * changed from RFC to PureComponent * devenv: add postgres ha test config example * wip: going in circles * typo in sample.ini * pkg/tsdb/cloudwatch/credentials.go: Remove unnecessary variable assignment * pkg/cmd/grafana-server/main.go: '_ = <-ch' simplified to '<-ch' * pkg/tsdb/stackdriver/stackdriver_test.go: return simplified * Fix megacheck issue unused code. * invites table * Update ldap.md * use alert state changes counter as secondary version * wip: data source permissions hooks * docs: stackdriver version notice. * tests * added default prop instead of specifying prop * filter users in selector based on search * Moved explore helpers to utils/explore * Explore: jump to explore from panels with mixed datasources * functions and tests * cleanup alert_notification_state when deleting alert rules and channels * don't notify if notification state pending * remove unused code * stackdriver: set default view parameter to FULL * stackdriver: no tags for annotations (yet) * stackdriver: add help section for annotations * devenv: enable some debug logging for ha test setup * alert -> ok with reminders enabled should send * stackdriver: revert an accidental commit for text template variable * Added test for url state in Explore * Make Explore a pure component * first crude display * stackdriver: remove metric.category alias pattern * stackdriver: remove commented code * stackdriver: unit test group by and aggregation dropdown changes * stackdriver: make it impossible to select no aggregation when a group by is selected * Explore: Store UI state in URL * stackdriver: add relevant error message for when a user tries to create a template variable * stackdriver: make sure labels are loaded when service is changed in dropdown * stackdriver: change info logging to debug logging * stackdriver: change pattern for annotation to metric.value * stackdriver: add support for bscl values * stackdriver: add support for int64 values * stackdriver: use correct default value for alignment period * stackdriver: fix reducer names * fix set sent_at on complete * snaps * noop services poc * implemented general actionbar * handle pending and completed state for alert notifications * stackdriver: fix froamt annotation text for value * stackdriver: make it possible to use point values of type string * No need to get alert notification state in ShouldNotify * using constant * added no datasources added * stackdriver: broadcasting through $scope doesnt work anymore since query_filter_ctrl is now a sibling directive to query_aggregation_ctrl, so broadcasting is now done using $rootScope * wip: test get alert notification state * wip: send and mark as complete * components, test, removed old not used files * wip: impl so that get alertstate also creates it if it does not exist * fix: preloader element issue * Adding AWS Isolated Regions * wip * stackdriver: pattern formatting for annotations * stackdriver: fix alignment period bug * stackdriver: set first metric as selected if no metric could be retrieved from the target * stackdriver: wip annotation support * Compile TS of the whole project to detect type errors * stackdriver: update tests * stackdriver: es6 style directive, avoid using scope * deletez * refactoring: slight changes to PR #13247 * revert rename * stackdriver: fix typescript error * stackdriver: remove not needed alignment option * using constant * stackdriver: extract out filter, metric type directive * stackdriver: add unit tests to resolve unit function * rename to pluginlistitem * fixing types * stackdriver: convert most common stackdriver units to grafana units if possible * sqlstore: add support for checking if error is constraint validation error * rewrote to use react.sfc * explore: fixes to dark theme, fixes #13349 * Remove angular code related to API Keys and point the route to the React component #13411 * Open modal with API key information after key is added #13411 * Add tests for the reducers & selectors for API keys #13411 * Update test-snapshot, remove dead code #13411 * Add tests for ApiKeysPage #13411 * Add "search box" and a "add new" box to the new API Keys page #13411 * Pick up the type from app/types * Pick up the type from app/types * Move User type out of UserPicker and into app/types * wip: Reactify the api keys page #13411 * add support for mysql and postgres unique index error codes * implement sql queries for transactional alert reminders * stackdriver: fix typescript errors * stackdriver: pass interval from panel to backend * stackdriver: remove debug logging * stackdriver: update docs so that they align with alignment period rules in stackdriver gui * stackdriver: update alignment period rules according to stackdriver * stackdriver: set target to be raw query * stackdriver: publish docs to v5.3 (not root) * initial rename refactoring * changelog: adds note about closing #12534 * devenv: grafana high availability (ha) test setup * stackdriver: use more appropriate test data * Add goconst to CircleCI * fix: also set dashboard refresh to false * simplified fix for 12030 * prevent refresh on fixed time window * using more variables * stackdriver: fix broken test * stackdriver: workaround for the fact the jest definitions does not include not * stackdriver: docs update * stackdriver: WIP - implement stackdriver style auto alignment period. also return the used alignment period and display it in the query editor * stackdriver: distinct grafana auto from stackdriver auto in alignment period * stackdriver: use correct name for variable * stackdriver: remove montly from alignment periods * Added constant * tests * stackdriver: add alignemnt period * stackdriver: make sure service and metric display name is used instead of value when loading a saved query editor * alerting: move all notification conditions to defaultShouldNotify * stackdriver: use correct event name * stackdriver: fix broken tests * stackdriver: update aggregation and alignment before refreshing when changing metric * stackdriver: use correct naming convention * stackdriver: get value type and metric kind from metric descriptor instead of from latest metric result * filter NULL values for column value suggestions * changed to first and last child * imguploader: Add support for ECS credential provider for S3 * stackdriver: adds on-change with debounce for alias by field * cli: fix init of bus * Remove .dropdown-menu-open on body click fixes #13409 * stackdriver: improve aggregation logic * stackdriver: fix failing test * stackdriver: wip: split metric dropdown into two parts - resource and metric * first test * stackdriver: remove console.log * filter plugins and layout mode * stackdriver: typescriptifying controller * render list * stackdriver: break out aggretation logic into its own directive and controller. also adds tests for new dropdown population logic * Remove option r from ln command since its not working everywhere * fix: updated tests * using variable * Fix spelling of your and you're * Changed setting to be an alerting setting * created test for graph disclaimer * Remove non-existing css prop * fix: Legend to the right, as table, should follow the width prop. Removing css conflicting with baron's width calculation. #13312 * stackdriver: populate alignment and aggregation dropdowns based on metric type and value type * docs: postgres gif. * limit number of time series show in explore graph * docs: whats new for 5.3 * rendering: Added concurrent rendering limits * stackdriver: fix test after parameter added to constructor * stackdriver: skeleton for more query types on the backend * stackdriver: better error handling for getLabels * stackdriver: move getLabels from query_ctrl to datasource * Run all sql data source queries for one panel concurrently * removed border, cleaned up css and fixed class naming * devenv: fix uid for bulk alert dashboards * Explore: moved code to app/features/explore * target gfdev-prometheus datasource * stackdriver: fix bug when multiple projects connected to service account * devenv: adds script for creating many dashboards with alerts * stackdriver: refactoring - extract out filtersegments component * stackdriver: alias patterns WIP * Fix goconst issues * When stacking graphs, always include the y-offset so that tooltips can render proper values for individual points * provisioning: changed provisioning default update interval from 3 to 10 seconds * Update render.js * Update render.js * Fix https://github.com/grafana/grafana/issues/13387 metric segment options displays after blur * docs: improve oauth generic azure ad instructions * invalidate access token cache after datasource is updated * Fix datbase > database * Fix changed want md5 hash * Revert Fahrenheit to Farenheit * Fix some typos found by codespell * Fix misspell issues * fix: use same User-Agent header as in other places in grafana when making external requests * docs: changed Json Web Token wording to be just JSON key file * added beta notice * created switch button for org users that can toggle between users and invites * pkg/tracing/tracing.go: replace deprecated cfg.New function * stackdriver: remove WIP tests * pkg/services/sqlstore/user.go: empty branch * pkg/tsdb/elasticsearch/response_parser.go: simplify redundant code * pkg/tsdb/elasticsearch/client/search_request.go: simplify loop with append. * Explore: remove closing brace with opening brace * Explore: show series title in tooltip of legend item * Explore: dont rate-hint on rate queries * Explore: Fix metric suggestions when first letters have been typed * Fix misspelled authentication in Auth overview doc * fix reader linux test * resolve symlink on each run * stackdriver: add templating support for metric, filter and group by * wip: panel options idea2 * stackdriver: use group by fields to create default alias * make sure we don't add the slash twice * Update render.js * devenv: fix docker blocks paths * Updated phantomjs render script to take full height screenshots * devenv: re-add missing docker-compose files * Explore: Fix label suggestions for recording rules * Explore: Fix click to filter for recording rule expressions * Don't use unnest in queries for redshift compatibility * pkg/tsdb/elasticsearch/client/client.go: use time.Since instead of time.Now().Sub * pkg/plugins/dashboards_updater.go: Simplify err check * pkg/services/sqlstore/alert_notification.go: Simplify err check * remove the test that does not do anything * add the trailing slash * stackdriver: add custom User-Agent header * stackdriver: remove hardcoding of test project name * updated * set maxworkers 2 for frontend tests * removes codedov refs * disable codecov * add a test * Fix setting test * stackdriver: improve query look * moves /tests to /pkg/plugins * stackdriver: add alignment period to query controller * stackdriver: making sure we dont pass too big alignmentPeriods to the stackdriver api * stackdriver: fix broken tests * stackdriver: adds default value for alignment period * stackdriver: use alignment period that is passed from frontend. if set to auto, use value provided from the panel. also added tests for alignment period * stackdriver: use alignment that is passed from frontend in the query * stackdriver: adds advanced options collapse to query editor with the possibility to select secondary aggregation and alignment * removes testdata from getting started * stackdriver: fix init labels bug * moves benchmark script to devenv * moves docker/ to devenv/docker * changelog: adds note about closing #9735 * docs: add version disclaimer for postgres query editor * moves files from /tests to more appropriate folders * docs: template variable support for annotations * Update getting_started.md * pkg/services/sqlstore: Fix sess.Id is deprecated: use ID instead. (megacheck) * pkg/services/sqlstore: Fix x.Sql is deprecated: use SQL instead. (megacheck) * fix: increased team picker limit to 50, closes #13294 * rename folder * Add documentation for PostgreSQL query builder * stackdriver: improve query editor to handle no data better * stackdriver: fixes in query editor * stackdriver: type rename * display team member labels * new column for team_member table * fix hipchat color code used "no data" notifications * stackdriver: makes sure filter dropdown doesnt crash if clicked before values are loaded * fixes strange gofmt formatting * stackdriver: adds null check to query * gdev: added test dashboard for polystat panel * Explore: Add multiline syntax highlighting to query field * stackdriver: add support for filtering to backend * Hotfix for Explore (empty page after running query) * stackdriver: add filters to query editor * ldap: made minor change to group search, and to docs * stackdriver: fixes remove option in filter * dsproxy: add mutex protection to the token caches * metrics: starts some counters at zero * tech: remove all mobx stuff * stackdriver: wip - filters for query editor * stackdriver: adds remove group by option * stackdriver: improve segments for group bys in query editor * stackdriver: load time series meta data for group by dropdown * stackdriver: make sure distinct labels are returned. also added test * stackdriver: fix failing test * stackdriver: test get metric types * stackdriver: wip - group bys * stackdriver: update logo * stackdriver: ux for config page, docs updated * upload: make the button text configurable * stackdriver: add simple readme * stackdriver: reverse points array to be in ascending order * stackdriver: adds support for primary aggregations * stackdriver: better error handling and show query metadata * stackdriver: tests for parsing api response * stackdriver: add first test for parsing frontend queries * Stackdriver: Fix weird assignment * Stackdriver: Use metric type from query controller state * Stackdriver: Set target correctly * Stackdriver: Break out parse response to its own func * Stackdriver: Use ds_auth_provider in stackdriver. This will make sure the token is renewed when it has exporired * Stackdriver: Restructured ds proxy tests * stackdriver: fix test * Stackdriver: Add new file * Stackdriver: Start breaking out apply route to its own file * Stackdriver: Parsed url params * Stackdriver: Parse datapoints correctly * Stackdriver: Add backed query using * Stackdriver: Prettify json * Stackdriver: Move data to target * Stackdriver: Load example metric and start parsing response * Stackdriver: Exposing stackdriver backend api * Stackdriver: Use new access token API * Stackdriver: Temporary exporting token lookup * Stackdriver: Loads project name and metrics descriptions into the query controller * Stackdriver: Corrected field title and removed debug logging * Stackdriver: Removed debug logging * Stackdriver: Improved feedback for when a JWT is already uploaded in the ds config page * docs: first draft for stackdriver datasource * dsproxy: implements support for plugin routes with jwt file * Stackdriver: Added test for getProjects * Stackdriver: Refactored api call to google resource manager * Stackdriver: Add scope for google resource manager * Stackdriver: Fixed error message from google resource manager * Removes comment * Adds skeleton for loading projects from google resource manager * Adds unit tests to test datasource * Implemented datasource test * Fixed broken if statement * Adds jwt token signing google auth * Improved user experience * Upload: Fixing link function in directive * Adds poc code for retrieving google auth accesstoken * Build new stackdriver frontend script * Add stackdriver backend skeleton * Adds stackdriver frontend skeleton * Use datasource cache for backend tsdb/query endpoint (#13266) * added underline to links in table * fix: add permission fixes * test: added simple dashboard reducer test * feat: dashboard permissions are working * Fix gauge display accuracy for "percent (0.0-1.0)" * use pluginName consistently when upgrading plugins * removes old unused examples (#13260) * fix: added loading screen error scenario (#13256) * changelog: add notes about closing #11555 * Interpolate $__interval in backend for alerting with sql datasources (#13156) * anonymous usage stats for authentication types * disabling internal metrics disables /metric endpoint * wip: dashboard permissions to redux * renames PartialMatch to MatchAny * fix: add folder permission fix * fix: fixed tslint issue introduced in recent prometheus PR merge * Folder pages to redux (#13235) * folder permissions in redux * minor fix * fix test * add annotation option to treat series value as timestamp * wip: first couple of things starting to work * fix: added reducer test * Adhoc-filtering for prometheus dashboards (#13212) * docs: include active directory ldap example and restructure * First pass at a text based template var, getting feedback from devs * fix: url update loop fix (#13243) * wip: working on reducer test * fix: gofmt issues * fix: added loading nav states * redux: moved folders to it's own features folder * fix theme parameter not working problem while prefer theme set to light (#13232) * fix: added type export to fix failing test * fix: fixed typescript test error * mobx -> redux: major progress on folder migration * another circleci fix * Another circleci fix * changed gometalinter to use github master * commented out metalinter as gopkg is having issues * wip: folder settings page to redux progress * Fix prometheus label filtering for comparison queries (#13213) * Upgrade react and enzyme (#13224) * enable partial tag matches for annotations * put folder name under dashboard name, tweaked aliginments in search results * support template variables with multiple values * Teams page replace mobx (#13219) * renames jest files to match new convention * upgrade of typescript and tslint and jest (#13223) * fix nil pointer dereference (#13221) * removes protoc from makefile * wip: folder to redux * changelog: note about closing #11681 * Adding Centrify configuration for Oauth * wip: progress on redux folder store * wip: moving option tabs into viz tab * fix: changing edit / view fullscreen modes now work * actions for group sync * initial render/refresh timing issues * team settings * wip: began folder to redux migration * test for team member selector * flattened team state, tests for TeamMembers * refactor: moved stuff into new features dir manage-dashboards * move: moved styleguide to admin * fix: fixed singlestat test broken due to file move * moved folders from features into the main feature folder they belong to * Add jsonnet with grafonnet-lib to provisioning docs * fix: Dashboard permissions now shows correctly, fixes #13201 * redux: do not use redux logger middleware in production builds * Allow oauth email attribute name to be configurable (#13006) * Document required order for time series queries (#13204) * refactor: changed AlertRuleItem pause action to callback * Fix query builder queries for interval start * team members, bug in fetching team * renaming things in admin * graph legend: use refactored version of scrollbar, #13175 * Teampages page * refactoring: custom scrollbars PR updated, #13175 * scrollbar: use enzyme for tests instead of react-test-renderer * changelog: add notes about closing #13121 * fix code formatting * Fix quoting to handle non-string values * scrollbar refactor: replace HOC by component with children * graph legend: scroll component refactor * scrollbar refactor: replace HOC by component with children * adds usage stats for alert notifiers (#13173) * changelog: typo * docs: what's new in v5.3 placeholder * tests for withScrollBar() wrapper * tests for withScrollBar() wrapper * changelog: restructure and add 5.3.0-beta1 header * changelog: add notes about closing #13157 * wrapper for react-custom-scrollbars component * graph legend: use 'react-custom-scrollbars' for legend scroll * wrapper for react-custom-scrollbars component * docs: sql datasources min time interval * changelog: note about closing #10424 * docs: minor fixes * docs: Updated auth docs * docs: updated * spelling errors * make default values for alerting configurable * Adding Action to view the graph by its public URL. * changelog: order changes by group (ocd) * changelog: add notes about closing #13030 * added radix rule and changed files to follow rule (#13153) * set search query action and tests * docs: default paths in the docker container. * delete team * added only-arrow-functions rule and changed files to follow new rule (#13154) * load teams and store in redux * build: uses 1.1.0 of the build container. * creating types, actions, reducer * Only authenticate logins when password is set (#13147) * refatoring: minor changes to PR #13149 * Add min time interval to mysql and mssql * build: updated build-container with go1.11. * added no-conditional-assignment rule and changed files to follow new rule * fix test failures for timeInterval * document postgres min time interval * Add min time interval to postgres datasource * Changed functions to arrow functions for only-arrow-functions rule. (#13131) * mobx: removed unused SearchStore * fix: Updated test * redux: minor changes to redux thunk actions and use of typings * Reactify sidebar (#13091) * Changed functions to arrow functions for only-arrow-functions rule. * removed unused mobx state * changed functions to arrowfunctions for only-arrow-functions rule (#13127) * fix: fixed home dashboard redirect issue when behind reverse proxy, fixes #12429 (#13135) * tests * Changed functions to arrow functions for only-arrow-functions rule. * improve remote image rendering (#13102) * handle new variables created not yet added * changelog: add notes about closing #10095 * graph legend: implement series toggling and sorting * docs: postgres provisioning * changelog: adds note about closing #13125 * fixed title prefix, fixes #13123 (#13128) * Reopen log files after receiving a SIGHUP signal (#13112) * Fixed a bug in the test and added test for filter alert rules * graph legend: react component refactor * added Bitcoin as a currency option * added new-parens rule (#13119) * cli: avoid rely on response.ContentLength (#13120) * some basic selector tests * fixed testcase * pausing alert * docs: v5.2 upgrade notice, ref #13084 * changelog: add notes about closing #7330 * extend from purecomponent * remove log * actions and reducers for search filter * added rule use-isnan and and updated file to follow new rule (#13117) * added no-namespace and no-reference rules (#13116) * added no-angle-bracket-type-assertion rule and updatet files to follow rule (#13115) * Updated rules for variable name (#13106) * update wording and punctuation (#13113) * redux: improved state handling * redux: progress * wip: load alert rules via redux * refactor: changed nav store to use nav index and selector instead of initNav action * moving things around * Fix array display from url * wip: solid progress on redux -> angular location bridge update * wip: moving things around * wip: moveing things around * wip: redux refactor * pass timerange in meta data queries * ignore information_schema tables * added jsdoc-format rule and fixed files that didn't follow new rule (#13107) * set member-access and no-var-keyword to true, removed public in two files (#13104) * fix: for text flickering in animation on chrome on windows * graph legend: minor refactor * use quoting functions from MysqlQuery in datasource * render query from query builder * graph: make table markup corresponding to standards * graph: legend as React component * wip: redux * redux: wip progress for using redux * fixed so preloader is removed when app is loaded * removed console.log * separated fade-ins for logo and text, tweaked delays and timing for fade-in animations * docs: minor updates, more work to do * ux: minor fixes to loading screen * start implementing mysql query editor as a copy of postgres query editor * reset metric column when changing table * fix timeFilter resetting when changing table * when changing table, refresh panel once after columns have been changed * added pro-tip text, removed pro-tip link * fixed styling for background and text, added intro animation, added fade in to text * fix timecolumn handling when table changes * set default for timeGroup in query builder to $__interval * when changing table reset columns * fix metric column suggestions * fix suggestions for metric column * Return correct path for OpenBSD in cli's returnOsDefault (#13089) * updated changelog * New TV Mode, dashboard toolbar update (layout change & new cycle view mode button) (#13025) * added this:any to functions and changed functions to arrowfunctions * feat: loading css async & inline svg * Explore: keep query when changing datasources (#13042) * changed var to let in 50 files (#13075) * changed var to let in last files (#13087) * tsconfig: started on setting noImplicitThis to true * tsconfig: format file * document postgres version and TimescaleDB option * tslint: added 1 more rule, #12918 * tslint: added 2 more rules and removed unused component, #12918 * tslint: added a new tslint rule * added rule prefer const to tslint (#13071) * dep ensure (#13074) * hide Query Builder button for table panels * check for correct quoting of multiple singlequotes * changed var to const 2 (#13068) * changed var to const (#13061) * update latest.json to latest stable version * docs: corrected docs description for setting * remove min time interval from datasource config * remove unneeded queryOptions * changelog: add notes about 4.6.4 and 5.2.3 releases * fix quoting * strip quotes when auto adding alias * handle quoting properly for table suggestion * link to github instead * recheck timecolumn when changing table * update filter macro on time column change * string formating fixes * go fmt fixes * Moved tooltip icon from input to label #12945 (#13059) * added empty cta to playlist page + hid playlist table when empty (#12841) * changed from rotating to bouncing, maybe to much squash and stretch * Update provisioning.md * make default mode for table panels raw editor * improve description for timescaledb option * Review feedback. * use series matchers to get label name/value * changelog: add notes about closing #12865 * fixed so validation of empty fields works again * added a loading view with a spining grafana logo * fix handling of variable interpolation for IN expresions * tslint: tslint to const fixes part3 (#13036) * tslint: more const fixes (#13035) * tslint: changing vars -> const (#13034) * tslint: autofix of let -> const (#13033) * fix: minor fix to changing type * upgrades to golang 1.11 * wip: angular panels now have similar edit mode and panel type selection enabling quick changing between panel react and angular panel types * add min interval to postgres datasource * wip: major change for refresh and render events flow * fix: going from fullscreen fix * wip: minor fixes * copy and docs update for alert notification reminders * change/add tests for alerting notification reminders * wip: trying to align react & angular edit modes * WIP Update tslint (#12922) * changelog: add notes about closing #12952 #12965 * build: fixes rpm build when using defaults. * docs: reminder notifications update * changelog: add notes about closing #12486 * docs: changes * created a section under administration for authentication, moved ldap guide here, created pages for auth-proxy, oauth, anonymous auth, ldap sync with grafana ee, and overview, moved authentication guides from configuration to, added linksin configuration page to guides * fixed so animation starts as soon as one pushes the button and animation stops if login failed * added link to getting started to all, changed wording * tests: fix missing tests (with .jest suffix) * docs: alerting notification reminders * update copy/ux for configuring alerting notification reminders * heatmap: fix tooltip bug in firefox * fix tableSegment and timeColumnSegment after table suggestion * Update notifications.md * sql: added code migration type * changelog: add notes about closing #11890 * Explore: Apply tab completion suggestion on Enter (#12904) * Show min-width option only for horizontal repeat (#12981) * Fix bulk-dashboards path (#12978) * add suggestions for reminder frequency and change copy * don't write to notification journal when testing notifier/rule * remove unnecessary conversion (metalinter) * fix after merge with master * Refresh query variable when another variable is used in regex field (#12961) * Webpack tapable plugin deprecation (#12960) * unify quoting * dsproxy: interpolate route url * prefill editor with first metric table * only allow 1 filter macro in where clause * fix timeColumnType assignment * make suggested filter macro depend on type * use unixEpochGroup macro for unix timestamp * alerting: inline docs for the slack channel. * Replacing variable interpolation in "All value" value * changelog: add notes about closing #12229 * cleaning up test data * changelog: add notes about closing #12892 * docs: es versions supported * devenv: update sql dashboards * when value in variable changes, identify which variable(s) to update * removed inverse btn styling and added bgColor to generic oauth and grafana.com login buttons, added styling so log in button uses dark theme inverse btn styling both for dark and light theme * suggest operators depending on datatype * Doc - fix title level * Update doc about repeating panels * Doc - fix broken link * build: beta versions no longer tagged as latest. * docs: cleanup. * docs: docker and restarts. * update persisted parts on param change * persist datatype information * Don't do value suggestions for numeric and timestamp * created a class for loading buttons, added a button for when login slow on login page * rename postgres_query.jest.ts to .test.ts * fix variable escaping * autodetect timescaledb when version >= 9.6 * build: duplicate docker run-script removed. * detect postgres version for saved datasources * Set User-Agent header in all proxied datasource requests * use pointer cursor for buttons in query editor * docs: cloudwatch dimensions reference link. * require postgres 9.4+ for ordered set aggregate functions * add postgres version to datasource config * only show first/last aggregate when timescaledb is enabled * keep jsonData in PostgresDatasource * docs: remove message property in response from get alerts http api * changelog: add notes about closing #5623 * build: cleanup * should allow one default datasource per organisation using provisioning * build: fixes rpm verification. * docs: add grafana version note for gitlab oauth * docs: gitlab: add note about more restrictive API scope * social: gitlab_oauth: set user ID in case email changes * docs: document GitLab authentication backend * social: add GitLab authentication backend * build: verifies the rpm packages signatures. * changelog: add notes about closing #12224 * added guide for logging in to grafana for the first and how to add a datasource * docs: update * feat: add auto fit panels to shortcut modal, closes #12768 * changelog: add notes about closing #12680 * docs: update postgres provisioning * Remove dependencies * Rename test files * changelog: add notes about closing #12598 * add version disclaimer for TimescaleDB * document TimescaleDB datasource option * Use variable in newPostgresMacroEngine * Remove Karma scripts and docs * changelog: add notes about closing #10705 * fix: ds_proxy test not initiating header * Don't pass datasource to newPostgresMacroEngine * Remove tests and logs * Fix for Graphite function parameter quoting (#12907) * don't render hidden columns in table panel (#12911) * fix: added missing ini default keys, fixes #12800 (#12912) * refactor timescaledb handling in MacroEngine * change: Set User-Agent to Grafana/%Version% Proxied-DS-Request %DS-Type% in all proxied ds requests * Remove comment * Cleanup * All tests passing * Class to function. Half tests passing * Karma to Jest: graph (refactor) (#12860) * tech: removed js related stuff now that 99% is typescript (#12905) * Add React container * changelog: add notes about closing #12805 * fix redirect to panel when using an outdated dashboard slug (#12901) * Add commit to external stylesheet url (#12902) * build: increase frontend tests timeout without no output * fix: Alerting rendering timeout was 30 seconds, same as alert rule eval timeout, this should be much lower so the rendering timeout does not timeout the rule context, fixes #12151 (#12903) * changelog: add notes about closing #12476 * now hides team header when no teams + fix for list hidden when only one team * Rename to HeatmapRenderer * Mock things * Explore: Fix label filtering for rate queries * add $__unixEpochGroup to mssql datasource * add $__unixEpochGroup to mysql datasource * Add $__unixEpochGroup macro to postgres datasource * changed const members to filteredMembers to trigger get filtered members, changed input value to team.search (#12885) * get timecolumn datatype on timecolumn change * changelog: add notes about closing #12882 * Removes link to deprecated docker image build * Add mocks * fix datatype query * Changelog update * docker: makes it possible to set a specific plugin url. * Add support for $__range_s (#12883) * Refactor setting fillmode * Update dashboard.md * Fix typo * Explore: label selector for logging * Replace element * Rewrite heatmap to class * Explore: still show rate hint if query is complex * Explore: Filter out existing labels in label suggestions * Add note for #12843 * Fix initial state in split explore * replaced with EmptyListCta * Begin conversion * changed messaging * mention time_bucket in timescaledb tooltip * keep legend scroll position when series are toggled (#12845) * replaced confirm delete modal with deleteButton component in teams members list * [wip]added empty list cta to team list, if statement toggles view for when the list is empty or not * Update NOTICE.md * Fix padding for metrics chooser in explore * fix rebase error * revert passing ctrl to testDatasource * change timescaledb to checkbox instead of select * add timescaledb option to postgres datasource * build: fixes png rendering in the docker based docker-image build. * remove duplicated /tmp entry in .dockerignore * move run script, update README * produce an image compatible with grafana-docker * More efficient builds and some fixes to the Go binaries * Simple Docker-based build option * Add example OR search_filter to docs * Explore: expand recording rules for queries * Explore: Query hints for prometheus (#12833) * Convert URL-like text to links in plugins readme * skip target _self to remove full page reload * use uid when linking to dashboards internally in a dashboard * add previous fill mode to query builder * added more info about the teams * removed mock-teams, now gets teams from backend * changelog: add notes about closing #12756 * add api route for retrieving teams of signed in user * devenv: update sql dashboards * team list for profile page + mock teams * changelog: add notes about closing #11270 * Fixing bug in url query reader and added test cases * fix missing * * rename last fillmode to previous * change fillmode from last to previous * return proper payload from api when updating datasource * Review feedback * changelog: update #12768 * Remove window * Fix url param errors * Explore: Metrics chooser for prometheus * Add clear row button * Add clear button to Explore * Explore: show message if queries did not return data * Fix closing parens completion for prometheus queries in Explore (#12810) * Update ROADMAP.md * Update ROADMAP.md * Update ROADMAP.md * switched to lowercase * replaced escape() call, renamed formatter to be more expressive * Smaller docker image (#12824) * build: failing to push to docker hub fails the build. * Reversed history direction for explore * Explore: Add history to query fields * unix socket docs * Explore: facetting for label completion (#12786) * docs: how to build a docker image. * Remove Karma test * All tests passing * Add mock constructor * Begin conversion * Convert query control * Convert datasource * refactor: take submenu into account PR #12796 * refactor: renaming variables, refactoring PR #12796 * refactor: moving code around a bit, refactoring PR #12796 * Remove weird import * Disable submenu when autopanels is enabled * Extract to own method * Use and add keybard shortcut * Add temporary url parameter * Replace floor with round * Go with just single margin compensation * Add margin and padding compensation * Remove weird import * Fit panels to screen height * dont break default parameters for functions * fix suggestion query * renamed slate unit tests to .jest.ts * Remove simple tests * Support client certificates for LDAP servers * Begin conversion * Add click on explore table cell to add filter to query (#12729) * dont order for aggregate * build: makes it easier to build a local docker container. * add moving average to query builder * adjust frontend test * use $__timeGroupAlias macro * specify grafana version for last fill mode * add fillmode "last" to sql datasource * build: disables external docker build for master and release. * build: complete docker build for master and releases. * build: removes unused args to docker build. * build: imported latest changes from grafana-docker. * build: attach built resources. * build: builds docker image from local grafna tgz. * build: new workflow for PR:s and branches. * docker: inital copy of the grafana-docker files. * changelog: add notes about closing #1823 #12801 * Add auto_assign_org_id to defaults.ini * changelog: add notes about closing #12749 * changelog: add notes about closing #12766 * adjust test dashboards * remove info logging * added two new classes for color, fixed so link has value color * changelog: add notes about closing #12063 * Add new Redshift metrics and dimensions for Cloudwatch datasource * changelog: add notes about closing #12752 * changelog: update * Improve iOS and Windows 10 experience (#12769) * add series override option to hide tooltip (#12378) * changelog: add notes about closing #12785 * removed table-panel-link class * removed table-panel-link class and add a class white to modify table-panel-cell-link class * add warning when switching from raw sql mode * add more prominent button for switching edit mode * document $__timeGroupAlias * add $__timeGroupAlias to mysql and mssql * fix custom variable quoting in sql* query interpolations * add compatibility code to handle pre 5.3 usage * Change to arrow functions * Add all tests to one file * changelog: add notes about closing #12561 * Remove angularMocks * All tests passing * replaced style with class for links * Add $__timeGroupAlias to postgres macros * adjust test dashboards * remove alias from postgres $__timeGroup macro * changelog: add notes about closing #12762 * fix: team email tooltip was not showing * fix: test data api route used old name for test data datasource, fixes #12773 * removed a blank space in div * fixed color for links in colored cells by adding a new variable that sets color: white when cell or row has background-color * changelog: add notes about closing #12300 * Weird execution order for the tests... * fixed test result * added urlescape formatting option * changelog: add notes about closing #12744 * changelog: add notes about closing #12727 * add aws_dx to cloudwatch datasource * also fixed "Watt per square metre" * fixed that missing one * add version note to metric prefix and fix typo * devenv: update sql dashboards * mssql: update tests * fix usage of metric column types so that you don't need to specify metric alias * Begin conversion * changelog: update * changelog: add notes about closing #12747 * Add missing tls_skip_verify_insecure (#12748) * rename special to windows * add first and last support * refactor function handling in query builder * refactor column function handling * consistent nameing fro group and select * mssql: add logo * add tests for metric column prefix to mssql * add metric column prefix test for mysql * document metric column prefix in query editor * document metric column prefix for mysql and mssql * Remove extra mock * Karm to Jest * correct volume unit * Remove lo * Test passing. Remove Karma * adjust metric prefix code to sql engine refactor * add testcase for metric column as prefix * Use metric column as prefix * Fix emit errors * Fix test * Add async/await * refactor schema query generation * removed unused class from the deletebutton pr * frontend part with mock-team-list * Update test for local time * update devenv datasources and dashboards for sql datasources * Begin conversion * use const for rowlimit in sql engine * Cleanup * Remove Karma file * All tests passing * All except one passing * remove tableschema from query builder ui * changelog: add notes about closing #12731 * elasticsearch: support reversed index patterns * update devenv datasources and dashboards for sql datasources * mssql: use new sql engine * mysql: use new sql engine * postgres: use new sql engine * refactor sql engine to make it hold all common code for sql datasources * Pass more tests * Refactor Explore query field (#12643) * Begin conversion * All tests passing. Remove Karma test. * Almost all tests passing * Add tslib to TS compiler * docs: using interval and range variables in prometheus * Two passing tests * Update Configuration.md * Start conversion * changelog: add notes about closing #12533 * changelog: add notes about closing #12668 * changelog: update * changelog: add notes about closing #12668 * fix for typeahead background, increased lighten * added position absolute and some flexbox so I could remov changes in display and setTimeout, added tests and types, did some renaming * fix invalid reference * minor fixes * fix failing test due to time diff issues * Remove comments * remove unneeded comment * Remove old influx stuff * changelog: add notes about closing #12489 * changelog: add notes about closing #12551 * changelog: add notes about closing #12533 * Karma to Jest * Begin conversion * changelog: add notes about closing #12589 * changelog: add notes about closing #12636 #9827 * Remove influx qeury_ctrl jest, as it is already completed * Test fail depending on test order * Karma to Jest: begin influx query_ctrl * Make beautiful * Karma to Jest: completer * Remove comments and Karm test * Karma to Jest * Pass more tests * changelog: add notes about closing #12644 * fix code style * docs: mentation that config changes requires restart. * return 400 if user input error * changing callback fn into arrow functions for correct usage of this (#12673) * Fix requested changes * Add templating docs for * Add docs about global variables in query template variables * Figuring out why it doesn't initialize * Add support for interval in query variable * Add jest file * Change to arrow functions * Add graph_ctrl jest * changelog: add notes about closing #12691 * Update kbn.ts * Add jest test file * Id validation of CloudWatch GetMetricData * Fix timezone issues in test * fix window function query without group by * changelog: adds note for #11487 * add order by to metadata queries * set explicit order for rate and increase * escaping ssl mode on postgres param * fix pre gui queries shortcircuit * Add unit test for InfluxDB datasource * Support timeFilter in templating for InfluxDB * Datasource for Grafana logging platform * removed blue-dark variable with blue-light in light-theme, blue variable now has same value as blue-dark had before, should fix issue with any low contrast issues with blue in light-theme, this made query-blue variable unnecessery removed it, added variable for variable dropdown highlight background * removed import appEvents * built a component for delete button in tables, instead of using a modal to confirm it now does it in the row of the table, created a sass file for the component, the component uses css transitions for animation * fix: postgres/mysql engine cache was not being used, fixes #12636 (#12642) * added: replaces added to grafana * fix: datasource search was not working properly * add groupby when adding first aggregate * docs: minor docs fix * Fix label suggestions in Explore query field * pluginloader: expose flot gauge plugin * alert: add missing test after refactor * Handle query string in storage public_url (#9351) (#12555) * HTTP API documentation +fix when updating a playlist (#12612) * Explore: calculate query interval based on available width * Use url params for explore state * Dont parse empty explore state from url * Fix default browser th font-weight * Adding eval_data to alerts query results * ldap: Make it possible to define Grafana admins via ldap setup, closes #2469 * nginx: update to docker block * minor fix for legacy panels * Remove string casting for template variables in prometheus * ldap: docker block readme update * Make prometheus value formatting more robust * Update README.md * Devenv testdata dashboards (#12615) * fix test for query generation * dont run queries if target has no table set * add query to find metric table * add popover for metric column * rename PostgresQueryBuilder to PostgresMetaQuery * dont expand variables in rawSql * filter datatype for groupby suggestions * fix rate special function when using group by * remove unused import * refactor adding sqlPart * remove render code from sql_part * fix bug in query generation with metricColumn * refactor PostgresQuery * refactor PostgresQueryCtrl * refactor PostgresQueryCtrl and PostgresQuery * refactor addGroupBy and removeGroupByPart * use let for variable declaration * Add templateSrv to PostgresQuery tests * add tests for query generation * Reverted $q to Promise migration in datasource_srv * Allow settting of default org id to auto-assign to (#12401) * Remove unused SASS variables (#12603) * fix: panel embedd scrolbar fix, fixes #12589 (#12595) * fix tests for postgres datasource * Set datasource in deep links to Explore * send timerange with metricFindQuery * Explore Datasource selector * changed you to your (#12590) * indent generated SQL * Add comments * Fix freezing browser when loading plugin * handle counter overflow and resets in rate * partition by metricColumn when using increase * add rate and increase special functions * wip: another baby step, another million to go * skip backend request if extended statistics is invalid. (#12495) * Refactor team pages to react & design change (#12574) * (prometheus) prevent error to use $__interval_ms in query (#12533) * fix: folder picker did not notify parent that the initial folder had been changed, fixes #12543 (#12554) * Add support for skipping variable value in URL, fixes #12174 (#12541) * Update mac.md * Update windows.md * Update rpm.md * Update debian.md * Don't build-all for PRs * Refactor value column SQL generation * Refactor metric column sql generation * fix: requests/sec instead of requets (#12557) * Add folder name to dashboard title (#12545) * Fix css loading in plugins (#12573) * Refactor group by query generation * Refactor where clause generation * refactor SQL generation for value columns * Refactor time column sql generation * Refactor render function on PostgresQuery * prepare sql part for special functions * set query gui as default handle old panels gracefully * Added BurstBalance metric to list of AWS RDS metrics. * dont throw exception for unknown types * Prevent scroll on focus for iframe * add alias when adding group by * Add new sequential color scales * add aggregates when adding group by * add column alias when add aggregate function * move go vet out of scripts and fixing warning (#12552) * fix enter in sql_part_editor * fix editing expression parts * wip: you can now change panel type in edit mode * rename inputBlur to switchToLink * react panels: working on changing type * Cleanup and remove some jest.fn() * fix spelling * add current value to dropdown if its not in resultset * Revert "show current value in dropdown when its not part of list" * Remove irrelevant tests and templateSrv stub * show current value in dropdown when its not part of list * redid redux poc, old branch was to old and caused to many conflicts * wip: redux poc * fix diff and percent_diff (#12515) * improve error message * generate unique id when variable is multi * support GetMetricData * dep ensure * update aws-sdk-go * Update lodash/moment version (#12532) * fix: minor css change * wip: minopr progress on react panel edit infra * Tabs to spaces in tslint (#12529) * wip: minor progres on react panels edit mode * add None to metric column suggestions * handle pre query gui queries gracefully * dont break on panels that dont have rawQuery set * refactor transformToSegments * devenv: updated devenv provision scripts * wip: viz editor started * ux: minor fix/tweak to inactive view mode, think logo should be visible & fixes dashboard title alignment * changelog: add notes about closing #12379 * Fix datasource sorting with template variables * another baby step * changelog: add notes about closing #12484 * changelog: add notes about closing #12506 * rename quoteLiteral to quoteIdentAsLiteral * changelog: add notes about closing #12506 * fix links not updating after changing variables * remove unused function removeSelect * put updateParam back in * fix where clause generation * remove hardcoded $__timeFilter, make macros functional in where clause * remove dead code, make label more flexible * fix constraint removal * react-panels: minor progress on data flow * dont autoquote, suggest quoted values if requried * prometheus heatmap: fix unhandled error when some points are missing * fix caret for help button is ds http settings * do not autoquote identifiers * fix group by ui * changelog: add notes about closing #11618 #11619 * fix where constraint handling * remove dead code from sql_part fix where clause query generation * Add mock to test files * Create new instance in beforeEach * Remove comments * Karma to Jest: Cloudwatch datasource * Karma to Jest: MySQL datasource * Karma to Jest: postgres datasource * Basic cleanup * Add mocks in test file * Remove q and stub * Add Jest stubs * Remove async * Remove logs and comments * Start elastic ds test conversion * run enterprise build only on master for now * refix the settings indentation * update stats admin doc * fix json indentation * include where constraints in query generation * remove unnecessary conversions * rearrange elements of query builder * mv query_part to sql_part * changelog: update * changelog: add notes about closing #11818 * changelog: add notes about closing #12460 * changelog: add notes about closing #8186 * changelog: add notes about closing #12379 * changelog: add notes about closing #12362 * devenv: open ldap docker block now prepopulating data with correct member groups * ci: Only publish grafana enterprise packages tagged with enterprise. * Make table sorting stable when null values exist (#12362) * Fix bar width issue in aligned prometheus queries (#12483) * correct example (#12481) * ldap: improved ldap test env with more structured users and groups * test: fixed usage of wrap in tests. * ci: typo * ci: publishes grafana enterprise to s3. * refactoring: making api wrap public * refactoring: enterprise build/hooks refactorings (#12478) * Karma to Jest: datasource_srv (#12456) * fix: #12461 introduced issues with route registration ordering, adding plugin static routes before plugins package had been initiated (#12474) * omit extra template refresh (#12454) * wip: minor progress on DataPanel * Improve extensions build. (#12461) * [mysql] fix $__timeGroup rounding (#12469) * [mssql] fix $__timeGroup rounding (#12470) * [postgres] fix timeGroup macro rounding (#12468) * pkg/social/github: Allow changing of userinfo data (#12471) * notifications: dont return error if one notifer failed * use sqlPart for ui parts * avoid calling os.Exit outside main.go (#12459) * update mysql/mssql query/annotation help sections * docs: update folders api * Changed documentation for MSSQL and MySQL to reflect macro changes * docs: update scripted dashboard for v5 * docs: update scripted dashboard for v5 * docs: update organisation http api * docs: upd windows installation * notifications: send notifications synchronous * notifications: read without tran, write with tran * registry: adds more comments * registry: adds comments to interfaces * changelog: update * changelog: update * changelog: add notes about closing #12438 * alerting: only log when screenshot been uploaded * fixes typos * Reverted yarn.lock to master * Used PostgreSQL TSDB as a model the set up the __timeFilter, __timeFrom, and __timeTo macros for Microsoft SQL and MySQL * changelog: add notes about closing #12444 * Revert "auth proxy: use real ip when validating white listed ip's" * changelog: adds note for #11892 * changelog: add notes about closing #12430 * fix footer css issue * Karma to Jest: 3 test files (#12414) * fix: log close/flush was done too early, before server shutdown log message was called, fixes #12438 * react panels wip * Karma to Jest: value_select_dropdown (#12435) * support passing api token in Basic auth password (#12416) * Add disabled styles for checked checkbox (#12422) * changelog: add notes about closing #11920 * changelog: add notes about closing #11920 * changelog: update * docs: upd what's new in v5.2 * docs: update index with link to what's new in 5.2 instead of 5.0 * wip: react panels editor mode, tabs working * changelog: add notes about closing #12385 * react panels wip * feat: panels v2, metrics-tab loading * docs: upd what's new in v5.2 * docs: upd what's new in v5.2 * login: fix layout issues * build: yarn should be included out of the box on circle ci * notifier: handle known error first * ensure that if the dasboardID is negative, it will not bypass the checking of the right (#12398) * changelog: add notes about closing #11968 * Webpack 4 (WIP) (#12098) * Make pre/postfix coloring checkboxes inactive when gauge is active * removes unused return object * handle "dn" ldap attribute more gracefully (#12385) * Update ROADMAP.md * Fix typo * Switched MySQL and MSSQL macros for timeFilter and related to use BETWEEN and calculate UNIX time server side instead of database side. Fixes #11618 #11619 * docs: update installation instructions * routing: raise panic if duplicate routes are added * routing: allows routes to be added to existing groups * changelog: add notes about closing #11868 * enhance error message if phantomjs executable is not found * fix: annnotation api & sql issue * changelog: add notes about closing #12248 * set correct text in drop down when variable is present in url using key/values * Light improve of massive delete annotation api (#12390) * Fix 12248 * Fixing wrong /public path, relative to the webpack.dev script, that would avoid webpack from cleaning previous builds. (#12351) * changelog: add notes about closing #12383 * changelog: adds note about closing #12313 * Return a 404 when deleting a datasource through the API if it doesn't exist and add a test for it to confirm #12313 * Set $rootScope in DatasourceSrv * Add options to colorize prefix and postfix in singlestat * devenv: adds dashboard with multiple rows * changelog: adds note about closing #10971 * Pass configured/auth headers to a Datasource. * Karma to Jest: history_ctrl. .gitingore: .vs/ * changelog: add notes about closing #12359 * build: fix signing of multiple rpm packages * docs: what's new in v5.2 and docker installation updates * tech: adds comments about route register code * changelog: add notes about closing issue * Karma to Jest: history_ctrl. Update version: ts-jest * changelog: add notes about 5.2.0-beta2 * changelog: add notes about closing #12240 * changelog: add notes about closing #12256 * changelog: add notes about closing #11792 * changelog: add notes about closing #12315 * dashboard: fix drop down links * wip: react panels, query editor loading from react PanelEditor view * fix regressions after save modal changes of not storing time and variables per default * wip: react panel minor progrss * updated * Karma to Jest: history_srv (#12341) * react panels minor progress * make sure to process panels in collapsed rows when exporting dashboard * changelog: add notes about closing #3132 * docs: update installation instructions * react panel minor progress * ldap: add note about config in Grafana * ldap: add note to dockerfile * changelog: add notes about closing #12343 * docs: Plugin review guidelines and datasource auth pages * remove unused argument in default scenario of guardian test * fix: fixed permission issue with api key with viewer role in dashboards with default permissions * wip: react panel makeover mini progress * Karma to Jest: time_srv (#12303) * Karma to Jest: team_details_ctrl (#12321) * Fix error in InfluxDB query * expose functions to use sessions * changelog: adds note about closing #11607 * test commit for checking github permissions * changelog: add notes about closing #12278 * changelog: add notes about closing #11076 * snapshot: copy correct props when creating a snapshot * added comment to reason the id tag * set current org when adding/removing user to org * changelog: add notes about closing #10707 * Include the vendor directory when copying source in to Docker (#12305) * changelog: adds note about closing #12199 * adds tests for journaling sql operations * use epoch to compare timestamp * adds inTransactionCtx that calls inTransactionWithRetryCtx * merge create user handlers * transactions: start sessions and transactions at the same place * adds info about eval/reminder interval * tests for defaultShouldNotify * cloudwatch: handle invalid time range * notifications: make journaling ctx aware * make sure to use real ip when validating white listed ip's * Adding Cloudwatch AWS/AppSync metrics and dimensions * notifications: gather actions in one transaction * changelog: adds note about closing #12286 * sql: adds tests for InTransaction * bus: noop should still execute fn * removes unused code * bus: Dispatch now passes empty ctx if handler require it * bus: dont start transaction when creating session * bus: dont mix ctx/classic handlers * bus: DispatchCtx can now invoke any handler * refactoring: renamed AddCtxHandler to AddHandlerCtx PR #12203 * refactoring: transaction manager PR #12203 * fixes typo in code * check if admin exists or create one in one transaction * replace begin/end with wrapper function * bus: support multiple dispatch in one transaction * docs: adds info about grafana-dev container * changelog: add notes about closing #12282 * Added Litre/min and milliLitre/min in Flow (#12282) * remove papaparse dependency * list name is deleteDatasources, not delete_datasources * remove internal influx ifql datasource * Document the endpoint for deleting an org * tests: rewrite into table tests * influxdb: adds mode func to backend * Fix queryfield wrapper css * Fix Queryfield metrics field missing * batch DOM reads from query field typeahead * hint support for typeahead * Make suggestions an object * Trigger typeahead on Ctrl-Space * refactor Explore query field * changelog: add notes about closing #11484 * changelog: add notes about closing #11233 * Remove import * Fix PR feedback * Removed papaparse from external plugin exports * Karma to Jest: query_builder * dsproxy: move http client variable back * Karma to Jest: threshold_mapper * Expose react and slate to external plugins * Karma to Jest: threshold_manager * Karma to Jest: query_def, index_pattern * Remove import * Karma to Jest: elastic_response * changelog: notes about closing #12189 * #11607 corrected file cleanup test * #11607 removed unnecessary conversion (from gometalinter) * Improve test readability * #11607 fixed formatting * #11607 Cleanup time of temporary files is now configurable * moved link icon in panel header * Karma to Jest: playlist_edit_ctrl * Karma to Jest: exporter * Update graphite.md * changelog: add notes about closing #10796 * added id tag to Panels for html bsckmarking on longer Dashboards * dashboard import to folder: minor fixes * Docs: output location from build script * Correct Provisioning documentation link * dsproxy: allow multiple access tokens per datasource * Mock core in jest-setup * Docs: Update Build from Source * Convert tests from Karma to Jest * changelog: add notes about closing #11963 * save-modal save button (#12047) * Karma to Jest: graph-tooltip * removed QueryOptionsCtrl references * update latest.json to 5.1.3 * use ng-if * hot-fix ifql testdatasource() * triggers grafana-docker master build * changed som variables to values so it's the same for dark and light theme, added special styling for login text, link and input (#12196) * mattn/go-sqlite3 v1.6.0 to v1.7.0 * changelog: add notes about closing #11074 * fixed so panel title doesn't wrap and (#12142) * graph: fix legend decimals precision calculation * Use Passive eventListener for 'wheel' (#12106) * removes more unused code * removes unused code * nicer collapsed row behaviour (#12186) * remove DashboardRowCtrl (#12187) * add panel on enter * autoFocus the search filter * adds missing return statement * Fix typo: eleasticsearch -> elasticsearch (#12184) * Annotations support for ifql datasource * dashboard: improve import UX for non-editor users * Template variable support for ifql datasource * Use cut to trim down the SHA1. * show import menu in sidenav, dashboard search and manage dashboards page * Fix metrics panel test by adding config mock * Respect explore settings in config ini * Add .html to webpack.hot resolve extensions * Version the tarball uploaded to s3 and tell the next step about it. * dashboard: import into current folder from manage folder page * dashboard: add Import button to manage page * dashboard: import to folder * Query helpers for IFQL datasource * alerting: fixes broken table rename * docs: docker secrets available in v5.2.0 * Remove round-robin urls in ifql DS * IFQL range variable expansion * alerting: renames journal table to alert_notification_journal * alerting: move queries from evalcontext to notifier base * alerting: invert sendOnce to sendReminder * changelog: add notes about closing #11657 * alerting: remove zero units from duration * alerting: only check frequency when not send once * always show server admin link in sidenav if grafana admin * update google auth config docs * changelog: add notes about closing #11525 * fix: fixed problem with expanding access mode help in ds settings * dep: use master branch for plugin model * alerting: fixes invalid error handling * fixed so default is all and general only show dashboards * changelog: add notes about closing #11882 * added s to folderId in params * renamed variable in tests * added comment, variableChange -> variableValueChange * added a test * added if to check if new variable has been added * Gravatar fallback does not respect 'AppSubUrl'-setting (#12149) * change admin password after first login * changelog: adds note about closing #11958 * revert: reverted singlestat panel position change PR #12004 * Revert "provisioning: turn relative symlinked path into absolut paths" * provisioning: turn relative symlinked path into absolut paths * changelog: adds note about closing #11670 * elasticsearch: sort bucket keys to fix issue wth response parser tests * docs: what's new in v5.2 * made folder text smaller * Implement code review changes * Bug fix for repeated alerting even on OK state and add notification_journal cleanup when alert resolves * Fix tests * Fix multiple bugs * Revert changes post code review and move them to notification page * Feature for repeated alerting in grafana * InfluxDB IFQL datasource * changelog: add notes about closing #11167 * docs: docker secrets support. (#12141) * alerting: show alerts for user with Viewer role * datasource: added option no-direct-access to ds-http-settings diretive, closes #12138 * provisioning: adds fallback if evalsymlink/abs fails * tests: uses different paths depending on os * renames intervalSeconds to updateIntervalSeconds * changelog: add notes about closing #5893 * removed italic * changelog: add notes about closing #11500, #8168, #6541 * Alert panel filters (#11712) * docs: update alerting docs with alerting support for elasticsearch * added span with folder title that is shown for recently and starred, created a new class for folder title * provisioning: makes the interval for polling for changes configurable * provisioning: only update dashboard if hash of json changed * remove dead code * elasticsearch: minor refactor * changelog: update * changelog: add notes about closing #10748, #8805 * save modal ux improvements (#11822) * changelog: add notes about closing #11515 * provisioning: only provision if json file is newer then db * Guard /explore by editor role on the backend * make path absolute before following symlink * provisioning: follow symlinked folders * test: fixes broken test on windows * changelog: add notes about closing #11771 * changelog: add notes about closing #11971 * Fix singlestat threshold tooltip (#12109) * build: only runs db related tests on db. * build: integration testing postegres on ci. * build: mysql integration testing on ci. * Fix karma tests that rely on MetricsPanelCtrl * changelog: Second epochs are now correctly converted to ms. * Fix panel menu test * Restrict Explore UI to Editor and Admin roles * Fix CSS to hide grid controls in fullscreen/low-activity views * changelog: add notes about closing #11645 * Support InfluxDB count distinct aggregation (#11658) * provisioning: enable relative path's * changelog: note about closing #11858 * devenv: improve readme * provisioning: place testfiles within testdata folder * changelog: add notes about closing #11494 * Add new regions to handleGetRegions function (#12082) * PR: minor change to PR #12004 before merge * fix: refactoring PR #11996 and fixing issue #11551 16706hashkey in json editors * devenv: script for setting up default datasources * tech: updated react-grid-layout to latest official release, closes #12100 * Fix cache busting for systemjs imports for plugins * devenv: scripts for generating many unique dashboards * docker: new block for elasticsearch6 * changelog: add notes about closing #12087 * sql: seconds epochs are now correctly converted to ms. * add validation of uid when importing dashboards * fix: add track by name in annotation list to avoid $$hashKey in json * changelog: adds note about closing #9703 * go fmt fixes * configure proxy environments for Transport property * Show create dashboard link if at least editor in one folder * graphite: avoid dtracing headers in direct mode * Fix sourcemaps for webpack hot config * return better error message when err is ErrSmtpNotEnabled * elasticsearch: handle if alert query contains template variable * changelog: adds note about closing #9847 * Sparklines should scale to the data range (#12010) * Split webpack dev config into dev and hot * Upgrade webpack loaders (#12081) * pin versions of xorm to resolve sql tests * build: fixes broken path for bra run * use sql builder for the get system stats sql query * fix directly specified variable rendering * remove unused function renderAdhocFilters * send param in callback for get-param-options * Fix #9847 Add a generic signout_redirect_url to enable oauth logout * make separator configurable * fix error message * Changed Prometheus interval-alignment to cover whole panel range * alerting: refactor tests * add usage stats for datasource access mode * Review feedback (heading, typos) * add additional usage stats metrics * add tests for sending usage stats * Integrated dark theme for explore UI * elasticsearch: adds some more/better debug logging to client * changelog: fix broken link to contributor * changelog: adds note about closing #11788 * The old code for centering removed * Backend image rendering as plugin (#11966) * Fix typo in README.md * build: updates publisher to support arm archs for deb and rpm. * Explore split view * Fixed custom dates for react timepicker * Explore: Design integration * Explore: time selector * Fix dashboard snapshot deletion (#12025) * fix names of foreign arch packages * elasticsearch: handle NaN values * elasticsearch: metric and pipeline agg setting json encoding fix * elasticsearch: query interval override fix * elasticsearch: default interval fix * Document table row merge for multiple queries * elasticsearch: pipeline aggregation fix for json encoding * build: always build for all platforms. * fix: remove deadcode to make gometalinter happy * elasticsearch: refactor query handling and use new es simple client * elasticsearch: new simple client for communicating with elasticsearch * elasticsearch: refactor and cleanup * build: removes deploy from nightly while testing it. * update provisioning.md * Fix ResponseParser for InfluxDB to return only string values * Conditionally select a field to return in ResponseParser for InfluxDB * build: clean up the workflow filters. * Revert "Conditionally select a field to return in ResponseParser for InfluxDB" * Revert "Fix ResponseParser for InfluxDB to return only string values" * Revert "move queryTimeout option to common setting" * move queryTimeout option to common setting * add query timeout option for Prometheus * build: crosscompilation for nightlies and releases. * set style for registered query components * make param wrapper configurable * fix metric column when using group by * separate label in template from type * use sql part component * use sql part component * add sql_part component * Singlestat value: vertical alignment fix * Added Swiss franc currency * quote column name in buildValueQuery * return values quotes for suggestions in where expression * test: moves test files to testdata folder * build: downloads and bundles phantomjs for darwin and windows. * build: publisher updated to support more architectures and OSs. * build: saves artifacts with the build * build: crossplatform build with packages. * build: script for tagging and pushing a release * codespell: fixes * fix: fixed some minor startup logging issues * Sqlstore refactor (#11908) * Adds constant description for units * test: increase expire time to avoid tz issues in tests * explore: fixes #11953 * migrated files to ts, removed unused functions from lodash_extended * docs: installation pages for 5.1.3 * changelog: add note for #11830 * legend: fixes Firefox/baron scroll bug * wrote classes * migrated jquery.flot.events to ts * use canMakeEditable * allow to add annotation for non editable dashboard * scroll: temporary fix for double scrollbar issue * backend plugins: log an error if parsing meta field failed * backend plugins: expose meta field * fixes following first code review * add useful note to alerting api docs * improve alerting api docs sample responses * Prometheus step alignment: shift interval only on jitter * Use babel and hot loader only in yarn start * docs: removes notes about beeing introduced in 5.0 * lock caniuse-db version to resolve phantomjs rendering issue * Update dashboard_permissions.md * move database-specific code into dialects (#11884) * refactor: tracing service refactoring (#11907) * fix typo in getLdapAttrN (#11898) * docs: update installation instructions targeting v5.1.2 stable * changelog: add notes about closing #11862, #11656 * Fix dependencies on Node v10 * Update dashboard.md * changelog: add notes about closing #10338 * Phantom render.js is incorrectly retrieving number of active panels (#11100) * singlestat: render time of last point based on dashboard timezone (#11425) * Fix for #10078: symbol "&" is not escaped (#10137) * Add alpha color channel support for graph bars (#10956) * interpolate 'field' again in Elasticsearch terms queries (#10026) * Templating : return __empty__ value when all value return nothing to prevent elasticsearch syntaxe error (#9701) * http_server: All files in public/build have now a huge max-age (#11536) * fix: ldap unit test * only error log when err is not nil * rename alerting engine to service * case-insensitive LDAP group comparison (#9926) * changelog: add notes about closing #11813 * docs: updated changelog * fix XSS vulnerabilities in dashboard links (#11813) * PR: ux changes to #11528 * renames alerting engine to match other services * allow analytics.js to be cached, enable anonymizeIP setting (#11656) * Revert "Add baron scrollbar to a node managed by gafana (#11850)" * decrease length of auth_id column in user_auth table * fixed svg background (#11848) * Add baron scrollbar to a node managed by gafana (#11850) * Fix CSS asset loading for yarn start (HMR) (#11855) * fix: fixed gometalinter issues with Discord PR * docs: update installation instructions targeting v5.1.1 stable * fix root_url in docs & comments (#11819) * changelog: 5.1.1 update * fix: loading of css url (images/fonts) * Support for local Docker builds * Update ROADMAP.md * support additional fields in authproxy (#11661) * better handling for special chars in db config (#11662) * Fix/improved csv output (#11740) * Update ROADMAP.md * Update ROADMAP.md * Update ROADMAP.md * Remove preceding `/` from public JS path (#11804) * Add panel scrolling docs (#11826) * escape pipe symbol same way as in templating docs * changelog: add notes about closing #11616 * added left:unset to counter left:0 in recent react-select release * fixed text color in light theme * changelog: add notes about closing #11800 * test if default variable interpolation is effective when no specific format is specified * changelog: notes about closing #11690 * changelog: add notes for ##11754, #11758, #11710 * scroll: remove firefox scrollbars * Add missing items to Gopkg.lock * pipe escape try #3 * use ascii code for pipe symbol to not mess up markdown table * try to fix table * dont shadow format passed in as function parameter * fix: removed manully added http server from inject graph as it is now a self registered service * fix: removed unused channel * fix: comment spell fix * fix: fixed race condition between http.Server ListenAndServe & Shutdown, now service crash during startup correctly closes http server every time * refactoring: lots of refactoring around server shutdown flows, making sure process is terminated when background service has crashed * refactor: provisioning service refactoring * Metrics package now follows new service interface & registration (#11787) * Revert "Opportunities to unindent code (unindent)" * scroll: fix scrolling on mobile Chrome (#11710) * changelog: add notes about closing #11625 * remove jest it.only to not skip important tests * fixed so all buttons are styled not just small ones, fixes #11616 * --amend * fix: improved handling of http server shutdown * add test for prometheus table column title * Fix url encoding, expand template vars, fix TS hacks * Explore: Add entry to panel menu to jump to Explore * changelog: notes about closing #11498 * Initial Baby Step to refactoring settings from global vars to instance (#11777) * table: fix for padding * graph histogram: fix invisible highest value bucket * dashboard: show save as button if can edit and has edit permission to folders * new property for current user indicating if edit permissions in folders * increase length of auth_id column in user_auth table * fix dropdown typeahead issue * Use opportunities to unindent code (unindent) * Outdent code after if block that ends with return (golint) * Remove redundancy in variable declarations (golint) * fix: minor fix to plugin service shut down flow * appveyor: uppercase the C drive in go path * docs: further documents changes to the docker image. (#11763) * disable ent build to avoid slowing down build speed * Explore: add support for multiple queries * Fixed settings default and explore path * Refactoring PluginManager to be a self registering service (#11755) * fix: removed log calls used while troubleshooting * refactor: refactoring notification service to use new service registry hooks * Enable Grafana extensions at build time. (#11752) * revert renaming of unit key ppm * fix to match table column name and order * Import and typescript fixups * Settings to enable Explore UI * tech: removes unused code * Explore WIP * add deadcode linter to circleci * pkg: fix deadcode issues * build.go: fix deadcode issues * docs: update current version to 5.1 * docs: update installation instructions targeting v5.1.0 stable * changelog: update for v5.1.0 * fix so that google analytics script are cached * prometheus: convert metric find query tests to jest * prometheus: fix variable query to fallback correctly to series query * removed height 100% from panel-container to fix ie11 panel edit mode * replaced border hack carot with fontawesome carot fixes #11677 * dev: Mac compatible prometheus block. (#11718) * mssql: fix value columns conversion to float when using timeseries query * postgres: fix value columns conversion to float when using timeseries query * mysql: fix value columns conversion to float when using timeseries query * sql datasource: extract common logic for converting value column to float * added pointer to show more, reset values on new query * docs: add known issues section for mssql documentation * force GET for metadataRequests, w/ test * Renamed helperRequest and removed positional args * Move function calls w/ side-effects to componentDidMount * changed test name and dashboardMock code * fixed test * add ineffassign to circleci gometalinter check * pkg/components: fix ineffassign issues * pkg/cmd: fix ineffassign issues * pkg/log: fix ineffassign issues * pkg/services: fix ineffassign issues * removed import config * fixed so user who can edit dashboard can edit row, fixes #11466 * Fixes signing of packages. * db: fix failing user auth tests for postgres * changed rps to reqps * bump version * added button to show more preview values for variables, button runs a function that increases options limit, fixes #11508 * Added requests/sec(throughput) * use inherited property from api when rendering permissions * return inherited property for permissions * pkg/tsdb: fix ineffassign isues * fix circleci gometalinter test * Sort results from GetDashboardTags * Add silent option to backend requests * docs: escape asterisk in Graphite docs * docs: disable quoting option for MSSQL * docs: fix example for graphite tag query * docs: spelling * docs: add missing backtick for mysql/postgres * docs: fixes for table in variable docs * build: fixes release deploy * changelog: adds releaste date for 5.1.0-beta1 * graphite: convert ds test to jest * build: removes gometalinter * cli: adds os and arch headers * slightly better example * adjust timeFilter, timeFrom and timeTo macro examples * docs: what's new improvements * docs: what's new improvements * docs: what's new * docs: fix typos * docs: what's new * docs: whats new * docs: more info prometheus heapmap to whats new * docs: improve what's new in v5.1 * docs: what's new in v5.1 draft * Add weback-dev-server with hot/hmr support * build: only lint the pkg folder * changelog: adds note about closing #11476 * dev: only build server with bra run * add gometalinter to circleci * comment unused struct fields * remove unused variables detected by varcheck * fix typo * docs: describes variable formatting options * docs: graphite template variables for tag queries * docs: describes new variable formatting syntax * changelog: notes about closing #10427 * move jest test file to specs * make add panel panel scrollbar adjust when panel/dashboard grid are resized * style: code simplifications * build: introduce -dev flag optimal for building in development mode * changed copied message and added forced render for width change * removed padding and moved carrot * changelog: adds note about closing #11613 and #11602 * cleanup, make sure users are always synced with ldap * Specify expected encoding for access/secret key * make sure user's default org is kept up to date * fix: sign in link should have target self to trigger full page reload, fixes #11626 * codespell: exclude by words instead of files * remove old comment * org role sync tests * refactor authproxy & ldap integration, address comments * pass DN in ldap test * tests for user auth module * fix ldap test * restructure GetUserByAuthInfo * error handling * use Result in GetAuthInfoQuery * switch to passing ReqContext as a property * cleanup * switch to Result * update auth proxy * fixes * fix tests * shared library for managing external user accounts * fix: Label font weight should be semi bold, fixes #11629 * docs: typos * graphite: adds tests for tags and tag_values functions * docs: update provisioning documentation * changelog: notes about closing #10883 * changelog: adds note for #11553 * dev: only build server with bra run * changelog: adds note for #11173 * added forceupdate to grid item so addpanel items rezie instantly, renamed function to copyPanel, fixed panel items height issue * revert changes of add panel button to require save permission * changelog: fix typo * changelog: notes about closing #11572 * Fix issues with metric reporting (#11518) * changelog: notes about closing #10747 * fix: Row state is now ignored when looking for dashboard changes (#11608) * disable codecov comments * add some more sort order asserts for permissions store tests * Revert "build: remove code cov" * Revert "removes codecov from frontend tests" * docs: update postgres macro functions documentation * tsdb: update query and annotation editor help texts for postgres * changelog: notes about closing #11578 * calculate datetime for timeFrom and timeTo macro in go * set default for sslmode to verify-full in postgres datasource editor (#11615) * add some more sort order asserts for permissions store tests * Use sort.Strings() (gosimple) * Remove unused return value assignment (gosimple) * Remove unnecessary fmt.Sprintf() calls (gosimple) * Merge variable declaration with assignment (gosimple) * Use fmt.Errorf() (gosimple) * Simplify make() (gosimple) * Use raw strings to avoid double escapes (gosimple) * Simplify if expression (gosimple) * Simplify comparison to bscl constant (gosimple) * Simplify error returns (gosimple) * Remove redundant break statements (gosimple) * fix unconvert issues * variable: fix binding bug after ts conversion * add GetFromAsTimeUTC and GetToAsTimeUTC and use them in timeFilter macro * fix merge conflict * remove changes to module.ts from this branch * migrated dropdown-typeahead to ts (#11499) * changelog: adds note for #11556 * changelog: adds note for #11133 * dashboard: better size and alignment of settings icons * bra should use the proper build script * moved version in help menu to top * docs: elasticsearch and influxdb docs for group by time interval option (#11609) * changelog: improved docker image * docs: new docker image in Grafana 5.1.0. * added fix for test * addeds test for sort order * Show Grafana version and build in Help menu * changlelog: notes about closing issues/pr's * sqlds: fix text in comments for tests * add codespell to circleci * removes codecov from front-end tests * wip: writing tests for permission sorting * changelog: adds note about closing #11228 * remove postgresversion and convert unix timestamp in go * Support deleting empty playlist * Grafana-CLI: mention the plugins directory is not writable on failure * make timefilter macro aware of pg version * add postgresVersion to postgres settings * changelog: adds note for #11530 * Documentation spelling fix * docs: fix codespell issues * public: fix codespell issues * conf: fix codespell issues * blocks: fix codespell issues * CHANGELOG.md: fix codespell issues * scripts: fix codespell issues * pkg: fix codespell issues * provisioned dashboard validation should be made when importing a dashboard * provisioned dashboard validation should not be made from provisioning service * remove comment/unused variable * docs: improves provisoning example for postgres * docs: add mssql provisioning example * docs: improves provisoning example for each datasource * ordered user orgs alphabeticaly fixes #11556 * permissions sorting fixed + icon same size as avatrs * docs: update mssql with azure sql database support * changelog: adds note for #11569 * docs: update default annotation limit when querying api * Mention the ?inactive parameter in the docs * Add another URL param ??inactive?? which works like ??kiosk?? but with title * tsdb: remove unnecessary type casts in sql data sources macro engines * tsdb: sql data sources should handle time ranges before epoch start correctly * change annotation limit from 10 to 100 * remove mistakenly added styles * fix right side legend rendering in phantomjs * scrollbar: fix so no overflow for legend under graph * build: remove code cov * scrollbar: fixes continuation scrolling for iOS * added styling to fontawesome icons so they have same size as the other icons * Improve wording * Add minimal IAM policy example for CloudWatch data source * PR comments * docs: fix typo of default port for mssql * minor scrollbar fixes * scrollbar: remove unused div * dashboard: show baron scrollbar in dashboard panel when mouse is over * fix so that page scrollbars can be scrolled by keyboard on page load * fix so that dash list panel are rendered correctly * panel: add baron scroller to correct element * Windows build updated to go1.10. * scrollbar: use native scroll for page * converted functions to arrow functions * folders: fix permissions in folder picker component * permission: fix user with org viewer save/move permissions * alerting: handle invalid json format * docker: change mysql container so that it uses utc * mysql: use a datetime column with microsecond precision in test * tsdb: improved floating point support when converting sql time column to epoch (ms) * added @ngInject * provisioning: dont override permissions * provisioning: simplify db query * mssql: fix precision for time columns in time series query mode * postgres: support running multiple postgres integration tests * postgres: fix precision for time columns in time series query mode * mysql: fix precision for time columns in time series query mode * mysql: mysql tests should use a db server with UTC * provisioning: fixes broken tests * tsdb: add support for more data types when converting sql time column to epoch (ms) * provisioning: check provisiong before saveCmd * provisioning: fixes typo * provisioning: adds error handling * added @ngInject * playlist: add missing nginject attribute * Update annotations.md to contain correct annotations api path * removed console.log * docs: update after #11531 * docs: improves provisoning example text * fix test * convert graphite epoch to ms * skip mssql fix * add mssql and mysql * don't convert to uint64 * scrollbar: fix phantomjs rendering error * prevent angular from evaluating {{hostname}} in tooltip (#11514) * using millis for annotations too * data source: rename direct/proxy access mode in data source settings * Fix ResponseParser for InfluxDB to return only string values * Conditionally select a field to return in ResponseParser for InfluxDB * docs: fixes typo * docs: updated debian distro in install docs to stretch, closes #11527 * Revert files * Fix after merge * Make dashboard JSON editable * guardian: when updating permissions should verify existing permissions * api: allow authenticated users to search current org users and teams * css: quick fix after IE11 changes * scrollbar: fix add panel height bug * scrollbar: styles cleanup * migrating to ts * fixed sidemenu icon issue created by earlier pr * added icons for viewer and editor, fixed add permission team avatar * singlestat: Fix optimization in setTableColumnToSensibleDefault * influxdb: Check before assuming first column to be 'time' * provisioning: fix tests for save provisioned dashboard modal * provisioning: ux fixes when saving provisioned dashboards * graphite: use a query when testing data source * migrated metric_segment to ts * scrollbar: fix search scroller in mobile view * scrollbar: fix graph legend height * changelog: adds note for #11165 * migrated dash_class to ts * migrated segment_srv to ts * removed indent for manage dashboards * scrollbar: fix potential memory leaks in event handlers * skip migration if it is a big number * Use curly brackets around hyperlink help text #11478 (#11479) * scrollbar: fix dashboard width updating for different modes * scrollbar: remove perfect-scrollbar and add baron to package list * scrollbar: fix dashboard width bug * scrollbar: fix 'legendScrollbar.destroy is not a function' error * Alerting: Fixing mobile notifications in Microsoft Teams * created closeDropdown function, renamed appevent, added second appevent for open timepicker * permissions: return user and team avatar in folder permissions api * permission: generate team avatar url with default * migrated playlist-routes to ts * migrated last all.js to ts * scrollbar: fix Firefox scroll position restore * Notes for closing #7119 * changelog: adds note for #11128 * variables: adds test for variable sorting * Add case-insensitive sort for variables. * graphite: fixes #11434 * settings: fixes test * changed from margin to padding * fixes for avatar on adding permission and size for gicon * scrollbar: fix side menu on mobile devices * changed variable for tabbed close btn hover, and changed text-strong variable for lighttheme, removed commented out variable * mssql: typos in help sections * docs: spelling * added if to onAppevent, renamed appevent, add appevent to applyCustom and setRelativeFilter * Webpack Grafana plugin template project to links (#11457) * scrollbar: fix Firefox issue (white stripe on the right of scrollbar) * scrollbar: fix legend rendering issues * Initially move to baron scrollbar * rm panel.type constrain from threshold_mapper.ts (#11448) * No need for node_modules/bin in npm run-script (#11449) * changelog: adds note about closing #11555 * add article * fix some typos * docker: add users and groups to ldap block * timepicker now closes without exiting edit/view mode, close order: modal, timepicker, view * migrated graph_tooltip to ts * started migration to ts * Fix #10555 #6888 Better escape for Prometheus variables * bounnd the esc key to exit timepicker * print to stderr since logger might not exist * settings: return error instead of ignoring it * docs: adds provisioning examples for all datasources * Fixed typo in upgrading.md * docs: rpm install page - update to centos 7 * docs: install pages for v5.0.4 * removed padding for icons and added margin * changelog: another update for v5.0.4 * changelog: update for v5.0.4 * changelog: adds note about closing issues * fixed graphpanel editmode and custom width for right side legend for IE11 * alerting: bad default state for notifiers * Clarified formatting multiple values doc * Add Google Hangouts Chat notifier. * dashboard: allow alerts to be saved for new/provisioned dashboards * add response_parser test * add fallback for gravatar in org/admin view * tech: migrates to none deprecated mail lib * docs: not about email notifications and local img store * alert: fixes broken link back to grafana * docs: update table plugin documentation with value/range to text mapping * cleanup and add more test * table panel: additional fixes for value to text mapping * add value to text mapping * provisioning: better description for provisioned save modal * dashboards: reject updates of provisioned dashboards * notes about closing #9210 * fixed alignment in search + fixed issue ie popup * changelog: adds note about closing #11102 * sidemenu fix for internet explorer 11, changed icon width/height to pixels and added height to logo * docs: prometheus ds, remove "new in v4.3" note * remove categories from queryPart * fix a terms bug and add test * remove unused import * handle aggregate functions more generic * Add new currency - Czech koruna * docs: update heatmap and prometheus docs, #10009 * provisioning: improve UX when saving provisioned dashboards * styled login page for ie11 * - pipeline aggs support - add some test * support non-nested menu entries * provisioning: removes id from dashboard.json * Handle Interval Date Format similar to the JS variant https://github.com/grafana/grafana/pull/10343/commits/7e14e272fa37df5b4d412 c16845d1e525711f726 * Use net.SplitHostPort to support IPv6 * add missing word to graphite docs * set right series name * Missed the 'p d' hint in the popup-menu * Add hints for the 'pd' Duplicate Panel command from PR #11264 * remove README changes * finished CODING PHASE 1 * wip * notes about closing #11306 * cleanup * changelog: unix socket permissions * Adjust permissions of unix socket * docs: fix typos * docs: update postgres, mysql and mssql documentation * docs: update graph panel documentation * docs: tweaks * changelog: adds note about closing #5855 * remove dashboardId check... i can't figure out how the tests work * get circle to run tests again * add dashboardId to test * remove api tests * fix operator * remove constraint from sqlstore * move dashboard error to API (not sql) * legend: small refactoring * changelog: adds note about closing #11278 * docs: spelling * docs: add intro paragraph to provisioning page * Cleanup CircleCI V2 Conversion * Make golint happier * dooh * update the updated column! * using circle as my tester * using circle as my tester * adding tests, but they arent running locally * changelog: notes for #1271 and #2740 * graph: minor fixes to y-axes alignment feature * added save icon to save buttons * removed trash can icon from save buttons * mysql: skip tests by default * Return actual user ID in UserProfileDTO * convert epoch to milliseconds * adding updated column * mssql: update query editor help * mysql: fix precision for the time column in table/annotation query mode * postgres: fix precision for the time column in table/annotation query mode * mssql: fix precision for the time column in table/annotation query mode * mssql: remove UTC conversion in macro functions * mssql: fix timeGroup macro so that it properly creates correct groups * small screen legend right also work like legend under in render + set scrollbar to undefined in destroyScrollbar so it doesnt become disabled when toggeling between right and under * dashboard version cleanup: more tests and refactor * Make golint happier * fixed so legend right works like legend under on small screens * adding created column * Alerting: move getNewState to EvalContext * minor refactor of dashboard version cleanup * refactor: dashboard version cleanup * limit number of rows deleted by dashboard version cleanup * fix dashboard version cleanup on large datasets * docs: add variable regex examples (#11327) * graphite: adds more traces for alerting * sql datasource: extract common logic for converting time column to epoch time in ms * docs: details about provisioning elastic * update email default year and name * dataproxy: adds dashboardid and panelid as tags * Alerting: Add retry mechanism and its unitests * docs: spelling * snapshot: fix legend rendering bug * session: update defaults for ConnMaxLifetime * snapshots: removes errors for empty values in ViewStore * Allocated to a separate alignment block. Replaced the attribute of the second axis by the attribute of the axes. * Expose option to disable snippets * changed var to const, changed to string interpolation * mssql: adds test for time should be ms in table mode * Remove unused kibana images * changed var to const * changelog: adds note about closing #11114 & #11086 * mssql: convert tests to jest * mssql: fix precision for time column in table mode * converted file to ts * changelog: notes about #10093 and #11298 * dashboard: fix phantomjs panel rendering in collapsed row * Fixed unit test. * Changed the way this feature was activated. And changed tolltip. * Added validation of input parameters. * converted file to ts * docs: update using mssql in grafana * fix: only run gofmt on pkg directory omitting vendor directory * fix: dep ensure. now without gofmt on ventor directory * mssql: add integration test to verify stored procedure usage * mssql: encrypt password in database * mssql: remove dynamic construction of metric column and other columns * docker: pin microsoft/mssql-server-linux to 2017-CU4 tag * docs: improve guide for high availability * fix: only run gofmt on pkg directory omitting vendor directory * test * mssql: cleanup and minor refactor * mssql: allow host without port and fallback to default port 1433 * docker: update test dashboard for mssql tests * mssql: cleanup and minor changes * Missed thanks in changelog * Adds pagerduty api update to changelog. * mssql: update readme * mssql: update test dashboard * docs: Using Microsoft SQL Server in Grafana * mssql: remove logos for now * docs: mssql documentation will go into another branch targeting next minor version * Updated roadmap for 5.1 * Minor format changes * Changed Swedish and Icelandic currency * fix failed tests for dashboard view state * dashboard: fix rendering link to panel in collapsed row * docs: update install docs for 5.0.3 * changelog: 5.0.3 * mssql: add alternative logo without text * mssql: strip inkscape from logo * mssql: minor improvements of query editor help * mssql: skip rendering of mssql logos until we have a valid logo * docker: add test dashboard for mssql tests based on test data generated by integration test * mssql: additional integration tests * mssql: support money, smallmoney and decimal data types * mssql: update plugin.json, added description and name MSSQL -> Microsft SQL Server * added indent to dashboards inside folder in search dropdown, and added indent to dashboard icon in search item * session: fork Macaron mysql session middleware * database: expose SetConnMaxLifetime as config setting * database: fixes after xorm update * database: update xorm to v0.6.4 and xorm core to v0.5.7 * prometheus editor: variable autocomplete support (PR #9988) * made a keyboard shortcut to duplicate panel * docs: update mssql documentation * mssql: disable mssql integration tests per default * mssql: timeGroup fill support added. * mssql: add timeGroup integration test * alertmanager: /Creating/Sending/ * mssql: adds fill to timeGroup macro. * allow any database for influx proxy * remove * alertmanager: handle resolved alerts, nodata, and execution errors * add regex search of username and password in urls, which are replaced by strings.Replace * notitfiers: avoid ShouldNotify duplication * fix merge error * alertmanager: if there are no alerts to send, do nothing * docker: change port for prom random data scrape target * mssql datasource: wip * docker: mssql and mssql tests blocks with common build context * fix lint problems * fix lint problems * fix lint problems * read aggregate functions from database * add buildAggregateQuery * Update README.md * docker: fake-data-gen:latest updates * Resolved conflict * docs: more details about slack notifier * properly handle IN queries * docs: updates latest release for docs * changelog: improve description of closed issues * renderer: avoid redirect render requests * changelog: adds notes about 5.0.2 * dashboard: fix import dashboard with alert rule * middleware: recover and retry on session start * alerting: supports extracting alerts from collapsed panels * join multivalue variables with , * revert special handling for IN * put values for IN in parens * dont quote where constraints * docker: add test dashboard for mssql for visualizing data generated by fake-data-gen * add regex operators * mssql datasource: support for timeGroup macro function * Added Kilopascals(kPa) under pressure * Added W/m2(energy) and l/h(flow) * folders: should be possible to browse folder using only uid * remove unused setting * dashboards: should be possible to browse dashboard using only uid * mssql datasource: additional data type tests * docker: add mssql block * Added icon for iOS web app * changelog: add note about closing #8151 * alerting: adds back the link to grafana. * Fix CI * Modify Grafana Pagerduty notifier to use Pagerduty API V2 * graph: minor refactor of histogram mode PR #8613 * changelog: adds note about closing #11220 * style: dont expose func outside package * teams: removes quota on route * changelog: adds note about closing #11143 * changelog: adds note about closing #11107 * Second to HH:mm:ss formatter (#11105) * changelog: adds note about closing #10009 * docs: fix an outdated link to Prometheus's doc * Added concentration units and "Normal cubic metre" * Corrected work for graphs created before this feature. * Replaced array values to variables yLeft and yRight for easy reading code. * Rename test file according module name. * prometheus: fix bug introduced by #9859 (httpMethod is undefined) * prometheus: add tests for heatmap mode * prometheus: datasource refactor * Fix urls in plugin update_checker logs * changelog: adds note about closing #10029 * docs: add team api link from http api reference page * added test for sorting and filtering * changelog: adds note about closing #9859 * Refactoring * set default value of httpMethod * support POST for query and query_range * cleanup where segment handling * remove limit * handle variables in where constraints * Adding Timeticks unit * properly quote where constraint parts * quote schema and table * docs: minor fix for dashboard http api documentation * build: cleanup * build: removes custom work dir in deploy. * build: upgrades build pipeline from CircleCI 1.0 -> 2.0 (#11162) * github: test new issue tempalte * dev: update dev prometheus2 to 2.2.0 * changelog: adds note about closing #10925 * docs: update latest to 5.0.1 * push 5.0.1 to package cloud * changelog: adds release date for 5.0.1 * bump master build to 5.1.0-pre1 * move quota to dedicated service * Fix indent * docker: add prometheus/example-golang-random to docker-compose blocks * Fix the code to match the documentation. * rename Context to ReqContext * fix, set default highResolution setting * changelog: note about closing #11145 and #11127 * docs: adds note about closing #10632 * removes commented code * removes unused variables * upgrade to go 1.10 * alerting: fixes validation error when saving alerts in dash * add csv templating format * docs: note about closing #11046 * docs: adds note about #10942 * heatmap: add explanation of Time series buckets mode * Add color to prefix and postfix in singlestat * replaced if with classNames * heatmap: able to set upper/lower bucket bound manually * heatmap: refactor * added media breakpoint to legend-right * Documentation: path "~/go" to "$GOPATH" * Update ROADMAP.md * add panel to list now copy, started on jest * docs: improves docs for alert rules * heatmap: fix Y axis and tooltip decimals and units issues * Append test to check not zero level. * Add bs-tooltip to Y-Align element. * move Context and session out of middleware * only use jwt token if it contains an email address * scrolling: faster wheelspeed * docs: improves provisioning description * changelog: adds note about closing #10975. * changelog: adds note about closing #7107 * changelog: adds note about closing #11103 * changed background for mobile menu background on light theme, increased font size in and added border-right in menu * heatmap: fix tooltip count and bucket bound format * alerting: Limits telegram captions to 200 chars. * changelog: note about closing #11097 * hide row actions for viewers * fixes invalid link to profile pic when gravatar is disabled * changelog: adds note about closing #11016 * fix: restores white resize handle for panels, fixes #11103 * changelog: adds note about closing #11063 * fix typo in heatmap rendering.ts (#11101) * docs: add v5.1 to versions * docs: fill for mysql/postgres * ignore iteration property when checking for unsaved changes * changelog: notes for #11055 and #9487 * use net/url to generate postgres connection url * made drop-menu into link * heatmap: sort series before converting to heatmap. * use metricColumn in query builder * set rawSQL when rendering query builder query * fix group by column * clean up aggregation functions * fix variable interpolation * rename field to column * Fix Prometheus 2.0 stats (#11048) * docs: removed beta notice in whats new article * remove spaces around arguments of macros * remove spaces around arguments before calling macro expansion * docs: update current version to 5.0 * docs: update install pages for v5.0.0 * update version to 5.0.1-pre1 * changelog update for 5.0.0 stable * Add metrics that triggered alert to description * build: updated version * heatmap: hide unused Y axis controls for tsbuckets mode * heatmap: format numeric tick labels in tsbuckets mode * heatmap: add rendering tests for tsbuckets mode * Fix Github OAuth not working with private Organizations (#11028) * login: hide sign up if configured so. Fixes #11041 * permissions: fix validation of permissions before update * dashboard: add permission check for diff api route * permissions: remove client validation and handle server validation * dashboards: change dashboard/folder permission error messages * dashboards: handle new guardian error responses and update tests * folders: handle new guardian error responses and add tests * dashboards: don't allow override of permissions with a lower precedence * Alerting: Fix OK state doesn't show up in Microsoft Teams (#11032) * grammar fix, add dir, and remove redundant info * heatmap: use series names as top or bottom bounds, depends of datasource * heatmap: refactor * heatmap: add few tests for histogram converter * fix: changed react-grid-layout to use grafana fork to a commit before https://github.com/STRML/react-grid-layout/commit/15503084fb7b0af826427c8c0 706901e5745a39f, this fixes all the panel movement bugs, fixes #10831 * heatmap: fix Y bucket size calculation for 'tsbuckets' mode * gave scroll-canvas-dashboard 100% height in kiosk-mode, fixes #11010 (#11017) * docs: update to install pages for beta5 * changelog: update for v5.0.0-beta5 * added admin icon and permission member definitions(role,team,user) * build: update to version 5.0.0-beta5 * [doc] Fix extra alerting options in installation->configuration * yarn: update lock file with tarball change * build: use tarball instead of git commit for tether drop * improve maintainability * docs: fix type in datasource http api * docs: adds accesskey and secret to securejsonfields * support [[variable:type]] syntax * offer template variables for tags * feature for issue #9911 * Added radiation units * docs: update shortcut docs * dashboards: remove non-supported keyboard shortcuts for delete/collapse row * dashboards: fix keyboard shortcut for expand/collapse rows * dashboards: fix keyboard shortcut for remove panel * snapshots: fixes cleanup of old snapshots * docs: minor folder http api changes * Update ROADMAP.md * Update ROADMAP.md * heatmap: fix bucket labels shift * heatmap tooltip: fix bucket bounds for 'tsbuckets' mode * heatmap tooltip: fix count decimals * heatmap: fix tooltip histogram for 'tsbuckets' mode * heatmap: use buckets from histogram with 'tsbuckets' mode * dashboards: created/updated and createdby/updatedby should be set before save * Add unit tests. * Refactoring code * Fix save as dashboard from folder to General folder (#10988) * changed name of copy tab to paste * added no copies div * prometheus: tests for heatmap format * dashboards: cleanup * folders: use folder api for retrieving folder * dashboards: fix batch dashboard/folder delete response * fix: elasticsearch terms size now allows custom values again, fixes #10124 * added highlighter, fixed setState and changed back flex to spacea around * folders: fix create folder in folder picker * added tabs and searchfilter to addpanel, fixes#10427 * snapshots: change to snapshot list query * prometheus: initial heatmap support * docs: update http api index * docs: dashboard and folder permissions http api * docs: folder http api * permissions: use updated api endpoint for dashboard permissions * fix typos in api, acl to permissions * folders: rename folder_acl in api to folder_permission * dashboards: change api route for dashboard permissions * folders: fix typo * folders: extend folder service tests * dev: docker-compose setup for prom2. * folders: folder api tests * fix: scrollbar position now to max right pos, fixes #10982 * Fixes for heatmap panel in Grafana 5 (#10973) * docs: updated cloudwatch docs add dimension filter as a option for dimension_values query. * folders: folder permissions api tests * dashboards: make fake dashboard guardian available to other packages * fix: added new known data source plugins, and minor migration fix for v1 dashboards * folders: folder permission api routes * folders: fix api error mapping * folders: basic integration tests for folders * folders: use new folder service in folder api routes * folders: new folder service for managing folders * dashboards: created date should be set when creating a folder/dashboard * fix: fixes to signup flow, fixes #9816 * Refactoring code. Change Y-Zero to Y-Level. * fix: fixed github oauth login with allowed orgs filter, fixes #10964, reverts #10851 * fix: plugin dashboard did not get plugin id after import * feat(ldap): Allow use of DN in user attribute filter (#3132) * added scroll to org list modal (#10960) * added an if to check for null to sort null as 0 (#10961) * fix: alert history list now shows on graphs with manually added annotation events, fixes #10968 * provisioning: dont ignore sample yaml files * docs: updated for changelog and docs with beta4 * Correct typo in DashboardInputMissingError * build: updated build version to v5.0-beta4 * graph: added 0.5 point radius option * Shouldn't be able to overwrite a dashboard if you don't have permissions (#10900) * influxdb: escape backslashes in tag values (for alerting) * [elasticsearch] Allow nested fields for annotation source (#10936) * changed m3 and dm3 to fixedUnit, fixes #10920 (#10944) * migrate panels in collapsed rows (#10948) * Share zero between Y axis. * Add hook processRange to flot plugin. * login: migration fix. * login: uses epochs for login throtting. * fix: fixed redirect after save, fixes #10946 * fix: esc key now closes panel edit/view mode as usual, fixes #10945 * docs: updated to beta3 * alerts: refactoring tests * alerting: pausing alerts modifies updated. * test: added integration test for #10941 * refactoring: alert rule query refactoring (#10941) * updated version to v5-beta3 * db: reduce name column size in dashboard_provisoning * teams: adds some validation to the API * docs: status code changes for Team API * docker: add test dashboards for mysql and postgres for visualizing data generated by fake-data-gen * cli: download latest dependency by default * Revert "removes dependencies install for plugins" * migrate minSpan (#10924) * Close modal with esc (#10929) * repeat row: fix panels placement bug (#10932) * docs: team API. Closes #10832 * Update sample.ini * Update ldap.toml * Update ldap.md * Minor typo fix * plugins: update meta data for all core plugins * alert notifiers: better error messages. * support cloudwatch high resolution query * chore: adds comment for exported function * updated download links * docs: Updated changelog * updated package.json version * fix: more phantomjs fixes * fix: refactoring #10922 * Fix phantomjs legend rendering issue, #10526 * mark redirect_to cookie as http only * dashboard: whitelist allowed chars for uid * updates readmes for mysql and postgres (#10913) * Set default threshold axis to 'left' for panels created before this feature. * provisioning: adds setting to disable dashboard deletes * tech: dont print error message on 500 page * removes dependencies install for plugins * tests: makes sure we all migrations are working * provisioning: uses unix epoch timestamps. (#10907) * improve error message for invalid/unknown datatypes (#10834) * add AWS/States Rekognition (#10890) * Dashboard acl query fixes (#10909) * wip: dashboard acl ux2, #10747 * permissions: refactoring of acl api and query * bug: return correct err message * initial fixes for dashboard permission acl list query, fixes #10864 * provisioing: always skip sample.yaml files * provisioning: handle nil configs * sql: removes locale from test to mirror prod. * adds tests that validate that updated is correct * provisioning: code formating * provisioning: adds logs about deprecated config format * provisioning: support camelcase for dashboards configs * provisioning: support camcelCase provisioning files * API Integration Tests via jest (#10899) * ux: refactoring #10884 * Invalid url in docs * Duplicate typo fixed * add 13-24 for min width (#10891) * sass/base: import from current dir in _fonts.scss (#10894) * fix: removed logging * fix: sql search permissions filter fix * provisioning: Warns the user when uid or title is re-used. (#10892) * Minor typo fix * new dashboard is now hidden from viewer, fixes #10815 (#10854) * fixed bg gradient, fixes #10869 (#10875) * login: fix broken reset password form (#10881) * moved div in code * added buttons and text to empty dashboard list * docs: spelling. * docs: update dashboard permissions http api docs * Cloudwatch dimension_values add dimension filter. * dashboard: always make sure dashboard exist in dashboard acl http api (#10856) * Fix #10823 (#10851) * provisioning: better variable naming * ux: minor tweak to grid resize handle color * teams: use orgId in all team and team member operations (#10862) * permissions: might have a solution for search * Fixes for graphite tags editor (#10861) * fix: clear items list before fetching permissions list * provisioning: dont return error unless you want to cancel all operations * provisioning: createWalkFn doesnt have to be attached to the filereader anymore * provisioning: update sample config to use path * provisioning: avoid caching and use updated field from db * update README.md regarding running tests * update README.md regarding running tests * docs: minor docs update * docs: updated docs landing page * provisioning: delete dashboards before insert/update * user picker should only include users from current org (#10845) * Correct code style. * db test: allow use of env variable for database engine to run tests for * dashboard and folder search with permissions * provisioning: fixed bug in saving dashboards. * dashboard: fix delete of folder from folder settings tab. * append test to thresholds on right axis * Update logic for create/update dashboard, validation and plugin dashboard links (#10809) * added width class to add member choose (#10835) * add where constraint handling * add query_builder * docs: adds uid to dashboard.json reference docs * Fix #7107 * fix: initial fix for #10822 * fix: folder redirect after creation * dashfolders: fixes #10820 * fix: fixed bug with redirect after new dashboard saved, related to buggy angularjs location path/url and base href, fixes #10817 * docs: describe uid for dashboard provisioning * fix: removed old shortcut that does not exist, fixes #10802 * build: fixed recovery test * fix: css fix, found a better way to fix #10772 * fix: minor build fix * fix: error handling now displays page correctly, fixes #10777 * heatmap tooltip: minor refactor * fix: changed dashboard title length to match slug length, will fix mysql index size issue, fixes #10779 * docs: added graphite section * docs: minor update * graph panel: fix csv export (series as col) (#10769) * org-switcher: should redirect to home page (#10782) * embedded panel: hide side menu during init (#10788) * docs: update http api for api index, dashboard, folder and dashboard search * scroll: css for #10722 * dashlist: scroll fix when no header * docs: video fix * Update changelog with deprecation notes of http api * redirect "permission denied" requests to "/" (#10773) * docs: fix * scroll: use wheelpropagation. Ref #10772 * docs: update dashboard model, persistent urls and api changes in what's new in v5 * docs: fix download link * docs: minor update * docs: adds http api dashboard permissions * docs: updated whats new * docs: update dashboard model, new url structure and api changes in what's new in v5 * build: updated publish script * docs: update docs with download links * build: increased version to beta1 * fix: fixed permission list caching issue, fixes #10750 * Stale permissions (#10768) * adds unique index for org_id+folder_id+title on dashboards (#10766) * docs: fix links in HTTP API Reference page * dashboards: render correct link for folder when searching for dashboards (#10763) * fix panel menu caret placement (#10759) * permissions: fix link to folder from permissions list * dashboard: fix loading of snapshot and scripted dashboard (#10755) * changes to new urlformat for home dashboard (#10738) * fix: alert list links did not work, changed dashboardUri to Url, this is breaking api change in alert api (#10756) * docs: typos and wording. * ux: hide sidemenu in kiosk mode, and while playlist is playing, fixes #107402 * dashboard: fix redirect of legacy dashboard url's * make metricColumn functional * add metric column selector * docs: add spaces to timeseries example * fix: restored tags to search * fix frontend validation for creating new folder and import dashboard (#10737) * #10724 Fix whitespace * poc: merge sync * #10724 Fix finding the x bucket * docs: dashboard provisioning * handle new error message * removes uid when using 'save as' * dashfolders: rename Root folder to General. Closes #10692 * Light theme icon color (#10730) * folders: use new folder api in frontend * folders: changes and updated tests after merging permissions and new url structure * folders: rename api files * dashboards: revert logic of returning 404 in dashboard api if it's a folder for now * db: fix failing integration tests for mysql and postgresql * docs: add examples for dashboard permissions * Update search datasource by name API path * fix for dashboard/folder url's when having a sub path in root_url config * ux: added max width to dashboard settings views * add gofmt as precommit hook * dashfolders: adds test for permission store * dashfolders: adds permission modal to dashboard settings * register handler for get dashboards by slug * make it easier for dashboards to generate ur; * changes dashboard url in alertlist * alert: use new url format * Improve logging in the phantomjs renderer (#10697) * route params from angular to view store should be updated on routeChangeSuccess * repeat panel: process repeats when row is expanding (#10712) * folders: changes needed due to merge * docs: removed section with session table sql, that is not needed anymore * ux: fix for responsive breakpoints and solo mode showing sidemenu * support multiple histogram series * docs: moved whats new article to master * ux: fixed issue with zoom on graph caused scroll, fixes #10696 * dashboard: refactor logic for retrieving url for folder/dashboard * update text, fix a few typos * dashboards: update dashboard/folder url if browser url is not the same as from backend * dashboards: when restoring a dashboard to an older version, set current uid * dashboards: fix updating folder so that correct url is returned * dashboards: remove slug property in dashboard search responses * folders: change the front end route for browsing folders * dashboards: add validation to delete dashboard by slug * dashboards: new route for deleting dashboards by uid * plugins: return table with empty rows array insteaf of nil * retry uid generation * fix: use replace when redirecting to new url * ux: Change input width of UserPicker and TeamPicker in AddPermissions component #10676 * viewstore: fix test after merge * tests: Add TeamPicker test and update TeamPicker/UserPicker snapshots so they match the latest classNames update #10676 * dashfolders: fix for folder picker * ux: Add an optional className to the UserPicker and TeamPicker #10676 * dashfolders: fixes #10671. Allow Editors default access to Root. * docs: added redirect from old provision page, #10691 * tests: Move tests from Permissions to AddPermissions #10676 * tests: Update tests in PermissionsStore and rem out the Permissions-tests for now #10676 * docs: added permissions page and updated folder docs * dashfolders: text change * dashfolders: special case for folders in root * add groupby to querybuilder remove unused aggregations * gofmt... * spelling * Verifies requirement of id in dashboards. * ux: POC - Update "Add permissions" design and add a fancy animation #10676 * ensure dashboard title is unique in folder * docs: Remove obsolete Ansible rule (#10689) * docs: Fix outdated provisioning link (#10690) * Renamed "Period" to "Min period" in CloudWatch query editor (#10665) * created cta-bg variable and changed bg color on light theme (#10693) * Repeat panels when row is expanding (#10679) * dashboards: make scripted dashboards work using the old legacy urls * dashboards: redirect from old url used to load dashboard to new url * docs: updated whats new * playlist: fixes #10254 * dashboards: add new default frontend route for rendering a dashboard panel * alerting: small refactoring * dashfolders: POC - Use separate component for "Add permission" #10676 * removes uniqnes check on slug when saving dashboards * Drops unique index orgid_slug from dashboards. * plugins: return empty tables array insteaf of nil * url: fix for bsclean querystring parameters * moved icon (#10681) * docs: updated whatsnew * docs: progress on whats new article * docs: updated version * docs: fixed order of sidemenu * test: fixes failing test in go1.10 * dashboards: fix links to recently viewed and starred dashboards * dashboards: use new *url* prop from dashboard search for linking to dashboards * dashboards: when saving dashboard redirect if url changes * dashboards: add new default frontend route for loading a dashboard * dashboards: return url in response to save dashboard. #7883 * dashboards: ensure that uid is returned from getSaveModelClone * alertlist: disable pause button when user does not have permission * dashboards: revert adding api for retrieving uid by slug * util: remove retry logic in shortid_generator * dashboards: add url property to dashboard meta and search api responses * dashboards: api for retrieving uid by slug. #7883 * dashboards: add support for retrieving a dashboard by uid * dashboard: change unique index for uid to include org_id * dashboards: return uid in response to creating/updating a dashboard. #7883 * dashboards: extract short uid generator to util package. #7883 * dashboard: fix failing test. #7883 * dashboard: generate and include uid in dashboard model. #7883 * db: add migrations for creating a unique index for uid. #7883 * db: add migrations for generating uid for existing dashboards. #7883 * db: add new column uid to the dashboard table. #7883 * enhance render function * add postgres_query.ts * moved icon (#10681) * dashfolders: remove inline styles * fixed width of images and removed gifs and fixed text a bit in search * docs: fixed order of sidemenu * test: fixes failing test in go1.10 * new gifs for search * docs: adds more info about whats new in v5 * docs: updated versions.json * alerting: add permission check in api for pausing alerts * query builder changes * dashfolders: adds comment for dashboard api tests * more query builder components * docs: added versions file * dashfolders: adds comment for dashboard acl test * api: extract api test code to common_test.go * repeat panel: minor refactor * WIP: folder api. #10630 * changed img for shortcuts * replaced img in export_import and sharing * Fix horizontal panel repeat. Fix #10672. * dashfolders: Add min-width to align icons in permissions list and some margin between icon and text #10275 * ui: Fix Firefox align issue in dropdowns #10527 (#10662) * fix: InfluxDB Query Editor and selecting template variable in where clause caused issue, fixes #10402, fixes #10663 * dashfolders: link to folder for inherited permissions * test: Update Tooltip test to check for className support * changed img-link for timerange imgs and some text * fix: remove repeated rows when repeat was disabled. (#10653) * test: Update Popover test to check for className support * dashfolders: Get rid of unused import #10275 * dashfolders: Use grafana's question mark instead of FA's and use the react tooltip instead of angular's #10275 * dashfolders: Add className to Tooltip component * fix: don't show manually hidden sidemenu after view mode toggle (#10659) * dashfolders: css class as parameter for Picker * dashfolders: select with description for permissions * fix: show sidebar after mouse wheel scrolling (#10657) * fix: tweak of PR #10635 * ux: minor tweak of #10634 * plugins: only set error if errorstring is not empty * Revert "Fix typeahead to avoid generating new backend request on each keypress. (#10596)" * call render in query * dashfolders: add help popover. Add folder title for inherited permissions * dashfolders: use react component for dashboard permissions * added hash rate units for monitoring mining processes * replaced input with gf-form-dropdown * reverted media queries * graphite: fix nested alerting queries (#10633) * fix for sm * added media break for md and sm * dashfolders: add disabled Admin permission to list * tech: upgrade to golang 1.9.3 * Locks down prometheus1 to v1.8.2 in live-test. * fix typo in parameter. (#10613) * dashfolders: autosave permissions on change (remove update button) * changelog: move all 4.7 changes into 5.0 * changed some img-links, updated text for annotated img, more work on whats new in v5.0 * changelog: be more explicit about backwards compatibility * WIP: Protect against brute force (frequent) login attempts (#10031) * dashfolders: fix tests for ViewStore after merge * Fix typeahead to avoid generating new backend request on each keypress. (#10596) * fix vertical panel repeat (#10619) * graph: fix series sorting issue (#10617) * dashfolders: New snapshot since we changed from defaultValue to value per latest React documentation #10275 * refactor: Replace _.find with Array.prototype.find() * dashfolders: Convert mobx observable to js objects and remove the observer() since we want to use the component outside the react/mobx world #10275 * dashfolders: Clean up more variables and move newType, aclTypes and permissionOptions to the store #10275 * dashfolders: Remove variables not used and pass in the real dashboardId #10275 * dashfolders: Remove those 2-line-components from PageHeader to make it easier to read and make sure components listening to the mobx state are wrapped with observer() #10275 * dashfolders: Add support for breadcrumbs in NavStore #10275 * dashfolders: Rename UserPicker folder => Picker. Inject the permission-store in the FolderPermissions-container instead of the Permissions component, add the PermissionsStore to the RootStore and and the error-message to the Permissions-store #10275 * dashfolders: Add Permissions information box #10275 * dashfolders: Fix page max width #10275 * dashfolders: Update jest tests with backendSrv #10275 * dashfolders: Add a Team Picker component and use it on the dashboard permissions page #10275 * dashfolders: Working user picker on the dashboard permissions page #10275 * dashfolders: Send down backendSrv to the react components #10275 * dashfolders: Re-use the API of the angular user picker instead, which is reusable #10275 * provisioning: delete dashboards from db when file is missing * dashfolders: Remove the PermissionsInner-strategy since we have a container for this route now #10275 * dashfolders: Permissions are injected via MST so it needs to be defined as optional #10275 * dashfolders: Add FolderPermissions container and make sure isFolder is passed to PermissionsStore #10275 * dashfolders: Always get dashboardid and backendsrv from props #10275 * dashfolders: Rem code to avoid tests to fail #10275 * wip: More on the permissions. Left are team picker and user picker, tests and error messages #10275 * fix: mobx-react-devtools is a dev dependancy #10275 * dashfolder: wip: More wip on acl.html2permissions.tsx #10275 * dashfolders: wip - Move Permissions into React #10275 * variables: lint fix * variables: fix when datasource returns error * fixes broken phantomjs rendering * added varibale to table hover, lightend colors for table light theme, fixes #10609 (#10611) * added whats new v5, changed link in notifications, removed row from getting started * fixes minor typo * provsioning: dont stop grafana due to missing * Disable prefix and postfix font size when gauge mode is enabled (#10573) * docs: improve docs for image uploaders * cfg: remove local as default image uploader * docs: Add haproxy example for running behind reverse-proxy * provisioning: enables title changes for dashboards * Cloudwatch: add support for multi instances (#10570) * ux: minor change, added import dashboard link to dashboard search side view * tech: adds/removes in vendor folder according to dep 0.4.0. * docker: sync local time and timezone to mysql_tests block * dashfolder: fix for sqlite test * dashfolder: fix for mysql test * mysql: pin the mysql dependency * tech: ignore /public and /node_modules * tech: ignore /data folder for dep * docs: first draft of dashboard folders docs * plugins: map error property on query result * stats: send amount of stars as stats * tech: avoid using deprecated functions * style: minor code style changes * dashboards: save provisioning meta data * provisioing: add lookup table provisioned dashboards * refactor: minor css class naming change of #10505 * refactor: minor refactoring of PR #10560 * cloudwatch: fix ebs_volume_ids by create a client-session before call ec2:DescribeInstances. (#10566) * docker: use mysql and postgres from latest fake-data-gen * Update OpsGenie Notifier to support different api domains. * 10583 panel resize icon fix (#10585) * dashboards: Fix issue with first click when expanding folder in search * cfg: adds info about local img uploader to docs * docs: adds info about local img uploader * changelog: adds note about closing #6922 * changelog: note about closing #9664 * changelog: adds note about closing #9770 * start query builder ui * Disable instead of hide mode options when line/points is unchecked * dashfolders: show folders use can save to in picker * dashfolders: fix bug in save as modal * Add lumens unit * add docs for configuring OAuth with Auth0 and Azure AD * install dep instead of govendor on setup * remove unused code from vendor * migrate from govendor to dep * fix: cloudwatch corrected error handling so original error is not thrown away * go fmt * support for decoding JWT id tokens * ds: updated ds nav * feat: ds edit fix * feat: ds edit nav * Generic Oauth Support for ADFS (#9242) * Recommend a limit on database query * Adjusted the border color on the buttons in dashboard nav, fixed alert email text area width, fixed padding-top issue on dashboard settings aside * dashfolders: stop user locking themselves out of a folder * dashfolders: add breadcrumbs to NavStore * codestyle: extract code into methods * mysql: convert numbers to text for annotation tooltip * mysql: update to use ColumnTypes interface in new version * mysql: update mysql driver to latest master * gofmt my dear friend * ux: updated react-layout-grid * plugins: send secureJsonData unencrypted * Make file_reader follow symlinks * dashboards as cfg: property path replaces folder * moves datasource plugin model to grafana/grafana_plugin_model * Update package.json * fix: fixed build issue * fix: multi valued query variables did not work correctly, fixes #10539 * move graphite /functions parsing into gfunc.ts * remove duplicate sass rules * fix tests & some display issues * fix: graphite func editor fixes, this component is messy and ugly as hell * fix: minor fixes * fix: restored previous behavior of form_dropdown, this fixes all my observerd bugs with the dropdown behavior * fix: query editor needs to wait for function definitions to load * fix issue with metric find & functions being loaded multiple times * interpolate variables in tags & values during autocomplete * fix typo * update rst2html * fix line length, run jscs & jshint in precommit * function description formatting * tooltips for function definitions * support specifying tag_values("") as graphite template query * use typeahead value in graphite find requests * send prefix when auto-completing tags * add button to trigger evaluation of tag queries * sync function categories with graphite-web * work on tag dropdown behavior * support for loading function definitions from graphite * Update building_from_source.md * Update README.md * Update default_task.js * Clearer naming for dashboard provisioning config. * ux: dashboard nav and settings tweaks * Tag filters in search (#10521) * fix: save as enter key now works and folder selection also works, fixes #10464 * use context over golang.org/x/net/context * docs: small update to IIS proxy docs * added a variable for grid color and if statment to switch colors, fixes #10509 (#10517) * dashboards as cfg: logs error when trying to import dashboard with id * code style fixes * dashfolders: bugfix after rename * dashfolders: bugfix after rename * Adds Table in backend datasource contract. * fix: share snapshot controller was missing ngInject comment, fixes #10511 * Use URLEncoding instead of StdEncoding to be sure state value will be corectly decoded (#10512) * Optimize metrics and notifications docs * Optimize cli and provisioning docs * imguploader: Add support for new internal image store (#6922) * docs: Guide for IIS reverse proxy * changelog: adds note about closing #9645 * telegram: Send notifications with an inline image * telegram: Switch to using multipart form rather than JSON as a body * telegram: Fix a typo in variable name * dashfolder: refactor breadcrumbs in PageHeader * dashfolders: convert folder settings to React * Adds Tables types to protobuf * fix: alert list pause/start toggle was not working properly * fix template variable selector overlap by the panel (#10493) * Review tsdb protobuf contract * dashboard: Close/hide 'Add Panel' before saving a dashboard (#10482) * supports windows compatible plugin binaries * fix: removed unused param * Fix variables values passing when both repeat rows and panels is used (#10488) * moved angular-mocks out of dependencies * ux: minor change to alert list page * ux: minor word change to alert list * fix: updated snapshot test * moves plugin proxy to plugin package * Add eu-west-3 in cloudwatch datasource default's region (#10477) * fix: Make sure orig files are not added to git again #10289 * improves name for plugin logger * fix: Remove conflict file #10289 * text panel: fix $apply already in progress error (#10486) * uses pluginmanagers log instead of global * 10389 react tooltip components (#10473) * test: Updated snapshot for UserPicker jest test #10289 * ux: When adding a new panel we should scroll to top until we figure o??? (#10417) * removes commented code * naming fixes and added test file * makes datasource handshake more explicit * backend plugins: improves logging * dashfolders: show/hide create folder or dashboard buttons * dashfolders: fix mergeconflict error * dashfolders: prettify * dashfolders: check permissions for new dashboard * dashfolders: allow any signed in user to get list of teams * fix gofmt warning * dashfolders: permissions for saving annotations * dashfolders: disable save button after save of acl * dashfolders: on folder page, hide tabs if not has admin permission * dashfolders: remove role requirements on dashboard routes * dashfolders: must have admin permission to save/see dash acl * dashfolders: prettify on tests file * dashfolders: permissions tab in dashboard settings * dashfolders: permissions tab for dashboard folders * fix for unsaved changes popup on tab close/refresh * fix: Clean up logging and remove unused css #10289 * fix: Rename directive user-pickerr (yes two r's) to select-user-picker * fix: Accidently added the conflict files (#10289) * test: Add snapshot tests for UserPicker and UserPickerOption (#10289) * fix: Add interface for props to UserPickerOption (#10289) * ux: POC on new select box for the user picker (#10289) * dashboard: fix opening links in new tab (#10465) * alert list: fix rendering timeout when share panel (#10467) * fix missing profile icon (#10469) * More fixes for relative urls when running Grafana under a different sub path (#10470) * put this.props.search in the Highlighter * moved state handling for search to store * Delete CopyQuery.png * Delete tgr288gear_line6.pdf * fix: added back colors to rootScope, fixes #10462 * fixed the subUrl bugs from https://community.grafana.com/t/suburl-not-work-at-some-links-and-buttons/4 701 with folder/settings/teams etc. * added /** @nginject */ * Fix typo in error message * updated snapshot * styling fix * added highlight to search * Updates go-stack to v1.7.0. * docs: adds note about tlsSkipVerify to docs * fixed regex issue * made a view of filtered list * updated jest file and snapshot * Remove silly noise * Update tests to match new reality, and rejig the implementation a bit to truly work as desired * Align queries to prometheus with the step to ensure 'rate' type expressions get consistent results * plugin: fix path for app plugins on windows * added search function * new styling and markup * cleanup: removed unused typescript typings import * new add alert notification channel icon * mobx: poc in using each store as individual prop on the react containers (#10414) * fix: Change max size of panel JSON editor so button is shown on smaller screens, #10346 (#10415) * poc: began react panel experiments, step2 * poc: began react panel experiments, step2 * Add AWS/AmazonMQ namespace metrics to CloudWatch tsdb (#10407) * add docs for using oauth login with OneLogin (#10385) * Update built_in_plugins.ts * poc: began react panel experiments * added empty list cta to notification channels, fixes 10393 (#10400) * mobx: fixed issue with view store, and added missing snapshot * tech: enzyme container test working * tech: enzyme container test working * react: trying to get enzyme and mobx tests working * tech: url and query mobx store so now react components and containers can read and modify url path and query via mobx store * tech: alert list react migration progress * fix info popover, #10302 (#10377) * fix move dashboard variables, #10347 (#10375) * dashfolders: relative links should work when root_path is specified (#10363) * fix mixed datasource add query button, #10316 (#10361) * tech: react mobx progress * Doc version and schemaVersion properties of dashboards * tech: began reworking alerting list to mobx * tech: progress on react pages * prom: fixes broken test * prom: make $__$interval the first suggested range vector * fixes log typo * imguploader: log if the configuration is invalid * changelog: adds note about closing #8955 * renderer: avoid calling Handle twice * migrated file to ts * dashboards as cfg: moves dashcash into its own file * dashboards as cfg: create dashboard folders if missing * fixed error * migrated files to ts * tests: for skipping with hidden folders * Implement Azure Blob external image uploader * migrated datasource to ts * tech: minor progress on mobx state tree & react containers, working on unit testing * Fix tooltip unit when legend isn't shown (#10348) * refactor: minor refactoring of PR #10236 * don't save dashboard on make editable, #10236 * fix scripted dashboard loader, #10350 (#10351) * new aws region cn-northwest-1 (#10353) * Dashboard: View JSON improvements (#10327) * refactor: tried to simplify and also minimize scope a bit for #10323 * ignore trailing whitespace (#10344) * (prometheus) show label name in paren after by/without/on/ignoring/group_left/group_right * dont spawn new subprocess while shutting down * Fix small singlestat value display * fix: fixed issue with optimized build, fixes #10333 * migrated file to ts (#10328) * plugins: restart killed plugins * query result should be a map * prom: removes limitation of one query per tsdb call * changelog: adds note about closing #10222 * pagerduty: fixes invalid default value * fix: remove unused code * dashboard: copy panel to clipboard * pagerduty: adds test for reading auto resolve setting * code formatting fix * migrated files to ts + fixed specfile * tech: cleaned up unused stuff * ux: removed unused stuff form style guide * prettier: ran on all files again, sorry. now settings are defined in package.json * tech: mobx tests * Add avatar to team and team members page (#10305) * Various dashboard folders improvements (#10309) * mobx: progress on poc * test for plugin path builder * merge backend datasources and datasources * use int64 for timestamps * fixes invalid valud/timestamp order * fix: unit test fixed * prettier: change to single quoting * ux: minor name change to search sections * db: fix postgres regression when comparing bsclean columns/values (#10303) * dashboard: delete row improvements * poc: mobx test * fix missing comma in documentation output example * fix broken link (#10291) * minor fixes and formatting after review * dashfolders: use validation service for folder creation and dashboard import. #10197 * dashfolders: support creating new folder when moving dashboards. #10197 * dashfolders: support creating new folder when saving a dashboard. #10197 * dashfolders: support creating new folder in dashboard settings. #10197 * dashfolders: support creating new folder from the folder picker. #10197 * poc: mobx poc * tech: ran prettier on all scss files * tech: ran pretttier on all typescript files * search: closes dash search when selecting current dashboard (#10285) * fix: Original dashboard link from snapshot should be an a-tag, not a button (#10269) (#10283) * dashboard: fixes #10262 * added new to new dahsboard and folder * test: Update test with new component signature * pushover: update default message * delete unused icon files * fix: The /logout route should always full page reload (#10277) * tech: added prettier to precommit * ux: Add icon to selected option in PageHeader navigation on small screens, update select boxes for Firefox so the arrow to the right is aligned with the other select boxes (#10190) * ux: Fix color picker positioning when scrolled down to the bottom of a page (#10258) (#10271) * test: remove unused code * alerting: make alert extractor backwards compatible * alerting: move test json into files * Use strings.TrimPrefix to make sure relative url doesn't start with forward slash * Update README.md * fix: Navigation on small screens when Grafana is installed in a sub directory (#10252) (#10261) * cloudwatch: fixed optimized build issue, fixes #10174 * fix text panel rows limit (#10246) * use ace editor in panel edit (#10245) * docs: mysql example with macro * docs: mysql macros update * fix: reduced team name column length, fixes #10244 * ux: Add missing icon for login with grafana-com, fixes #10238 (#10249) * Kinesis Metric Capitalization * merge backend-datasource and datasource type * dashfolder: nginject fix * teams: missing nginject attribute * grid: disable resize and drag on non editable dashboards, closes #10235 * logging: removed logging from panel loader * menu: fixed create default url * fix: dont show settings for viewers * prometheus: change default resolution to 1/1 * fix: viewers can edit now works correctly * fix: fixed minor ux and firefox issues, fixes #10228 * ux: minor fixes * profile: use name or fallback for profile page * fix: sidemenu profile main text is now username instead of name * build: update master version to 5.0.0-pre1 * dashfolder: change to migration text * ux:s sidemenu icon rules * teams: add team count when searching for team * changed background color for infobox and new blues in light theme, light theme now uses blue-dark in panel query (#10211) * ux: fixed navbar issue when sidemenu closes * ux: minor position change for layout selector, fixes #10217 * fix: view json from share modal now works, #10217 * ux: used new add data sources icon * dashfolders: styling of selected filters * dashfolders: styling of selected filters * dashfolders: fix moving plugin dashboard to folder * changelog: adds note about closing #9170 * dashfolders: fix folder selection dropdown in dashboard settings * fix for merge conflict * add links for large cta * resolve merge conflict * dashfolders: bulk move/delete improvements * snapshots: fixed snapshot issues, fixes #10214 * docs: include all notifiers type * replaced old table with filter-table, removed edit button, made whole rows to links * playlist: fixed playlist buttons in dashboard header, fixes #10213 * docs: update latest version to 4.6.3 * ux: minor changes to search input * Magnifying glass on search fields #10188 (#10206) * templating: made templateSrv globally accessable as ES6 module, DashboardRow can not interpolate row title * fix: ignore row clones in schema migration * proxyds: delete cookies except those listed in keepCookies * dshttpsettings: Move whitelisted cookies to end of config page * proxyds: failing test for keepCookies * dshttpsettings: add field for cookies that should be kept * dashfolders: /dashboards should render index page with a 200 OK * update version for packagecloud * dashfolders: bulk move/delete improvements * add release date for 4.6.3 * fix: after removed file * dashfolder: fix after backendSrv change * dashboard: fix test after merge conflict * orgswitcher: update test * Avoid ID validation before provisioning dashboards * annotation icon fix * udpate dark json icon * dashboard settings icons * replace icon on dashboard list (fa-th-large - looked squished) with a smaller version of dashbord icon. This may not be the best way to do the css, so it's a separate commit * new icons created and added to nav * changelog: adds note about closing #7481 * fixes broken unit test * alertmanager: endAt should only be used if we have the correct value * alertmanager: code style * alerting: reduce log level for notifiers * Alertmanager notifier: add "metric" labels if no tags * Alertmanager notifier: make it match the new notifier interface * support alertmanager * Replace Read Only Editor role with ViewersCanEdit setting (#10166) * dashfolders: bulk move dashboards synchronously * dashfolders: remove error message when moving to the same folder. #10135 * teams: Fixes to edit team page * ux: minor text change to #10177 * made template link look like input (#10198) * minor tweaks * execute process directly instead of creating sub shell * Dashboard grid fixes (#10194) * refactor: minor change to #10199 * fix broken 'd r' shortcut (refresh dashboard) (#10199) * ux: updated login page * fixes switching org when url contains orgId querystring param * build: fixed build issue * ux: refactoring login page change * navmodel: fix for signout link on pref page * change protip to go to manage dashboards * search: worked on search results * added select-wrapper to where it was missing for unified look * changelog: adds note about closing #10151 * ux: wip - Login animation POC (#9879) * changelog: adds note about closing #9318 * ux: Move "Sign up" and "Reset password" to its own pages - and remove all inline styling (#9879) * fixes broken alert eval when first condition is using OR * ux: org user management changes * removes unused property * fixed edit team header, fixes #10172 * changed width to input fields (#10184) * ux: added search box to ds list page, closes #10106 * ux: change members to users * plugins: fixed plugin edit page and plugin page * dashfolders: Minor css fixes for bulk edit * dashfolders: Minor css fixes for bulk edit * docs: SSL Mode config settings for Postgres * dashfolder: settings page for folder * removes verbose logging * fix: FolderId and IsFolder when saving dashboard * ux: fixed inactive view mode and removed animation * removed unused declaration * updated dashlink editor, now has list * fix: Handle state when no password is entered on registration page (#9879) * adding support for sgl native time datatypes * added missing cases for DATETIME datatype * ux: move add member into its own page (#10167) * Add a per-notifier ShouldNotify() * minor fix for #10136 * Fix graph legend scroll (#10169) * fix colorpicker colors order (width issue) (#10170) * graphite: remove check so that query is sent even for possible non leaf nodes * fix: fixed build failure * ux: Use the previously renamed classes (#9879) * fix: fixed dashboard api tests * fix: don't detect graphite version before it's saved * updated new dashboard folder * ux: style tweaks * ux: Update ui of login buttons via third parties and add link to sign up page (#9879) * redesigning links editor * ux: search look update * tech: updated version for react-grid item * build: fixed unit test failure * Extracted row matching function and added comments * allow overriding dashboards from api * redesigning links editor * graphite: minor fix for PR #10142 the query was being sent for every segmen t you selected before you completed the metric path * build: fixed broken test * refactor: minor change to panel json fix PR #10156 * Move panel JSON editor to modal dialog (#10156) * ux: minor updates to dashboard settings * ux: dashboard settings updated * new dashboard and folder in search (#10152) * avatar: avoid concurrent map writes * redesign dashlinks * fix: fixed issue with optimized build grid directive missing ngInject comment, fixes #10161 * annotations: allows template variables to be used in tag filter * Add default message for Pushover notifications * refactor: format files by gofmt * ux: Adjust margins when external auth providers are enabled (#9879) * ux: dashboard settings progress * ux: dashboard settings work progress * dashfolders: new dashboard with folder selected * ux: wip - Push pixels for new login, remove inline styling, change so we use media queries using min-width instead of max-width and make sure it looks ok across all screen sizes (#9879) * ux: dashboard settings work progress * backend plugins: manage plugins lifecycle with context * ux: dashboard settings progress * ux: dashboard settings progress * ux: dashboard settings progress * backend plugins: dont swallow errors * fix: fixed failing test * backend plugins: cleanup protobuf files * ux: dashboard settings progress * backend plugins: add more datasource params * Type-agnostic row merge in table transform for multiple queries * ux: dashboard settings progress * ux: fixed navbar and sidemenu z-index issue and improved responsive rules * code style * implement upstream changes * fix: fixed build failure * changelog: adds note about closing #10131 * Explicitly specify default region in CloudWatch datasource (#9440) * add encoding param * wait for all sub routines to finish * fix function re-ordering broken in #9436 * add missing value fill code to mysql datasource * hyphenhyphen * support metric trees of varying depth, never send '.select metric' to graphite * simplify function parameter addition * ux: dashboard settings progress * fix typo * ux: minor changes * implement missing value fill functionality for postgres * allow optional 3rd argument to timeGroup to control filling missing values * ux: navbar progress * improve handling of query references * build: fix for tslint * ux: form styles polish, improvement but can be better * pass tsdbQuery to transformToTimeSeries and transformToTable to get access to selected frontend timerange * demonstrate parseTarget issue * fix: fixed panel size rerendering issues * pass Query to MacroEngine Interpolate * ux: work on dashboard settings views * dashfolders: Do not allow loading a folder as a dashboard * fix: Remove console.log * dashfolders: Folder picker should set correct default values. Fixes #10135 * refactor: user groups to teams, replace rest mentions * refactor: user groups to teams, rename backend files * refactor: user groups to teams, rename frontend files * refactor: rename User Groups to Teams * changelog: adds ntoe about closing #10111 * ux: forms style font size change * ux: dashboard settings progress * postgres: change $__timeGroup macro to include "AS time" column alias (#10119) * new timepicker is working * dashfolders: Create nav model for folder page client side #10083 * ux: minor change to new folder page * fix for search dropdown on small screen + icon overlapping fix (#10091) * ux: added react scrollbar component and added it to add panel panel * tech: updated ngreact and with custom PR applied * refactoring: #10130 * Revert "Don't animate panels on initial render (#10130)" * Don't animate panels on initial render (#10130) * refactoring: fixing bug when all values are null * fixes broken test * dashfolders: Hide search input area when showing CTA. #10083 * ux: graph legend refactoring * improve error handling for datasources as cfg * improve sample datasource.yaml * make gitignore more generic * grid css transforms: minor refactor (#10128) * dashboard grid: enable CSS transforms (#10125) * fixes issue with datasource/dash as cfg and gitignore * refactoring: changing how graph height and legend height is calculated, using flex box seems to actually work, #10079 * dashfolders: create folder page * refactor: removed graph height from legend decimal calc * dashfolders: css fix * fixes failing tests * dashfolders: New Dashboard Folder page * fix: move components tests to specs folder * Fix go fmt * kill plugin processes when grafana shuts down * fix: v5 sidemenu & link to shortcuts now works, fixes #10087 * separate plugin impl and proto files * correct comments * add hclog wrapper for grafanas logger in plugins * add go-plugin deps to vendor * initial version of proto files * changelog: breaking regardless what your running * changelog: better styling * removes last pieces of dashboard.json * refactor: sidemenu toggle & hiding logic * changelog: note about closing #5269 and #9654 * dashboards as cfg: update docs to use /provisioning * dashboards as cfg: move dash/ds config files to /provisioning/* * dashboards as cfg: copy dash/ds files if missing * dashboards as cfg: include cfg files in dist packages * dashboards as cfg: avoid walking fs in parallel * dashboards as cfg: type * dashboards as cfg: disable loading dashboards from disk by default * dashboards as cfg: wire up dashboard repo * dashboards as cfg: use gocache for caching * dashboards as cfg: expose dashboard service as interface * dashboards as cfg: move saving logic for dashboards into its own service * dashboards as cfg: revert minor changes * dashboards as cfg: move dashboard saving into its own service * dashboards as cfg: minor tweaks * dashboards as cfg: make dashboard none editable by default * dashboards as cfg: more tests * dashboards as cfg: code cleanup * dashboards as cfg: read first cfg version * removed row to center footer (#10115) * ux: minor cleanup * mysql: pass timerange for template variable queries (#10071) * dashboard: fix edge case with keyboard nav in dashboard search. #10100 * Solves problem with Github authentication restriction by organization membership when the organization's access policy is set to "Access restricted". "Access restricted" policy should not stop user to authenticate. * graph: fix legend height calculation * postgres: pass timerange for template variable queries (#10069) * graph: move auto decimals calc to ticks.ts and use it for legend values format. * Resolves grafana/grafana:#9309 * dashboard: fix linting and formating - #10100 * dashboard: keyboard nav in dashboard search - closes #10100 * graph: refactor (don't render twice) * handle native postgres datetime types in annotation queries (#9986) * treat any text column in timeseries query as metric name unless column (#9985) * Fixing tabs for Grafana 5 - #10082 (#10103) * other panels now hidden, fixes 10088 (#10102) * fixed 404 for grafana5 + now responsive (#10101) * dashboard: fix search results tests #10083 * dashboard: Show CTA for empty lists/folders #10083 * dashboard: Dashboard folder page wip #10083 * prom: enable min interval per panel * Fix merge issue on multi-query table transforms * graph: fix karma tests * graph: render legend before graph * added tooltip, fixes #10092 (#10097) * graph: refactor * graph: convert legend.js to typescript * fixing a few fromattings * adding mssql docs * docs: link from cfg page to provisioning * reduce app icon by 3px on home dashboard - wasn't lining up properly with starred/recently viewed dasboard list properly * ux: minor style tweaks to cards and sidemenu icons for white theme * ux: tweaked light theme and made page container more fluid * dashboard: dashboard search results component. closes #10080 * docs: added utm_source for link from ds list page to docs page * updating the query editor's syntax highlighting mode to sqlserver * fixed grey colors in light-theme, added new variables, played a bit with blue * v5: removed permissions from dashboard cog dropdown, closes #10068 * nav: updated nav item id for manage dashboards * refactoring PR #10068 * dashboard: migrations for repeat rows (#10070) * Backwards-compat for multi-query table transform * graph: make legend scrollable * removes unused properties * Making the multi-query table transform the default table transform * ux: updated padding * ux: Add CTA for empty lists * move import menu item to the original place * move DashboardImportCtrl tests to jest * Move import dashboard from modal to the page * refactor: minor refactoring of #10027 * new grays for light theme * sidemenu: responsive sidemenu view for smallest breakpoint * add _tests for mssql data source * ux: tabs update * Tests for multi-query table transform * ux: updated modal header design * ux: progress on time picker dropdown version * fix templating undefined error (#10004) * tweaks to add panel panels * ux: updated dashboard nav * MSSQL Data Source * add server only build target "build-srv" * ux: dashboard setings progres * add Cloud Alchemy Ansible role * started on dashboard settings refactor * ux: add new panel and dash nav improvements * Added basic table transformer test * typo :bscm: * influxdb: pass tags to alerting from influxdb client * ux: dashboard nav update * ux: new dashnav design * ignore /conf/**/custom.yaml files * repeat row: refactor * Fix dashboard menu overlapping (#10044) * Add multiquery_table table transform * typo :bscm: * move systemd ready notification to server.go * changelog: adds note about closing #10024 * page header now on 99% of pages * navigation: more progress on new page header * ux: new page-header design, most pages beside admin done * fixed sass warnings * ux: made plugins page work * Use systemd notification where applicable * progress on page header * tweaked color on heatmap. still not there, but more vibrant * ux: new page header progress * added bundled dashboards * ux: progress on new page header * dashboard: when changing route, scroll to top * grafana-10039: fix query time range ends in the past * ux: work on page header * Revert "prometheus nested query support" * ux: updating header design for pages * fix: when navigating, scroll to top * repeat row: add more tests * ux: new page header design * tweak background size * new test svg background, minor form tweaks * ux: search filter box * ux: changed body default font size to 13px * test: fix failing postgres test * Added border radius and tightened up the folder boxes. Still needs to have the bottom margin expanded to 8px when in opened state (this needs @torkelo) * test: speedup mysql and postgres integration tests by 10-20x * repeat row: expose scopedVars to row panels * ux: search design update * repeat row: handle collapsed rows * notifier: Fixes path for uploaded image for Slack notifier * formatting in build file * dashboard: initial repeat row implementation * prometheus nested query support * fix render http[get] params error * test: close file before deleting * Restore Page Footer after migration to new scrollbar #9652 * export view json now templatized, fixes #10001 * dashfolders: Add a helper for creating a dashboard folder * dashfolders: revert automatic creation of folders for plugins * styling changes for light theme * grid: use single column layout for mobile devices (#9999) * fix panel solo mode (#10002) * dashlist: handle recent dashboards removed from backend * dashfolders: don't create app folder on dashboard import if already exists * dashfolders: create app folder on dashboard import * datasource: fix merge conflict - restore dashboards tab * search fix and update buttons on dashboard list page * fix: removed table background * build: fixed lint issue * fixed link i specs-file * Improve dashboard grid layout migration WIP (#9943) * test fix * updated libs and fixed new typescript errors * dashlist: Support for clear all filters * migrated viewstatesrv to ts * added yarn.lock file back * ux: table design work * panel: open panel menu by click on header * ux: search progress * worked on search * migrated four files from js to ts * migrated four files to ts, addd some code to config to make it work (#9980) * Update NOTICE.md * Update LICENSE.md * ux breadcrumb work * ux: sass fixes and polish * dashlist: Support for check/uncheck all * Migrate gfunc to ts (#9973) * migrated admin files to ts (#9975) * migration of org files from js to ts (#9974) * sass tweaks * dashlist: When searching should reset checked state to false * More js to ts (#9966) * dashlist: change scrollbar to new perfect scroll directive * docs: Improve delete snapshot documentation * ux: fixed sass issue * sass refactoring and updating styles for list item elements * dashlist: style list to be same as dash search * css tweaks and cleanup * removing gemini scrollbar and replacing with perfect scrollbar, muuuch better * dashlist: starred filter search * ux: tweaked panel color and dashboard background is same as page background * removed call to unused function in panel_ctrl * scrollable panels works better with perfect-scrollbar * Update latest.json * Optimized number of lines fetching in log file initialisation * work on scrollable panels * converted 3 .js files to .ts (#9958) * docs: adds docs for pausing all alerts * Removing file that got committed by accident * scrollable panels: fix initial content size (#9960) * Delete LICENSE.txt * dashlist: adds tag filter select (GitHub style) * [GCS] Support for gcs path * dashlist: toggle folders * dashboard: fix test for folderIds * allows head requests for /api/health endpoint * dashlist: fix tag filtering and some css * fix: fixed issue with metric segment introduced in graphite tags query editor PR * progress on scrollable panels work * mysql: add data source support for Azure MySql * fixed unit tests * fix: alert list panel now works correctly after adding manual annotation on dashboard, fixes #9951 * Elasticsearch max_concurrent_shard_requests parameter for es 5.6+ * prom: add prom2 dashboard as bundled dashboard * show top 5 max scrape durations by job, and fix legend format * fix scrape duration, add rule eval iteration stats, and reorg a bit * fix data source var and remove node_exporter dependency * First draft of a Prometheus 2.0 Stats dashboard * prom: initial docker block for prometheus 2 * tweak tabs: * color fix * make grays cooler * dashlist: started fixing js/css after design changes * updated search * more work on search * minor update to dashboard search * converted test-files to jest * improved search srv * converted influx-series to TS, converted test to jest * dashboard search * working on dashboard search * Move the loading flag to PanelCtrl (#9929) * graph: disable zoom in non-timeseries modes (#9914) * changed padding to pixels, fixes #9916 (#9924) * Use correct moments format for Showing last us time instead of value test (#9923) * Don't import JSON dashboards from hidden directories. * new design for login * fix: build & tests * search: add expanded folders * influxdb: another minor refactor of #9474 * refactor: refactoring InfluxDB query builder with policy PR #9473 * refactor: refactoring InfluxDB query builder with policy PR #9473 * docs: added versions_to_keep to config docs, #9671 * refactoring: minor refactor of clean up dashboard history PR #9882 * fix: fix for avatar images when gzip is turned on, fixes #5952 * elasticsearch: default version to 5.x * Adding a user in a specified organisation uses the admin API * panels: add css tweaks for scrollable panels * dashboard history clean up: avoid potential SQL injections * search: refactor search sql into a builder class * changelog: note about closing #9798 * removes invalid comment * api: fix so that datasources functions returns Response * changelog: note about closing #1789 * fix: Use Response as return type * fix: return id from api when creating new annotation/graphite annotation, fixes #9798 * datasources as cfg: adds docs for all jsondata and secure_json fields * graphite: minor changes * text panel: make scrollable * panels: general property which makes panel scrollable * datasources as cfg: convert yaml map into json for jsonData * fix: fix cloudwatch metricFindQuery error that stopped it working completely, fixes #9876 * dashlist: css adjustments for scrollbar * dashlist: fix resizing after mode switching * dashlist: add scrollbar * dashlist: fix panel resizing * docs: update metrics api path * changelog: adds note about closing #1871 * fixes: #1871 Dropdown starred (#9490) * dont loose subsecond precision when dealing with timestamp or (#9851) * graphite: progress on new query editor * datasource as cfg: fixes typos * docs: format cfg mgt tools as table * docs: adds more info about provisioning * datasource as cfg: update docs to include globbig * datasource as cfg: show deletes first in example * datasource as cfg: support globbing * datasource as cfg: enable editable ds's * datasource as cfg: add org_id to example config * tweak docs * datasource as cfg: adds readonly datasources * datasource as cfg: refactor to use bus * datasource as cfg: test for reading all properties * datasource as cfg: adds provisioning docs * datasource as cfg: rename feature to provisioning * datasource as cfg: improve name for this feature * datasource as cfg: refactor tests to use yaml files * datasource as cfg: ignore datasource all ready exist for inserts * datasource as cfg: add support for securedata field * datasource as cfg: setting for purging datasources not in cfg * datasources as cfg: tests for insert/updating datasources * datasource as cfg: basic implementation * More energy units (#9743) * Add feet to the length menu (#9889) * middleware: recovery handles panics in all handlers * sql: small fix to error handling * graphite: progress on new query editor * changelog: make prom fixes more explicit * dashboard history clean up: add tests * tech: ignore debug.test file created by VS Code * dashboard history: refactor after review * changelog: adds note about closing #9777 * prom: add support for default step param (#9866) * properly escape components of connection string (#9850) * refactor: changed string slicing to strings.TrimPrefix, #9862 * dashboard history: clean up dashboard version history * build: fixed jshint error * sync documentation, add remark about to_timestamp and redshift (#9841) * fix: Html escaping caused issue in InfluxDB query editor, could not pick greater than or less then operators, fixes #9871 * changelog: adds note about closing #8523 * teams: removes print statement * Add Microsoft Teams notifier * docs: update building from source doc with node-gyp * heatmap: fix tooltip in "Time series bucket" mode, #9332 (#9867) * fix: Table panel now renders annotations correctly. Fixes #9842 (#9868) * build: fixes build and jest tests on Windows * fix cloudwatch ec2_instance_attribute (#9718) * graph: the stack & legend sort sync was not working correctly, the z-index sorting that happened in after the legend sort order was applied and messed with the order even though the sort function returned zero for all entries, combined the sort function to one sort function, fixes #9789 (#9797) * not ok option to alert list, fixes: #9754 * changelog: note about closing #9661 * return empty array for no datapoints * fix query inspector for cloudwatch * Add AWS/NetworkELB to cloudwatch definitions * changelog: note about closing #9784 * test: adds tests for password encodiing * use SHOW RETENTIONS to test influxdb connection (#9824) * Use hex.EncodeToString to encode to hex * Added missing documentation for auth.proxy (#9796) * fix date test (#9811) * docker: expose statsd endpoint for graphite block * update lib/pq (#9788) * Update the config key to database_log_queries so it is more descriptive, as suggested in #9785. * graph: don't change original series name in histogram mode, #8886 (#9782) * MySQL Performance when using GF_DATABASE_URL Set MaxIdleConn and MaxOpenConn when using the GF_DATABASE_URL configuration. Also added GF_DATABASE_DEBUG flag to print SQL statements and SQL execution times. See #9784 for the details. * Update postgres.md * colorpicker: fix color string change #9769 (#9780) * refactor: alert list panel fixes and no alerts message, rewrite of PR #9721 * feat: refactoring hide time picker PR #9756 * search: began writing test for new search * changed class name for no-alerts * chore(docs): update the search Query Example * ux: search progress * dashfolders: fix for dashlist nav * reduce docker-compose header version * ux: progress on new search * ux: minor changes * ignore docker-compose.yaml * docs: update latest release to 4.6.1 * packages: update published package version * option to hide Time picker, fixes #2013 * fix: panel view now wraps, no scrolling required, fixes #9746 * changelog: set release date for 4.6.1 * changelog: adds note about closing #9707 * fix default alias * add period alias * plugins: fix for loading external plugins behind auth proxy, fixes #9509 * testdata: added manual entry mode to test data * new design for no alerts in alert-list, fixes #9721 * fix: fixed compiler error from #9676 * converted ng_model_on_blur.js to ts, deletedkeyboard_manager.js (#9676) * docs: update testdata enable explanantion * MAINTAINER is deprecated, now using LABEL * Update ROADMAP.md * Adding energy, area, and acceleration units (#9336) * tests: migrated tests for link_srv to jest, #9666 * Transitioning fig to docker-compose v3 * tests: migrated tests for link_srv to jest, #9666 * fix for dashboard tag link bug, fixes #9737 (#9739) * github: dont require bug/fr in title * changelog: adds note about closing #9713 * converted confirm_click.js to .ts (#9674) * Update codecov.yml * change default sslmode for postgres to verify-full (#9736) * fix: color picker bug at series overrides page, #9715 (#9738) * Update ROADMAP.md * tech: switch to golang 1.9.2 * always quote template variables for mysql when multi-value is allowed (#9712) * always quote template variables for postgres when multi-value or include (#9714) * fix: dashboard links dropdown toggle did not update view, fixes #9732 * docs: adds prom grafana dashboard * graphite: tag is required for values autocomplete * dashfolders: bulk edit tag filtering * Correct help message of api_dataproxy_request_all_milliseconds * changelog: adds note about closing #9645 * changelog: adds note about closing #9698 * ace editor for text panel * dashboards: bulk edit delete * tech: add missing include * dashboards: fix link to bulk edit * sql: remove title from annotation help * changelog: adds note about closing #9681 * fix: undefined is not an object evaluating this., #9538 * [Bug Fix] Opentsdb Alias issue (#9613) * fix: graphite annotation tooltip included undefined, fixes #9707 * Alertlist: Inform when no alerts in current time range * save as should only delete threshold for panels with alerts * graphite: tags and values autocomplete based on @DanCech PR to graphite-web * changelog: note for #9596 * add __timeGroup macro for mysql (#9596) * updated icons * docs: fix link * ux: testing 3px panel border radius * more link fixes * fixed link issues * renamed file * converted inspect_ctrl.js to ts (#9673) * converted dashboard_loaders.js to .ts (#9672) * declared any to info in declaration * converted analytics.js to ts, minor code formatting fix to timer.ts (#9663) * docs: updated download links * docs: update alerting with new data sources * changelog: spelling * plugins: added backward compatible path for rxjs * ux: updated singlestat default colors * prometheus: fixed unsaved changes warning when changing time range due to step option on query model was changed in datasource.query code, fixes #9675 * docs: updated changelog * fix: firefox can now create region annotations, fixes #9638 * changelog: adds note about closing #9639 * set release date for 4.6.0 * grid: work in progress on row repeats * dashfolders: rough draft of bulk edit * converted linkSrv.js to linkSrv.ts * docs: update docker installation docs * grid: minor changes * converted outline.js to outline.ts (#9658) * converted timer.js to timer.ts (#9656) * datasource as cfg: typo * Create codecov.yml * datasource as cfg: explain why cmd.version can be higher * #edit_grafana_organisation_apis_doc (#9651) * add a phantomjs execution status to log if errors happens, e.g. OOM killer kills it (#9644) * grid: worked on row options modal and row removal * dashboard: fix home dashboard getting started panel * Fix typo in template help tab * replace store.js with store.ts, test for store.ts (#9646) * tests: added test for DashboardRow * docs: update first page with data source guides * docs: document annotations for postgres/mysql * docs: update for template variables * changelog: spelling * Allow for multiple auto interval template variables (#9216) * changelog: adds note about closing #9645 * tech: remove rabbitmq event publisher * changelog: note for #9030 * dont quote variables for mysql and postgres datasource (#9611) * asscoiate comment with name * Update development.md * ux: row collapse / expand starting to work * changelog: adds note about closing #9640 * alerting: only editors can pause rules * prom: adds pre built grafana dashboard * changelog: adds note about closing #9636 * fix: another fix for playlist view state, #9639 * ux: updated icons * shore: migrating config/settings.js to typescript * fix: fixed playlist controls and view state, fixes #9639 * Fixed #9636 * shore: removed unused old system conf file * Use d3 from node_modules (#9625) * update log15 (#9622) * docs: update whats-new-in * changelog: small text change * changelog: v4.6.0-beta3 released * tech: annotations refactor, add tests for regions processing (#9618) * Move #9527 to 4.6.0-beta3 * build: disable jest on precommit hook -windows fix * build: fix all npm run commands for Windows * plugins: fixes path issue on Windows * build: tryingt of fix windows build issue * tests: removes commented tests * graph: invert order when sorting by legend * fix: escape series name in graph legend, added aliasEscaped to time series model to reuse escape, fixes #9615 * build: fixed gofmt issue and addd mock response feature * prometheus: enable gzip for /metrics endpoint * build: split circle test shell scripts * datasources: change to optimisic concurrency * build: reduced webpack log output and remove race flag from go tests * build: set max workers to 2 for jest * build: log heap usage * build: another build fix * tests: migrated two more tests to jest * build: fixed build failure * build: reworking pre commit hook * build: added precommit * fix: fixed tslint validation error * test: added first react snapshot test * docs: another docs fix * docs: fix docs redirect for older datasources index page, fixes #9609 * [Tech]: Start migrating to Jest for tests (#9610) * Fix typo in init.d script * graphite: auto detect version * graphite: improved version comparison * graphite: split tags and functions into 2 rows when seriesByTag used * graphite: add tags to dropdown and switch to tag editor if selected * plugins: expose dashboard impression store * ux: minor ux tweaks * Sort series in the same order as legend in graph panel (#9563) * fix: fixed save to file button in export modal, fixes #9586 * mysql: add usage stats for mysql * run go fmt * Add a setting to allow DB queries * note for #9527 * modify $__timeGroup macro so it can be used in select clause (#9527) * Fix heatmap Y axis rendering (#9580) * prometheus: add builtin template variable as range vectors * Note for #5457 * fix: fixed prometheus step issue that caused browser crash, fixes #9575 * changelog: adds note about closing #9551 * fix: getting started panel and mark adding data source as done, fixes #9568 * pluginloader: esModule true for systemjs config * Fixes for annotations API (#9577) * ux: new fixes * Grafana5 light (#9559) * When Messasge field is set for an alert, map it to the output field in a Sensu check result. If Message is empty, send "Grafana Metric Condition Met" * ux: work on rows * fix vector range * allow ":" character for metric name * build: added imports of rxjs utility functions * grid: row work * fix template variable expanding * annotations: quote reserved fields (#9550) * fix: fixed color pickers that were broken in minified builds, fixes #9549 * ux: align alert and btn colors * docs: doc updates * remove duplicative prometheus function * remove label match operator from keyword.operator * remove label match operator from keyword.operator * remove extra state push * fix typo * newgrid: row progress * styleguide: fix link in index * api: fix for dashboard version history * textpanel: fixes #9491 * graphite: datasource refactor * csv: fix import for saveAs shim * grid: minor progress on new row concept * ux: add panel progress * alert_tab: clear test result when testing rules * ux: worked on add panel function * plugins: expose more util and flot dependencies * (cloudwatch) fix cloudwatch query error over 24h (#9536) * Add autofocus tag for username field on login.html (#9526) * show error message when cloudwatch datasource can't add * ux: minor button changes * CloudWatch: Add ALB RequestCountPerTarget metric * ux: color tweaks * ux: testing out new icons * set nightly version to v4.7.0-pre1 * changelog: adds release date for v4.6.0-beta1 * ux: minor fixes * grid: fixed grid width issues * grid: repeat refactoring and unit tests * Missing dot in aws credentials path * newgrid: added constants, changed grid to 24 cols, added tests for panel repeats * docs: doc updates * grid: minor progress on panel repeats * changed name back to use underscore instead of camelcase, need to think more about this * fixed dashboard sorting * newgrid: worked panel duplicate * fix: various fixes for new grid * dashgrid: fix or skip tests for repeat rows * dashboardgrid: disable dynamic_dashboard_srv for now * ux: style tweaks * newgrid: various fixes * If retention policy is set for influxDB, preprend that to the measurement name for exploration queries. * newgrid: fixed migration code to new grid * docker: updated our graphite docker container * grid: edit/view now works * dashboard: fixes for panels without rows * webpack: changed devtools setting to stop exceptions * fix: ignore upgrading dashboard grid when there are no rows * grid: fixed migration for rows without height * ux: minor fix sidemenu * newgrid: progress on fullscreen/edit view modes * search: fix search to limit dashboards better * grid: fixed geting started panel pos * grid: progress on react grid * grid: progress on new grid, resize & saving layouts works * grid: minor progress * tech: got angular component to load inside react grid * grid: need to find a way to add angular component inside react * ux: initial react grid poc * graphite-tags: refactor, improve performance - remove unnecessary parseTarget() calls * graphite-tags: add tests * graphite-tags: refactor, use instead of * graphite-tags: initial tag editor * Update kbn.js * Update kbn.js * fixes * Use B/s instead Bps for Bytes per second * fix merge issue * develop: fixed more broken tests, couple still failing * ux: alternative row design * newgrid: fixes to default home dashboard * ux: minor fixes * ux: new grid progress * grid: minor progres on new grid * grid: minor progres on new grid * ux: minor button changes * ux: minor updates * ux: changed cta button style * minor fix * ux: added scroll to two pages * minor fix for page-h1 * grid work * progress on rows as panelsW * fixed unit tests * minor user avatar stuff * started on rows as panels in single grid * minor user list cahnge * users view update * ux: color tweaks * Moved around the columns a bit * ux: dashboard stuff * ux: minor changes * ux: sidemenu animation duration * ux: fixed sidenav issues * ux: sidemenu toggling * ux: sidenav fixes and dashboard search changes * ux: switching orgs now works through modal * ux: making org visibile in profile view * ux: more nav work * ux: nav fixes & polish * ux: more nav work * ux: more nav work * ux: navigation work * ux: sidenav fixes and dashboard search changes * ux: more work on sidemenu * Silly gradient added a placeholder. no more experimentation to be done here until Trent has a pass at it * ux: scrollbar stuff * Added drop shadown for sticky scrolling, moved colors into dark and light variables * Reduced size of breadcrumbs, additional form styling. Colors still need to be adjusted * Starting to play with new form styles * ux: minor scroll fix * ux: removed custom scrollbar look * ux: reduced size of sidemenu icons a bit * ux: testing fixed sidemenu and breadcrumbs * ux: minor navbar update * ux: new breadcrumb progress * ux: wip * ux: new page header look wip * ux: testing roboto font * ux: use flexbox for sidenav, put logo in sidenav * moving panels betwen rows are starting to work * grid: progress on row support * grid: new grid fixes * new-grid: fixed destory issues * grid: remove panel works * grid: updated gridstack to use grafana fork * feat: new grid fixes * minor fixes * updated * feat: new grid system progressW * ux: minor panel menu fix * ux: minor panel menu tweaks * ux: tweaks to new panel menu * updated * dashfolders: inherited permissions for dashboards * dashfolders: handle permission changes when saving/moving dashboards * added code from #8504, and #8021 * dashboard folder search fix * dashfolders: fix user group picker + cleanup * dashfolders: rename refactor * dashfolders: validation for duplicates in acl modal * minor update * ux: style tweaks, trying out non italic headers * ux: nav changes * added sidemeu stuff * dashfolders: use canadmin permission in settings menu * dashfolders: tests for permission modal * dashboard acl fixes * acl fixes * dashfolders: new admin permission needed to view/change acl * acl: more acl work * dashfolders: filter search based on child dash permissions * dashfolders: allows phantomjs rendering for alerting * dashfolders: allow overflow-y for modals * dashfolders: security for png rendering * dashboard acl stuff * dashboard acl work * dashboard acl * working on dashbord acl stuff * WIP: first draft of permissionlist panel * dashboard acl * dashboard acl work * WIP: fix js tests for acl * WIP: fix folder-picker for dashlist * dashboard acl work * refactoring: dashboard folders * dashboard acl modal * WIP: adding roles - not finished * refactoring: moving dashboards acl migrations to its own folder * WIP: fix acl route * refactoring: renaming * folders: changed api urls for dashboard acls * refactoring more renaming * refactoring renaming dashboard folder operations * dashboard_folders refactoring * refactoring dashboard folder security checks * dashboard guardian refactoring starting to work * dashboard folders acl work * refactoring dashoard folder guardian * WIP: refactor user group modal * refactoring: Dashboard guardian * WIP: remove unused test file * WIP: refactor dash search and remove extra query * WIP: move guardian logic for search into the sql query * WIP: remove dashboard children on delete * dashboard_folders: refactoring picker and folder selection in dashboard settings & save as menu * WIP: adds API check to stop folders being included in folders * use gf-form-dropdown in user picker * WIP: add test for add user group permission * WIP: can edit dashboard permission * WIP: clean up after user and org user delete * WIP: remove permissions when deleting global user * dashboard_folders: updated * WIP: delete dependent permissions on user group delete * dashboard_folders: fixes to user picker & group picker * dashboard_folders: fixes to user & group picker * minor update * WIP: permission checking for dash version api methods * ux: gridstack poc * Gridstack: testing * WIP: check permissions for delete/post dashboard * WIP: fixes after version history merge * ux: nav experiments * WIP: add permission check for GetDashboard * ux: side nav experiments * WIP: fix test after merge conflict * WIP: fix go fmt error * WIP: user + user-group pickers for permissions * WIP: API - add dash permission * WIP: user-picker directive * WIP: Permission Type as string in permission query * WIP: fixes after navbar changes * WIP: dashlist in template for new folder * WIP: refactor folder-picker for dashlist * WIP: dashboard search by folder + toggle for list or tree mode * WIP: adds folder-picker to save as dialog * WIP: use metric-segment for folder picker * WIP: add dummy root folder to folder picker * WIP: Create new dashboard button in dash search * WIP: permissions moved to settings tab. Adds folder dropdown to general settings tab * WIP: add parentid to getdashboard query result * WIP: dashboard search by type (folder or dash) * WIP: fix after upstream sqlstore refactoring * WIP: rollback * WIP: delete permission in API * WIP: user group additions * WIP: remove browse mode for dashboard search * WIP: get Dashboard Permissions * WIP: add open/closed folders icons for dash search * WIP: Can remove dashboard permission - sql * WIP: limit GetAllowedDashboards sql query with a where in * WIP: Add or update Dashboard ACL * WIP: guardian service for search * dashboard: sort search with dash folder first * WIP: add some TS types * WIP: edit user group page * WIP: API methods for add/remove members to user group * WIP: add update user group command * WIP: add new group, needs to be redone * WIP: add user group search * WIP: add usergroup commands and queries * WIP: rough prototype of dashboard folders * ux: very early start to new sidemenu * ux: very early start to new sidemenu * ux: minor tweak to faintness of icons of panel menu caret * ux: minor progress on panel title menu makover * use the original options parameter * use targets[0] as the options * pass the options along with a _seriesQuery * pass database parameter in the options * allow setting the database * ux: more work on panel menu * ux: panel title ux improvements poc * Sending image * Discord integration Changes in grafana-natel-discrete-panel: - Add recompress source service - Add set_version source service - Enable changesgenerate for tar_scm source service - Update to version 0.0.9: * split commands * put back the history Changes in openstack-cinder: - Update to version cinder-13.0.10.dev16: * VNX: delete the LUN from VNX backend - Update to version cinder-13.0.10.dev14: * Fix cross-project incremental backups - Update to version cinder-13.0.10.dev13: * Rollback the quota\_usages table when failed to create a incremental backup Changes in openstack-cinder: - Update to version cinder-13.0.10.dev16: * VNX: delete the LUN from VNX backend - Update to version cinder-13.0.10.dev14: * Fix cross-project incremental backups - Update to version cinder-13.0.10.dev13: * Rollback the quota\_usages table when failed to create a incremental backup Changes in openstack-dashboard: - Update to version horizon-14.1.1.dev7: * Fix horizon-nodejs jobs Changes in openstack-ironic: - Update to version ironic-11.1.5.dev16: * Retries and timeout for IPA command - Update to version ironic-11.1.5.dev14: * Update number of VM on ironic-base - Update to version ironic-11.1.5.dev12: * Clean up nodes in DELETING on conductor restart * Kill misbehaving \`ipmitool\` process - Update to version ironic-11.1.5.dev9: * Remove locks before RPC bus is started - Update to version ironic-11.1.5.dev7: * Pin ironic-tempest-plugin Changes in openstack-ironic: - Update to version ironic-11.1.5.dev16: * Retries and timeout for IPA command - Update to version ironic-11.1.5.dev14: * Update number of VM on ironic-base - Update to version ironic-11.1.5.dev12: * Clean up nodes in DELETING on conductor restart * Kill misbehaving \`ipmitool\` process - Update to version ironic-11.1.5.dev9: * Remove locks before RPC bus is started - Update to version ironic-11.1.5.dev7: * Pin ironic-tempest-plugin Changes in openstack-ironic-python-agent: - Update to version ironic-python-agent-3.3.4.dev5: * Fix TypeError on agent lookup failure * improve error messages during node lookup failures - Update to version ironic-python-agent-3.3.4.dev1: * Pin Ironic Tempest Plugin 3.3.3 Changes in openstack-manila: - Update to version manila-7.4.2.dev54: * Fix wrong capacity in pool\_stat for DellEMC manila drivers - Update to version manila-7.4.2.dev53: * Fix fallback share group snapshot implementation - Update to version manila-7.4.2.dev52: * [ci] Remove explicit compression of log files * [NetApp] Fix default ipspace deletion issue * [NetApp] Fix falsely report migration cancelation success * Harden LVM driver deletion paths * Update LVM volume extend - Update to version manila-7.4.2.dev44: * Get ports filtered by subnet id on share-server cleanup - Update to version manila-7.4.2.dev42: * [NetApp] Fix svm scoped account * [devstack] Allow cephfs daemon port access - Update to version manila-7.4.2.dev38: * [extended-maintenance-branches-only] Replace LVM job * Update NFS helper restart * Enforce policy checks getting share-type by name * CIFS extension failing because of volume in use Changes in openstack-manila: - Update to version manila-7.4.2.dev54: * Fix wrong capacity in pool\_stat for DellEMC manila drivers - Update to version manila-7.4.2.dev53: * Fix fallback share group snapshot implementation - Update to version manila-7.4.2.dev52: * [ci] Remove explicit compression of log files * [NetApp] Fix default ipspace deletion issue * [NetApp] Fix falsely report migration cancelation success * Harden LVM driver deletion paths * Update LVM volume extend - Add 0001-Rename-nfs-kernel-server-to-nfs-server.patch - Update to version manila-7.4.2.dev44: * Get ports filtered by subnet id on share-server cleanup - Update to version manila-7.4.2.dev42: * [NetApp] Fix svm scoped account * [devstack] Allow cephfs daemon port access - Update to version manila-7.4.2.dev38: * [extended-maintenance-branches-only] Replace LVM job * Update NFS helper restart * Enforce policy checks getting share-type by name * CIFS extension failing because of volume in use Changes in openstack-neutron: - Update to version neutron-13.0.8.dev95: * Fix deletion of subnet\_id from pd\_subnets - Update to version neutron-13.0.8.dev93: * Not remove the running router when MQ is unreachable - Update to version neutron-13.0.8.dev91: * [OVS][FW] Remote SG IDs left behind when a SG is removed - Update to version neutron-13.0.8.dev90: * [Stable only] Drop \*-master jobs * port\_forwarding: validate args before invoking db update - Update to version neutron-13.0.8.dev86: * Fix validation of IPv6 subnets with external RAs * Don't check if any bridges were recrected when OVS was restarted * [Security] fix allowed-address-pair 0.0.0.0/0 issue * Fix Traceback when running neutron-ipset-cleanup tool - Update to version neutron-13.0.8.dev79: * Ensure drop flows on br-int at agent startup for DVR too - Update to version neutron-13.0.8.dev78: * [stable only] Configure logging in keepalived\_state\_change * Don't add arp responder for non tunnel network port * Add config option \`\`http\_retries\`\` * Make \_ensure\_default\_security\_group method atomic * Update the processing of assigned addresses when assigning addresses Changes in openstack-neutron: - Update to version neutron-13.0.8.dev95: * Fix deletion of subnet\_id from pd\_subnets - Remove 0001-Revert-Do-not-block-connection-between-br-int-and-br.patch (fixed upstream) - Update to version neutron-13.0.8.dev93: * Not remove the running router when MQ is unreachable - Update to version neutron-13.0.8.dev91: * [OVS][FW] Remote SG IDs left behind when a SG is removed - Update to version neutron-13.0.8.dev90: * [Stable only] Drop \*-master jobs * port\_forwarding: validate args before invoking db update - Update to version neutron-13.0.8.dev86: * Fix validation of IPv6 subnets with external RAs * Don't check if any bridges were recrected when OVS was restarted * [Security] fix allowed-address-pair 0.0.0.0/0 issue * Fix Traceback when running neutron-ipset-cleanup tool - Update to version neutron-13.0.8.dev79: * Ensure drop flows on br-int at agent startup for DVR too - Update to version neutron-13.0.8.dev78: * [stable only] Configure logging in keepalived\_state\_change * Don't add arp responder for non tunnel network port * Add config option \`\`http\_retries\`\` * Make \_ensure\_default\_security\_group method atomic * Update the processing of assigned addresses when assigning addresses Changes in openstack-neutron-infoblox: - Switch to stable/rocky tarball - Declare LICENSE file correctly - Add Epoch neccessary due to last version update's jump to 11.0.1 (and subsequent return to 2.0.3 by upstream) - Update to 2.0.3~dev102 * Adding the router code back IT got removed in previous commit * Modified to 14.0.0 * OpenDev Migration Patch * Replace openstack.org git:// URLs with https:// * Release 13.0.0 Rocky * upgrading infoblox client to 0.4.21 * Corrected master branch as per neutron master * Fixed issue of stale entry for dhcp ip if ip allocation strategy is fixed address * Bumped infoblox-client version to 0.4.19 * Added proper log message which reflects cause of failure * Removed OS\_REGION\_NAME dependency from sync tools Changes in openstack-nova: - Update to version nova-18.3.1.dev54: * compute: Allow snapshots to be created from PAUSED volume backed instances - Update to version nova-18.3.1.dev52: * FUP for in-place numa rebuild * Disable NUMATopologyFilter on rebuild * Block rebuild when NUMA topology changed * Remove 'test\_cold\_migrate\_with\_physnet\_fails' test - Update to version nova-18.3.1.dev44: * objects: Update keypairs when saving an instance - Update to version nova-18.3.1.dev43: * zuul: remove legacy-tempest-dsvm-neutron-dvr-multinode-full - Update to version nova-18.3.1.dev42: * fix scsi disk unit number of the attaching volume when cdrom bus is scsi * Check cherry-pick hashes in pep8 tox target * Reject bsct request for unsupported images Changes in openstack-nova: - Update to version nova-18.3.1.dev54: * compute: Allow snapshots to be created from PAUSED volume backed instances - Add 0004-Provide-VIR_MIGRATE_PARAM_PERSIST_XML-during-live-migration.patch (bsc#1175484, CVE-2020-17376) - Update to version nova-18.3.1.dev52: * FUP for in-place numa rebuild * Disable NUMATopologyFilter on rebuild * Block rebuild when NUMA topology changed * Remove 'test\_cold\_migrate\_with\_physnet\_fails' test - Update to version nova-18.3.1.dev44: * objects: Update keypairs when saving an instance - Update to version nova-18.3.1.dev43: * zuul: remove legacy-tempest-dsvm-neutron-dvr-multinode-full - Update to version nova-18.3.1.dev42: * fix scsi disk unit number of the attaching volume when cdrom bus is scsi * Check cherry-pick hashes in pep8 tox target * Reject bsct request for unsupported images Changes on rubygem-crowbar-client: - Update to 3.9.3 - Enable restricted commands for Cloud 7 (bsc#1117080, CVE-2018-17954) Changes in python-Flask-Cors: - Add patches to fix a relative directory traversal issue (bsc#1175986, CVE-2020-25032): * 0001-Handle-request_headers-None.patch * 0002-Fix-request-path-normalization.patch Changes in storm: - Fix duplicate BuildRequire on storm-kit - update to 1.2.3 (SOC-9974, CVE-2019-0202, SOC-9998, CVE-2018-11779): * 1.2.3 * [STORM-3233] - Upgrade zookeeper client to newest version (3.4.13) * [STORM-3077] - Upgrade Disruptor version to 3.3.11 * [STORM-3083] - Upgrade HikariCP version to 2.4.7 * [STORM-3094] - Topology name needs to be validated at storm-client * [STORM-3222] - Fix KafkaSpout internals to use LinkedList instead of ArrayList * [STORM-3292] - Trident HiveState must flush writers when the batch commits * [STORM-3013] - Deactivated topology restarts if data flows into Kafka * [STORM-3028] - HdfsSpout does not handle empty files in case of ack enabled * [STORM-3046] - Getting a NPE leading worker to die when starting a topology. * [STORM-3047] - Ensure Trident emitter refreshPartitions is only called with partitions assigned to the emitter * [STORM-3055] - never refresh connection * [STORM-3068] - STORM_JAR_JVM_OPTS are not passed to storm-kafka-monitor properly * [STORM-3082] - NamedTopicFilter can't handle topics that don't exist yet * [STORM-3087] - FluxBuilder.canInvokeWithArgs is too permissive when the method parameter type is a primitive * [STORM-3090] - The same offset value is used by the same partition number of different topics. * [STORM-3097] - Remove storm-druid in 2.x and deprecate support for it in 1.x * [STORM-3102] - Storm Kafka Client performance issues with Kafka Client v1.0.0 * [STORM-3109] - Wrong canonical path set to STORM_LOCAL_DIR in storm kill_workers * [STORM-3110] - Supervisor does not kill all worker processes in secure mode in case of user mismatch * [STORM-3121] - Fix flaky metrics tests in storm-core * [STORM-3122] - FNFE due to race condition between "async localizer" and "update blob" timer thread * [STORM-3123] - Storm Kafka Monitor does not work with Kafka over two-way SSL * [STORM-3161] - Local mode should force setting min replication count to 1 * [STORM-3164] - Multilang storm.py uses traceback.format_exc incorrectly * [STORM-3184] - Storm supervisor log showing keystore and truststore password in plaintext * [STORM-3201] - kafka spout lag on UI needs some cleanup * [STORM-3301] - The KafkaSpout can in some cases still replay tuples that were already committed * [STORM-3381] - Upgrading to Zookeeper 3.4.14 added an LGPL dependency * [STORM-3384] - storm set-log-level command throws wrong exception when the topology is not running * [STORM-3086] - Update Flux documentation to demonstrate static factory methods (STORM-2796) * [STORM-3089] - Document worker hooks on the hooks page * [STORM-3199] - Metrics-ganglia depends on an LGPL library, so we shouldn't depend on it * [STORM-3289] - Add note about KAFKA-7044 to storm-kafka-client compatibility docs * [STORM-3330] - Migrate parts of storm-webapp, and reduce use of mocks for files * 1.2.2 * [STORM-3026] - Upgrade ZK instance for security * [STORM-3027] - Make Impersonation Optional * [STORM-2896] - Support automatic migration of offsets from storm-kafka to storm-kafka-client KafkaSpout * [STORM-2997] - Add logviewer ssl module in SECURITY.md * [STORM-3006] - Distributed RPC documentation needs an update * [STORM-3011] - Use default bin path in flight.bash if $JAVA_HOME is undefined * [STORM-3022] - Decouple storm-hive UTs with Hive * [STORM-3039] - Ports of killed topologies remain in TIME_WAIT state preventing to start new topology * [STORM-3069] - Allow users to specify maven local repository directory for storm submit tool * [STORM-2911] - SpoutConfig is serializable but does not declare a serialVersionUID field * [STORM-2967] - Upgrade jackson to latest version 2.9.4 * [STORM-2968] - Exclude a few unwanted jars from storm-autocreds * [STORM-2978] - The fix for STORM-2706 is broken, and adds a transitive dependency on Zookeeper 3.5.3-beta for projects that depend on e.g. storm-kafka * [STORM-2979] - WorkerHooks EOFException during run_worker_shutdown_hooks * [STORM-2981] - Upgrade Curator to lastest patch version * [STORM-2985] - Add jackson-annotations to dependency management * [STORM-2988] - "Error on initialization of server mk-worker" when using org.apache.storm.metrics2.reporters.JmxStormReporter on worker * [STORM-2989] - LogCleaner should preserve current worker.log.metrics * [STORM-2993] - Storm HDFS bolt throws ClosedChannelException when Time rotation policy is used * [STORM-2994] - KafkaSpout consumes messages but doesn't commit offsets * [STORM-3043] - NullPointerException thrown in SimpleRecordTranslator.apply() * [STORM-3052] - Let blobs un archive * [STORM-3059] - KafkaSpout throws NPE when hitting a null tuple if the processing guarantee is not AT_LEAST_ONCE * [STORM-2960] - Better to stress importance of setting up proper OS account for Storm processes * [STORM-3060] - Configuration mapping between storm-kafka and storm-kafka-client * [STORM-2952] - Deprecate storm-kafka in 1.x * [STORM-3005] - [DRPC] LinearDRPCTopologyBuilder shouldn't be deprecated Changes in storm-kit: - Add _constraints to prevent build from running out of disk space - Updated kit for storm-1.2.3 Changes in venv-openstack-cinder: - Ensure that python-swiftclient is pulled into the built venv via an explicit BuildRequires directive. (SOC-10522) Changes in venv-openstack-horizon: - Ensure SOC 9 package obsoletes equivalent HOS 8 package (SOC-11184) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2876=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2876=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): crowbar-core-6.0+git.1598519900.770074aa7-3.28.4 crowbar-core-branding-upstream-6.0+git.1598519900.770074aa7-3.28.4 grafana-6.7.4-3.17.1 grafana-debuginfo-6.7.4-3.17.1 ruby2.1-rubygem-crowbar-client-3.9.3-3.9.1 storm-1.2.3-3.3.4 storm-nimbus-1.2.3-3.3.4 storm-supervisor-1.2.3-3.3.4 - SUSE OpenStack Cloud Crowbar 9 (noarch): grafana-natel-discrete-panel-0.0.9-4.3.3 openstack-cinder-13.0.10~dev16-3.25.3 openstack-cinder-api-13.0.10~dev16-3.25.3 openstack-cinder-backup-13.0.10~dev16-3.25.3 openstack-cinder-scheduler-13.0.10~dev16-3.25.3 openstack-cinder-volume-13.0.10~dev16-3.25.3 openstack-dashboard-14.1.1~dev7-3.18.3 openstack-ironic-11.1.5~dev16-3.22.3 openstack-ironic-api-11.1.5~dev16-3.22.3 openstack-ironic-conductor-11.1.5~dev16-3.22.3 openstack-ironic-python-agent-3.3.4~dev5-3.16.2 openstack-manila-7.4.2~dev54-4.27.3 openstack-manila-api-7.4.2~dev54-4.27.3 openstack-manila-data-7.4.2~dev54-4.27.3 openstack-manila-scheduler-7.4.2~dev54-4.27.3 openstack-manila-share-7.4.2~dev54-4.27.3 openstack-neutron-13.0.8~dev95-3.28.3 openstack-neutron-dhcp-agent-13.0.8~dev95-3.28.3 openstack-neutron-ha-tool-13.0.8~dev95-3.28.3 openstack-neutron-l3-agent-13.0.8~dev95-3.28.3 openstack-neutron-linuxbridge-agent-13.0.8~dev95-3.28.3 openstack-neutron-macvtap-agent-13.0.8~dev95-3.28.3 openstack-neutron-metadata-agent-13.0.8~dev95-3.28.3 openstack-neutron-metering-agent-13.0.8~dev95-3.28.3 openstack-neutron-openvswitch-agent-13.0.8~dev95-3.28.3 openstack-neutron-server-13.0.8~dev95-3.28.3 openstack-nova-18.3.1~dev54-3.28.3 openstack-nova-api-18.3.1~dev54-3.28.3 openstack-nova-cells-18.3.1~dev54-3.28.3 openstack-nova-compute-18.3.1~dev54-3.28.3 openstack-nova-conductor-18.3.1~dev54-3.28.3 openstack-nova-console-18.3.1~dev54-3.28.3 openstack-nova-novncproxy-18.3.1~dev54-3.28.3 openstack-nova-placement-api-18.3.1~dev54-3.28.3 openstack-nova-scheduler-18.3.1~dev54-3.28.3 openstack-nova-serialproxy-18.3.1~dev54-3.28.3 openstack-nova-vncproxy-18.3.1~dev54-3.28.3 python-cinder-13.0.10~dev16-3.25.3 python-horizon-14.1.1~dev7-3.18.3 python-ironic-11.1.5~dev16-3.22.3 python-manila-7.4.2~dev54-4.27.3 python-neutron-13.0.8~dev95-3.28.3 python-nova-18.3.1~dev54-3.28.3 python-openstack_auth-14.1.1~dev7-3.18.3 - SUSE OpenStack Cloud 9 (noarch): ardana-ansible-9.0+git.1596813072.110811d-3.25.2 ardana-cinder-9.0+git.1596129576.0b3d3ce-3.13.2 ardana-cobbler-9.0+git.1588258487.3acf8ad-3.16.2 ardana-installer-ui-9.0+git.1569535129.ca87ef0-3.13.2 ardana-installer-ui-debugsource-9.0+git.1569535129.ca87ef0-3.13.2 ardana-opsconsole-ui-9.0+git.1566593422.813e56c-4.13.2 ardana-osconfig-9.0+git.1597427032.a062830-3.19.2 grafana-natel-discrete-panel-0.0.9-4.3.3 openstack-cinder-13.0.10~dev16-3.25.3 openstack-cinder-api-13.0.10~dev16-3.25.3 openstack-cinder-backup-13.0.10~dev16-3.25.3 openstack-cinder-scheduler-13.0.10~dev16-3.25.3 openstack-cinder-volume-13.0.10~dev16-3.25.3 openstack-dashboard-14.1.1~dev7-3.18.3 openstack-ironic-11.1.5~dev16-3.22.3 openstack-ironic-api-11.1.5~dev16-3.22.3 openstack-ironic-conductor-11.1.5~dev16-3.22.3 openstack-ironic-python-agent-3.3.4~dev5-3.16.2 openstack-manila-7.4.2~dev54-4.27.3 openstack-manila-api-7.4.2~dev54-4.27.3 openstack-manila-data-7.4.2~dev54-4.27.3 openstack-manila-scheduler-7.4.2~dev54-4.27.3 openstack-manila-share-7.4.2~dev54-4.27.3 openstack-neutron-13.0.8~dev95-3.28.3 openstack-neutron-dhcp-agent-13.0.8~dev95-3.28.3 openstack-neutron-ha-tool-13.0.8~dev95-3.28.3 openstack-neutron-l3-agent-13.0.8~dev95-3.28.3 openstack-neutron-linuxbridge-agent-13.0.8~dev95-3.28.3 openstack-neutron-macvtap-agent-13.0.8~dev95-3.28.3 openstack-neutron-metadata-agent-13.0.8~dev95-3.28.3 openstack-neutron-metering-agent-13.0.8~dev95-3.28.3 openstack-neutron-openvswitch-agent-13.0.8~dev95-3.28.3 openstack-neutron-server-13.0.8~dev95-3.28.3 openstack-nova-18.3.1~dev54-3.28.3 openstack-nova-api-18.3.1~dev54-3.28.3 openstack-nova-cells-18.3.1~dev54-3.28.3 openstack-nova-compute-18.3.1~dev54-3.28.3 openstack-nova-conductor-18.3.1~dev54-3.28.3 openstack-nova-console-18.3.1~dev54-3.28.3 openstack-nova-novncproxy-18.3.1~dev54-3.28.3 openstack-nova-placement-api-18.3.1~dev54-3.28.3 openstack-nova-scheduler-18.3.1~dev54-3.28.3 openstack-nova-serialproxy-18.3.1~dev54-3.28.3 openstack-nova-vncproxy-18.3.1~dev54-3.28.3 python-Flask-Cors-3.0.3-4.3.2 python-cinder-13.0.10~dev16-3.25.3 python-horizon-14.1.1~dev7-3.18.3 python-ironic-11.1.5~dev16-3.22.3 python-manila-7.4.2~dev54-4.27.3 python-neutron-13.0.8~dev95-3.28.3 python-nova-18.3.1~dev54-3.28.3 python-openstack_auth-14.1.1~dev7-3.18.3 venv-openstack-cinder-x86_64-13.0.10~dev16-3.22.3 venv-openstack-horizon-x86_64-14.1.1~dev7-4.21.3 venv-openstack-ironic-x86_64-11.1.5~dev16-4.17.2 venv-openstack-manila-x86_64-7.4.2~dev54-3.23.2 venv-openstack-neutron-x86_64-13.0.8~dev95-6.21.3 venv-openstack-nova-x86_64-18.3.1~dev54-3.21.2 - SUSE OpenStack Cloud 9 (x86_64): grafana-6.7.4-3.17.1 grafana-debuginfo-6.7.4-3.17.1 storm-1.2.3-3.3.4 storm-nimbus-1.2.3-3.3.4 storm-supervisor-1.2.3-3.3.4 References: https://www.suse.com/security/cve/CVE-2018-11779.html https://www.suse.com/security/cve/CVE-2018-17954.html https://www.suse.com/security/cve/CVE-2018-18623.html https://www.suse.com/security/cve/CVE-2018-18624.html https://www.suse.com/security/cve/CVE-2018-18625.html https://www.suse.com/security/cve/CVE-2019-0202.html https://www.suse.com/security/cve/CVE-2020-11110.html https://www.suse.com/security/cve/CVE-2020-17376.html https://www.suse.com/security/cve/CVE-2020-25032.html https://bugzilla.suse.com/1117080 https://bugzilla.suse.com/1142617 https://bugzilla.suse.com/1143163 https://bugzilla.suse.com/1172450 https://bugzilla.suse.com/1174583 https://bugzilla.suse.com/1175484 https://bugzilla.suse.com/1175986 From sle-security-updates at lists.suse.com Wed Oct 7 10:16:46 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 7 Oct 2020 18:16:46 +0200 (CEST) Subject: SUSE-SU-2020:2877-1: important: Security update for qemu Message-ID: <20201007161646.4624DFD12@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2877-1 Rating: important References: #1174386 #1174641 #1174863 #1175370 #1175441 #1176494 Cross-References: CVE-2020-14364 CVE-2020-15863 CVE-2020-16092 CVE-2020-24352 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for qemu fixes the following issues: - CVE-2020-14364: Fixed an OOB access while processing USB packets (bsc#1175441,bsc#1176494). - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs (bsc#1174641). - CVE-2020-15863: Fixed a buffer overflow in the XGMAC device (bsc#1174386). - CVE-2020-24352: Fixed an out-of-bounds read/write in ati-vga device emulation in ati_2d_blt (bsc#1175370). - Allow to IPL secure guests with -no-reboot (bsc#1174863) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2877=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2877=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): qemu-4.2.1-11.10.1 qemu-block-curl-4.2.1-11.10.1 qemu-block-curl-debuginfo-4.2.1-11.10.1 qemu-block-iscsi-4.2.1-11.10.1 qemu-block-iscsi-debuginfo-4.2.1-11.10.1 qemu-block-rbd-4.2.1-11.10.1 qemu-block-rbd-debuginfo-4.2.1-11.10.1 qemu-block-ssh-4.2.1-11.10.1 qemu-block-ssh-debuginfo-4.2.1-11.10.1 qemu-debuginfo-4.2.1-11.10.1 qemu-debugsource-4.2.1-11.10.1 qemu-guest-agent-4.2.1-11.10.1 qemu-guest-agent-debuginfo-4.2.1-11.10.1 qemu-lang-4.2.1-11.10.1 qemu-ui-spice-app-4.2.1-11.10.1 qemu-ui-spice-app-debuginfo-4.2.1-11.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x x86_64): qemu-kvm-4.2.1-11.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (ppc64le): qemu-ppc-4.2.1-11.10.1 qemu-ppc-debuginfo-4.2.1-11.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64): qemu-arm-4.2.1-11.10.1 qemu-arm-debuginfo-4.2.1-11.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): qemu-ipxe-1.0.0+-11.10.1 qemu-microvm-4.2.1-11.10.1 qemu-seabios-1.12.1+-11.10.1 qemu-sgabios-8-11.10.1 qemu-vgabios-1.12.1+-11.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): qemu-audio-alsa-4.2.1-11.10.1 qemu-audio-alsa-debuginfo-4.2.1-11.10.1 qemu-audio-pa-4.2.1-11.10.1 qemu-audio-pa-debuginfo-4.2.1-11.10.1 qemu-ui-curses-4.2.1-11.10.1 qemu-ui-curses-debuginfo-4.2.1-11.10.1 qemu-ui-gtk-4.2.1-11.10.1 qemu-ui-gtk-debuginfo-4.2.1-11.10.1 qemu-x86-4.2.1-11.10.1 qemu-x86-debuginfo-4.2.1-11.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x): qemu-s390-4.2.1-11.10.1 qemu-s390-debuginfo-4.2.1-11.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-4.2.1-11.10.1 qemu-debugsource-4.2.1-11.10.1 qemu-tools-4.2.1-11.10.1 qemu-tools-debuginfo-4.2.1-11.10.1 References: https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-15863.html https://www.suse.com/security/cve/CVE-2020-16092.html https://www.suse.com/security/cve/CVE-2020-24352.html https://bugzilla.suse.com/1174386 https://bugzilla.suse.com/1174641 https://bugzilla.suse.com/1174863 https://bugzilla.suse.com/1175370 https://bugzilla.suse.com/1175441 https://bugzilla.suse.com/1176494 From sle-security-updates at lists.suse.com Thu Oct 8 10:14:43 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 8 Oct 2020 18:14:43 +0200 (CEST) Subject: SUSE-SU-2020:2879-1: important: Security update for the Linux Kernel Message-ID: <20201008161443.B90BAFD14@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2879-1 Rating: important References: #1055186 #1058115 #1065600 #1065729 #1094244 #1136666 #1152148 #1152472 #1152489 #1153274 #1154353 #1155518 #1155798 #1156395 #1167527 #1170232 #1170774 #1171000 #1171068 #1171073 #1171558 #1171688 #1171742 #1172419 #1172757 #1172873 #1173017 #1173060 #1173115 #1173267 #1173746 #1174029 #1174110 #1174111 #1174358 #1174484 #1174486 #1174899 #1175263 #1175667 #1175718 #1175749 #1175787 #1175882 #1175952 #1175996 #1175997 #1175998 #1175999 #1176000 #1176001 #1176019 #1176022 #1176038 #1176063 #1176137 #1176235 #1176236 #1176237 #1176242 #1176278 #1176357 #1176358 #1176359 #1176360 #1176361 #1176362 #1176363 #1176364 #1176365 #1176366 #1176367 #1176381 #1176423 #1176449 #1176482 #1176486 #1176507 #1176536 #1176537 #1176538 #1176539 #1176540 #1176541 #1176542 #1176544 #1176545 #1176546 #1176548 #1176558 #1176559 #1176587 #1176588 #1176659 #1176698 #1176699 #1176700 #1176721 #1176722 #1176725 #1176732 #1176763 #1176775 #1176788 #1176789 #1176833 #1176869 #1176877 #1176925 #1176962 #1176980 #1176990 #1177021 #1177030 Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14385 CVE-2020-14390 CVE-2020-2521 CVE-2020-25284 CVE-2020-26088 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 105 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14385: Fixed a failure of the file system metadata validator in XFS which could have caused an inode with a valid, user-creatable extended attribute to be flagged as corrupt (bsc#1176137). The following non-security bugs were fixed: - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA: firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda: fixup headset for ASUS GX502 laptop (git-fixes). - ALSA: hda: hdmi - add Rocketlake support (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - ALSA: hda/realtek - The Mic on a RedmiBook does not work (git-fixes). - ALSA: hda/tegra: Program WAKEEN register for Tegra (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for UR22C (git-fixes). - ALSA: usb-audio: Disable autosuspend for Lenovo ThinkStation P620 (git-fixes). - arm64: paravirt: Initialize steal time when cpu is online (bsc#1176833). - ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt (git-fixes). - ASoC: img-parallel-out: Fix a reference count leak (git-fixes). - ASoC: meson: axg-toddr: fix channel order on g12 platforms (git-fixes). - ASoC: qcom: common: Fix refcount imbalance on error (git-fixes). - ASoC: qcom: Set card->owner to avoid warnings (git-fixes). - ASoC: SOF: Intel: add PCI ID for CometLake-S (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ata: ahci: use ata_link_info() instead of ata_link_printk() (jsc#SLE-14459). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: Fix own OGM check in aggregated OGMs (git-fixes). - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: btrtl: Add support for RTL8761B (bsc#1177021). - bnxt: do not enable NAPI until rings are ready (git-fixes). - bnxt_en: Check for zero dir entries in NVRAM (git-fixes). - bnxt_en: Do not query FW when netif_running() is false (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bnxt_en: fix HWRM error when querying VF temperature (git-fixes). - bnxt_en: Fix PCI AER error recovery flow (git-fixes). - bnxt_en: Fix possible crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix race when modifying pause settings (networking-stable-20_07_29). - bonding: check error value of register_netdevice() immediately (networking-stable-20_07_29). - bonding: check return value of register_netdevice() in bond_newlink() (networking-stable-20_07_29). - bonding: fix a potential double-unregister (git-fixes). - bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1155518). - bpf: map_seq_next should always increase position index (bsc#1155518). - btrfs: add a leak check for roots (bsc#1176019). - btrfs: add __cold attribute to more functions (bsc#1176019). - btrfs: add dedicated members for start and length of a block group (bsc#1176019). - btrfs: Add read_backup_root (bsc#1176019). - btrfs: block-group: Refactor btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: Reuse the item key from caller of read_one_block_group() (bsc#1176019). - btrfs: Cleanup and simplify find_newest_super_backup (bsc#1176019). - btrfs: clear DEAD_RELOC_TREE before dropping the reloc root (bsc#1176019). - btrfs: do not init a reloc root if we are not relocating (bsc#1176019). - btrfs: Do not use objectid_mutex during mount (bsc#1176019). - btrfs: drop block from cache on error in relocation (bsc#1176019). - btrfs: drop create parameter to btrfs_get_extent() (bsc#1176019). - btrfs: drop unused parameter is_new from btrfs_iget (bsc#1176019). - btrfs: export and rename free_fs_info (bsc#1176019). - btrfs: export and use btrfs_read_tree_root for tree-log (bsc#1176019). - btrfs: Factor out tree roots initialization during mount (bsc#1176019). - btrfs: fix setting last_trans for reloc roots (bsc#1176019). - btrfs: free more things in btrfs_free_fs_info (bsc#1176019). - btrfs: free the reloc_control in a consistent way (bsc#1176019). - btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root (bsc#1176019). - btrfs: hold a ref for the root in btrfs_find_orphan_roots (bsc#1176019). - btrfs: hold a ref on fs roots while they're in the radix tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_check_uuid_tree_entry (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_send (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_log_trees (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_relocation (bsc#1176019). - btrfs: hold a ref on the root in __btrfs_run_defrag_inode (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree_user (bsc#1176019). - btrfs: hold a ref on the root in build_backref_tree (bsc#1176019). - btrfs: hold a ref on the root in create_pending_snapshot (bsc#1176019). - btrfs: hold a ref on the root in create_reloc_inode (bsc#1176019). - btrfs: hold a ref on the root in create_subvol (bsc#1176019). - btrfs: hold a ref on the root in find_data_references (bsc#1176019). - btrfs: hold a ref on the root in fixup_tree_root_location (bsc#1176019). - btrfs: hold a ref on the root in get_subvol_name_from_objectid (bsc#1176019). - btrfs: hold a ref on the root in merge_reloc_roots (bsc#1176019). - btrfs: hold a ref on the root in open_ctree (bsc#1176019). - btrfs: hold a ref on the root in prepare_to_merge (bsc#1176019). - btrfs: hold a ref on the root in record_reloc_root_in_trans (bsc#1176019). - btrfs: hold a ref on the root in resolve_indirect_ref (bsc#1176019). - btrfs: hold a ref on the root in scrub_print_warning_inode (bsc#1176019). - btrfs: hold a ref on the root in search_ioctl (bsc#1176019). - btrfs: hold a ref on the root->reloc_root (bsc#1176019). - btrfs: hold a root ref in btrfs_get_dentry (bsc#1176019). - btrfs: hold ref on root in btrfs_ioctl_default_subvol (bsc#1176019). - btrfs: implement full reflink support for inline extents (bsc#1176019). - btrfs: make btrfs_find_orphan_roots use btrfs_get_fs_root (bsc#1176019). - btrfs: make relocation use btrfs_read_tree_root() (bsc#1176019). - btrfs: make the fs root init functions static (bsc#1176019). - btrfs: make the init of static elements in fs_info separate (bsc#1176019). - btrfs: move all reflink implementation code into its own file (bsc#1176019). - btrfs: move block_group_item::flags to block group (bsc#1176019). - btrfs: move block_group_item::used to block group (bsc#1176019). - btrfs: move fs_info init work into it's own helper function (bsc#1176019). - btrfs: move fs root init stuff into btrfs_init_fs_root (bsc#1176019). - btrfs: open code btrfs_read_fs_root_no_name (bsc#1176019). - btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root (bsc#1176019). - btrfs: push grab_fs_root into read_fs_root (bsc#1176019). - btrfs: push __setup_root into btrfs_alloc_root (bsc#1176019). - btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1176019). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1176019). - btrfs: Remove block_rsv parameter from btrfs_drop_snapshot (bsc#1176019). - btrfs: remove btrfs_read_fs_root, not used anymore (bsc#1176019). - btrfs: remove embedded block_group_cache::item (bsc#1176019). - btrfs: Remove newest_gen argument from find_oldest_super_backup (bsc#1176019). - btrfs: Remove unused next_root_backup function (bsc#1176019). - btrfs: rename block_group_item on-stack accessors to follow naming (bsc#1176019). - btrfs: rename btrfs_block_group_cache (bsc#1176019). - btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root (bsc#1176019). - btrfs: rename extent buffer block group item accessors (bsc#1176019). - btrfs: Rename find_oldest_super_backup to init_backup_root_slot (bsc#1176019). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: reset tree root pointer after error in init_tree_roots (bsc#1176019). - btrfs: simplify inline extent handling when doing reflinks (bsc#1176019). - btrfs: stop clearing EXTENT_DIRTY in inode I/O tree (bsc#1176019). - btrfs: Streamline btrfs_fs_info::backup_root_index semantics (bsc#1176019). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - btrfs: unset reloc control if we fail to recover (bsc#1176019). - btrfs: use bool argument in free_root_pointers() (bsc#1176019). - btrfs: use btrfs_block_group_cache_done in update_block_group (bsc#1176019). - btrfs: use btrfs_put_fs_root to free roots always (bsc#1176019). - ceph: do not allow setlease on cephfs (bsc#1176537). - ceph: fix potential mdsc use-after-free crash (bsc#1176538). - ceph: fix use-after-free for fsc->mdsc (bsc#1176539). - ceph: handle zero-length feature mask in session messages (bsc#1176540). - ceph: set sec_context xattr on symlink creation (bsc#1176541). - ceph: use frag's MDS in either mode (bsc#1176542). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: davinci: Use the correct size when allocating memory (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - crypto: ecdh - check validity of Z before export (bsc#1175718). - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718). - crypto: dh - check validity of Z before export (bsc#1175718). - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718). - cxgb4: fix thermal zone device registration (git-fixes). - dax: do not print error message for non-persistent memory block device (bsc#1171073). - dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#1171073). - debugfs: Fix module state check condition (bsc#1173746). - debugfs: Fix module state check condition (git-fixes). - dev: Defer free of skbs in flush_backlog (networking-stable-20_07_29). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - dmaengine: acpi: Put the CSRT table after using it (git-fixes). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: dw-edma: Fix scatter-gather address calculation (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dm: do not call report zones for more than the user requested (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (networking-stable-20_08_08). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996). - driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (bsc#1176486 ltc#188130). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - Drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amd/display: Switch to immediate mode for updating infopackets (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu/gfx10: refine mgcg setting (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct the thermal alert temperature limit settings (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega20 swctf limit setting (git-fixes). - drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading (git-fixes). - drm/amd/powerplay: correct Vega20 cached smu feature state (git-fixes). - drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1152472) * context changes - drm/mgag200: Remove declaration of mgag200_mmap() from header file (bsc#1152472) * context changes - drm/msm/a6xx: fix crashdec section name typo (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm/gpu: make ringbuffer readonly (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/sched: Fix passing zero to 'PTR_ERR' warning v2 (git-fixes). - drm/sun4i: add missing put_device() call in (bsc#1152472) - drm/sun4i: backend: Disable alpha on the lowest plane on the A20 (bsc#1152472) - drm/sun4i: backend: Support alpha property on lowest plane (bsc#1152472) - drm/sun4i: Fix dsi dcs long write function (bsc#1152472) - drm/virtio: fix missing dma_fence_put() in (bsc#1152489) * context changes - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - EDAC/amd64: Add AMD family 17h model 60h PCI IDs (bsc#1152489). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1152489). - EDAC: Fix reference count leaks (bsc#1152489). - efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc#1174111). - efi: avoid error message when booting under Xen (bsc#1172419). - efi/efivars: Expose RT service availability via efivars abstraction (bsc#1174029, bsc#1174110, bsc#1174111). - efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#1173267). - efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Register EFI rtc platform device only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Store mask of supported runtime services in struct efi (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use more granular check for availability for variable services (bsc#1174029, bsc#1174110, bsc#1174111). - enetc: Remove the mdio bus on PF probe bailout (networking-stable-20_07_29). - epoll: atomically remove wait entry on wake up (bsc#1176236). - epoll: call final ep_events_available() check under the lock (bsc#1176237). - ext4: handle read only external journal device (bsc#1176063). - fbcon: prevent user font height or width change from causing potential out-of-bounds access (git-fixes). - felix: Fix initialization of ioremap resources (bsc#1175997). - Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600). - HID: core: Add printk_once variants to hid_warn() etc (bsc#1176775). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: core: fix dmesg flooding if report field larger than 32bit (bsc#1176775). - HID: core: reformat and reduce hid_printk macros (bsc#1176775). - HID: core: Sanitize event code and type when mapping input (git-fixes). - HID: elan: Fix memleak in elan_input_configured (git-fixes). - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands (git-fixes). - HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller (git-fixes). - HID: quirks: add NOGET quirk for Logitech GROUP (git-fixes). - HID: quirks: Always poll three more Lenovo PixArt mice (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:accel:mma8452: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio:adc:ti-adc084s021 Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio:chemical:ccs811: Fix timestamp alignment and prevent data leak (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - iio:proximity:mb1232: Fix timestamp alignment and prevent data leak (git-fixes). - include/asm-generic/vmlinux.lds.h: align ro_after_init (git-fixes). - include/linux/bitops.h: avoid clang shift-count-overflow warnings (git-fixes). - include/linux/poison.h: remove obsolete comment (git-fixes). - infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - initramfs: remove clean_rootfs (git-fixes). - initramfs: remove the populate_initrd_image and clean_rootfs stubs (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - integrity: Check properly whether EFI GetVariable() is available (bsc#1174029, bsc#1174110, bsc#1174111). - iommu/amd: Do not force direct mapping when SME is active (bsc#1174358). - iommu/amd: Do not use IOMMUv2 functionality when SME is active (bsc#1174358). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176357). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176358). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176359). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176360). - iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361). - iommu/vt-d: Handle 36bit addressing for x86-32 (bsc#1176362). - iommu/vt-d: Handle non-page aligned address (bsc#1176367). - iommu/vt-d: Remove global page support in devTLB flush (bsc#1176363). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176364). - iommu/vt-d: Support flushing more translation cache types (bsc#1176365). - ipv4: Silence suspicious RCU usage warning (networking-stable-20_08_08). - ipv6: fix memory leaks on IPV6_ADDRFORM path (networking-stable-20_08_08). - ipv6: Fix nexthop refcnt leak when creating ipv6 route info (networking-stable-20_08_08). - irqdomain/treewide: Free firmware node after domain removal (git-fixes). - irqdomain/treewide: Keep firmware node unconditionally allocated (git-fixes). - kABI: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111). - kABI: net: dsa: microchip: call phy_remove_link_mode during probe (kabi). - kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/ - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - libbpf: Fix readelf output parsing on powerpc with recent binutils (bsc#1155518). - libbpf: Fix readelf output parsing for Fedora (bsc#1155518). - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks (jsc#SLE-14459). - lib/mpi: Add mpi_sub_ui() (bsc#1175718). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: cedrus: Add missing v4l2_ctrl_request_hdl_put() (git-fixes). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: gpio-ir-tx: improve precision of transmitted signal due to scheduling (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - mei: fix CNL itouch device number to match the spec (bsc#1175952). - mei: me: disable mei interface on LBG servers (bsc#1175952). - mei: me: disable mei interface on Mehlow server platforms (bsc#1175952). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mlx4: disable device on shutdown (git-fixes). - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (networking-stable-20_07_29). - mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings (git-fixes). - mmc: mediatek: add optional module reset property (git-fixes). - mmc: sdhci-acpi: Clear amd_sdhci_host on reset (git-fixes). - mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-of-esdhc: Do not walk device-tree on every interrupt (git-fixes). - mmc: sdio: Use mmc_pre_req() / mmc_post_req() (git-fixes). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/pgalloc)). - mm/page_alloc: silence a KASAN false positive (git fixes (mm/pgalloc)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/shuffle: do not move pages between zones and do not read garbage memmaps (git fixes (mm/pgalloc)). - mm/sparse: rename pfn_present() to pfn_in_present_section() (git fixes (mm/pgalloc)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998). - net: dsa: microchip: call phy_remove_link_mode during probe (networking-stable-20_07_29). - net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999). - net: enetc: fix an issue about leak system resources (bsc#1176000). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix MTU warnings (networking-stable-20_08_08). - netfilter: ipset: Fix forceadd evaluation path (bsc#1176587). - net: Fix potential memory leak in proto_register() (networking-stable-20_08_15). - net: gre: recompute gre csum for sctp over gre tunnels (networking-stable-20_08_08). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge (bsc#1176001). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net: sched: initialize with 0 before setting erspan md->u (bsc#1154353). - net: Set fput_needed iff FDPUT_FPUT is set (networking-stable-20_08_15). - net/smc: put slot when connection is killed (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (networking-stable-20_08_08). - net/tls: Fix kmap usage (networking-stable-20_08_15). - net: udp: Fix wrong clean up for IS_UDPLITE macro (networking-stable-20_07_29). - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (networking-stable-20_08_08). - PCI: Add device even if driver attach failed (git-fixes). - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes). - platform/x86: dcdbas: Check SMBIOS for protected buffer address (jsc#SLE-14407). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64: mark emergency stacks valid to unwind (bsc#1156395). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: machine check interrupt update NMI accounting (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Do not flush caches when adding memory (bsc#1176980 ltc#187962). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm/radix: Create separate mappings for hot-plugged memory (bsc#1055186 ltc#153436). - powerpc/mm/radix: Fix PTE/PMD fragment count for early page table mappings (bsc#1055186 ltc#153436). - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1055186 ltc#153436). - powerpc/mm/radix: Remove split_kernel_mapping() (bsc#1055186 ltc#153436). - powerpc/numa: Early request for home node associativity (bsc#1171068 ltc#183935). - powerpc/numa: Offline memoryless cpuless node 0 (bsc#1171068 ltc#183935). - powerpc/numa: Prefer node id queried from vphn (bsc#1171068 ltc#183935). - powerpc/numa: Set numa_node for all possible cpus (bsc#1171068 ltc#183935). - powerpc/numa: Use cpu node map of first sibling thread (bsc#1171068 ltc#183935). - powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute (bsc#1176486 ltc#188130). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - qrtr: orphan socket in qrtr_release() (networking-stable-20_07_29). - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1173017). - RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017). - RDMA/bnxt_re: Remove set but not used variable 'qplib_ctx' (bsc#1170774). - RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds (bsc#1170774). - RDMA/bnxt_re: Restrict the max_gids to 256 (bsc#1173017). - RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774). - RDMA/mlx4: Read pkey table length instead of hardcoded value (git-fixes). - RDMA/siw: Suppress uninitialized var warning (jsc#SLE-8381). - regulator: core: Fix slab-out-of-bounds in regulator_unlock_recursive() (git-fixes). - regulator: fix memory leak on error path of regulator_register() (git-fixes). - regulator: plug of_node leak in regulator_register()'s error path (git-fixes). - regulator: push allocation in regulator_ena_gpio_request() out of lock (git-fixes). - regulator: push allocation in regulator_init_coupling() outside of lock (git-fixes). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - regulator: push allocations in create_regulator() outside of lock (git-fixes). - regulator: pwm: Fix machine constraints application (git-fixes). - regulator: remove superfluous lock in regulator_resolve_coupling() (git-fixes). - Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#1065600). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-binary.spec.in: pack .ipa-clones files for live patching When -fdump-ipa-clones option is enabled, GCC reports about its cloning operation during IPA optimizations. We use the information for live patches preparation, because it is crucial to know if and how functions are optimized. Currently, we create the needed .ipa-clones dump files manually. It is unnecessary, because the files may be created automatically during our kernel build. Prepare for the step and provide the resulting files in -livepatch-devel package. - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, "--ca-check" is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The "-c" option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390: Change s390_kernel_write() return type to match memcpy() (bsc#1176449). Prerequisite for bsc#1176449. - s390/dasd: fix inability to use DASD with DIAG driver (git-fixes). - s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig (git-fixes). - s390/maccess: add no DAT mode to kernel_write (bsc#1176449). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - s390/setup: init jump labels before command line parsing (git-fixes). - sbitmap: Consider cleared bits in sbitmap_bitmap_show() (git fixes (block drivers)). - sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: nohz: stop passing around unused "ticks" parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/numa: Check numa balancing information only when enabled (bsc#1176588). - sched/numa: Avoid creating large imbalances at task creation time (bsc#1176588). - sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - scsi: zfcp: Fix use-after-free in request timeout handlers (git-fixes). - sctp: shrink stream outq only when new outcnt < old outcnt (networking-stable-20_07_29). - sctp: shrink stream outq when fails to do addstream reconf (networking-stable-20_07_29). - sdhci: tegra: Add missing TMCLK for data timeout (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - selftests/net: relax cpu affinity requirement in msg_zerocopy test (networking-stable-20_08_08). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - soundwire: fix double free of dangling pointer (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: stm32: always perform registers configuration prior to transfer (git-fixes). - spi: stm32: clear only asserted irq flags on interrupt (git-fixes). - spi: stm32: fix fifo threshold level in case of short transfer (git-fixes). - spi: stm32: fix pm_runtime_get_sync() error checking (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate (git-fixes). - spi: stm32h7: fix race condition at end of transfer (git-fixes). - taprio: Fix using wrong queues in gate mask (bsc#1154353). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - tcp: correct read of TFO keys on big endian systems (networking-stable-20_08_15). - test_kmod: avoid potential double free in trigger_config_run_type() (git-fixes). - tg3: Fix soft lockup when tg3_reset_task() fails (git-fixes). - thermal: qcom-spmi-temp-alarm: Do not suppress negative temp (git-fixes). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tracing: fix double free (git-fixes). - Update patches.suse/btrfs-add-dedicated-members-for-start-and-length-of-.patch (bsc#1176019). - Update patches.suse/btrfs-Move-free_pages_out-label-in-inline-extent-han.patch (bsc#1174484). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisUSBvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: typec: ucsi: Prevent mode overrun (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vfio-pci: Avoid recursive read-lock usage (bsc#1176366). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes). - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer (networking-stable-20_07_29). - vt: defer kfree() of vc_screenbuf in vc_do_resize() (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (networking-stable-20_08_08). - wireguard: noise: take lock when removing handshake entry from table (git-fixes). - wireguard: peerlookup: take lock before checking hash in replace operation (git-fixes). - workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs (bsc#1176763). - x86/hotplug: Silence APIC only after all interrupts are migrated (git-fixes). - x86/ima: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1152489). - x86, sched: Bail out of frequency invariance if turbo_freq/base_freq gives 0 (bsc#1176925). - x86, sched: Bail out of frequency invariance if turbo frequency is unknown (bsc#1176925). - x86, sched: check for counters overflow in frequency invariant accounting (bsc#1176925). - x86/stacktrace: Fix reliable check for empty user task stacks (bsc#1058115). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed (git-fixes). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2879=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.24.1 kernel-default-debugsource-5.3.18-24.24.1 kernel-default-livepatch-5.3.18-24.24.1 kernel-default-livepatch-devel-5.3.18-24.24.1 kernel-livepatch-5_3_18-24_24-default-1-5.3.6 kernel-livepatch-5_3_18-24_24-default-debuginfo-1-5.3.6 kernel-livepatch-SLE15-SP2_Update_4-debugsource-1-5.3.6 References: https://www.suse.com/security/cve/CVE-2020-0404.html https://www.suse.com/security/cve/CVE-2020-0427.html https://www.suse.com/security/cve/CVE-2020-0431.html https://www.suse.com/security/cve/CVE-2020-0432.html https://www.suse.com/security/cve/CVE-2020-14385.html https://www.suse.com/security/cve/CVE-2020-14390.html https://www.suse.com/security/cve/CVE-2020-2521.html https://www.suse.com/security/cve/CVE-2020-25284.html https://www.suse.com/security/cve/CVE-2020-26088.html https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1136666 https://bugzilla.suse.com/1152148 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1155798 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1167527 https://bugzilla.suse.com/1170232 https://bugzilla.suse.com/1170774 https://bugzilla.suse.com/1171000 https://bugzilla.suse.com/1171068 https://bugzilla.suse.com/1171073 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171742 https://bugzilla.suse.com/1172419 https://bugzilla.suse.com/1172757 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1173017 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173115 https://bugzilla.suse.com/1173267 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1174029 https://bugzilla.suse.com/1174110 https://bugzilla.suse.com/1174111 https://bugzilla.suse.com/1174358 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174486 https://bugzilla.suse.com/1174899 https://bugzilla.suse.com/1175263 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1175718 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1175787 https://bugzilla.suse.com/1175882 https://bugzilla.suse.com/1175952 https://bugzilla.suse.com/1175996 https://bugzilla.suse.com/1175997 https://bugzilla.suse.com/1175998 https://bugzilla.suse.com/1175999 https://bugzilla.suse.com/1176000 https://bugzilla.suse.com/1176001 https://bugzilla.suse.com/1176019 https://bugzilla.suse.com/1176022 https://bugzilla.suse.com/1176038 https://bugzilla.suse.com/1176063 https://bugzilla.suse.com/1176137 https://bugzilla.suse.com/1176235 https://bugzilla.suse.com/1176236 https://bugzilla.suse.com/1176237 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176278 https://bugzilla.suse.com/1176357 https://bugzilla.suse.com/1176358 https://bugzilla.suse.com/1176359 https://bugzilla.suse.com/1176360 https://bugzilla.suse.com/1176361 https://bugzilla.suse.com/1176362 https://bugzilla.suse.com/1176363 https://bugzilla.suse.com/1176364 https://bugzilla.suse.com/1176365 https://bugzilla.suse.com/1176366 https://bugzilla.suse.com/1176367 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176423 https://bugzilla.suse.com/1176449 https://bugzilla.suse.com/1176482 https://bugzilla.suse.com/1176486 https://bugzilla.suse.com/1176507 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176537 https://bugzilla.suse.com/1176538 https://bugzilla.suse.com/1176539 https://bugzilla.suse.com/1176540 https://bugzilla.suse.com/1176541 https://bugzilla.suse.com/1176542 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176558 https://bugzilla.suse.com/1176559 https://bugzilla.suse.com/1176587 https://bugzilla.suse.com/1176588 https://bugzilla.suse.com/1176659 https://bugzilla.suse.com/1176698 https://bugzilla.suse.com/1176699 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176721 https://bugzilla.suse.com/1176722 https://bugzilla.suse.com/1176725 https://bugzilla.suse.com/1176732 https://bugzilla.suse.com/1176763 https://bugzilla.suse.com/1176775 https://bugzilla.suse.com/1176788 https://bugzilla.suse.com/1176789 https://bugzilla.suse.com/1176833 https://bugzilla.suse.com/1176869 https://bugzilla.suse.com/1176877 https://bugzilla.suse.com/1176925 https://bugzilla.suse.com/1176962 https://bugzilla.suse.com/1176980 https://bugzilla.suse.com/1176990 https://bugzilla.suse.com/1177021 https://bugzilla.suse.com/1177030 From sle-security-updates at lists.suse.com Thu Oct 8 10:27:57 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 8 Oct 2020 18:27:57 +0200 (CEST) Subject: SUSE-SU-2020:2879-1: important: Security update for the Linux Kernel Message-ID: <20201008162757.F2A3DFD11@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2879-1 Rating: important References: #1055186 #1058115 #1065600 #1065729 #1094244 #1136666 #1152148 #1152472 #1152489 #1153274 #1154353 #1155518 #1155798 #1156395 #1167527 #1170232 #1170774 #1171000 #1171068 #1171073 #1171558 #1171688 #1171742 #1172419 #1172757 #1172873 #1173017 #1173060 #1173115 #1173267 #1173746 #1174029 #1174110 #1174111 #1174358 #1174484 #1174486 #1174899 #1175263 #1175667 #1175718 #1175749 #1175787 #1175882 #1175952 #1175996 #1175997 #1175998 #1175999 #1176000 #1176001 #1176019 #1176022 #1176038 #1176063 #1176137 #1176235 #1176236 #1176237 #1176242 #1176278 #1176357 #1176358 #1176359 #1176360 #1176361 #1176362 #1176363 #1176364 #1176365 #1176366 #1176367 #1176381 #1176423 #1176449 #1176482 #1176486 #1176507 #1176536 #1176537 #1176538 #1176539 #1176540 #1176541 #1176542 #1176544 #1176545 #1176546 #1176548 #1176558 #1176559 #1176587 #1176588 #1176659 #1176698 #1176699 #1176700 #1176721 #1176722 #1176725 #1176732 #1176763 #1176775 #1176788 #1176789 #1176833 #1176869 #1176877 #1176925 #1176962 #1176980 #1176990 #1177021 #1177030 Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14385 CVE-2020-14390 CVE-2020-2521 CVE-2020-25284 CVE-2020-26088 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 105 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14385: Fixed a failure of the file system metadata validator in XFS which could have caused an inode with a valid, user-creatable extended attribute to be flagged as corrupt (bsc#1176137). The following non-security bugs were fixed: - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA: firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda: fixup headset for ASUS GX502 laptop (git-fixes). - ALSA: hda: hdmi - add Rocketlake support (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - ALSA: hda/realtek - The Mic on a RedmiBook does not work (git-fixes). - ALSA: hda/tegra: Program WAKEEN register for Tegra (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for UR22C (git-fixes). - ALSA: usb-audio: Disable autosuspend for Lenovo ThinkStation P620 (git-fixes). - arm64: paravirt: Initialize steal time when cpu is online (bsc#1176833). - ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt (git-fixes). - ASoC: img-parallel-out: Fix a reference count leak (git-fixes). - ASoC: meson: axg-toddr: fix channel order on g12 platforms (git-fixes). - ASoC: qcom: common: Fix refcount imbalance on error (git-fixes). - ASoC: qcom: Set card->owner to avoid warnings (git-fixes). - ASoC: SOF: Intel: add PCI ID for CometLake-S (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ata: ahci: use ata_link_info() instead of ata_link_printk() (jsc#SLE-14459). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: Fix own OGM check in aggregated OGMs (git-fixes). - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: btrtl: Add support for RTL8761B (bsc#1177021). - bnxt: do not enable NAPI until rings are ready (git-fixes). - bnxt_en: Check for zero dir entries in NVRAM (git-fixes). - bnxt_en: Do not query FW when netif_running() is false (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bnxt_en: fix HWRM error when querying VF temperature (git-fixes). - bnxt_en: Fix PCI AER error recovery flow (git-fixes). - bnxt_en: Fix possible crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix race when modifying pause settings (networking-stable-20_07_29). - bonding: check error value of register_netdevice() immediately (networking-stable-20_07_29). - bonding: check return value of register_netdevice() in bond_newlink() (networking-stable-20_07_29). - bonding: fix a potential double-unregister (git-fixes). - bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1155518). - bpf: map_seq_next should always increase position index (bsc#1155518). - btrfs: add a leak check for roots (bsc#1176019). - btrfs: add __cold attribute to more functions (bsc#1176019). - btrfs: add dedicated members for start and length of a block group (bsc#1176019). - btrfs: Add read_backup_root (bsc#1176019). - btrfs: block-group: Refactor btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: Reuse the item key from caller of read_one_block_group() (bsc#1176019). - btrfs: Cleanup and simplify find_newest_super_backup (bsc#1176019). - btrfs: clear DEAD_RELOC_TREE before dropping the reloc root (bsc#1176019). - btrfs: do not init a reloc root if we are not relocating (bsc#1176019). - btrfs: Do not use objectid_mutex during mount (bsc#1176019). - btrfs: drop block from cache on error in relocation (bsc#1176019). - btrfs: drop create parameter to btrfs_get_extent() (bsc#1176019). - btrfs: drop unused parameter is_new from btrfs_iget (bsc#1176019). - btrfs: export and rename free_fs_info (bsc#1176019). - btrfs: export and use btrfs_read_tree_root for tree-log (bsc#1176019). - btrfs: Factor out tree roots initialization during mount (bsc#1176019). - btrfs: fix setting last_trans for reloc roots (bsc#1176019). - btrfs: free more things in btrfs_free_fs_info (bsc#1176019). - btrfs: free the reloc_control in a consistent way (bsc#1176019). - btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root (bsc#1176019). - btrfs: hold a ref for the root in btrfs_find_orphan_roots (bsc#1176019). - btrfs: hold a ref on fs roots while they're in the radix tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_check_uuid_tree_entry (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_send (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_log_trees (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_relocation (bsc#1176019). - btrfs: hold a ref on the root in __btrfs_run_defrag_inode (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree_user (bsc#1176019). - btrfs: hold a ref on the root in build_backref_tree (bsc#1176019). - btrfs: hold a ref on the root in create_pending_snapshot (bsc#1176019). - btrfs: hold a ref on the root in create_reloc_inode (bsc#1176019). - btrfs: hold a ref on the root in create_subvol (bsc#1176019). - btrfs: hold a ref on the root in find_data_references (bsc#1176019). - btrfs: hold a ref on the root in fixup_tree_root_location (bsc#1176019). - btrfs: hold a ref on the root in get_subvol_name_from_objectid (bsc#1176019). - btrfs: hold a ref on the root in merge_reloc_roots (bsc#1176019). - btrfs: hold a ref on the root in open_ctree (bsc#1176019). - btrfs: hold a ref on the root in prepare_to_merge (bsc#1176019). - btrfs: hold a ref on the root in record_reloc_root_in_trans (bsc#1176019). - btrfs: hold a ref on the root in resolve_indirect_ref (bsc#1176019). - btrfs: hold a ref on the root in scrub_print_warning_inode (bsc#1176019). - btrfs: hold a ref on the root in search_ioctl (bsc#1176019). - btrfs: hold a ref on the root->reloc_root (bsc#1176019). - btrfs: hold a root ref in btrfs_get_dentry (bsc#1176019). - btrfs: hold ref on root in btrfs_ioctl_default_subvol (bsc#1176019). - btrfs: implement full reflink support for inline extents (bsc#1176019). - btrfs: make btrfs_find_orphan_roots use btrfs_get_fs_root (bsc#1176019). - btrfs: make relocation use btrfs_read_tree_root() (bsc#1176019). - btrfs: make the fs root init functions static (bsc#1176019). - btrfs: make the init of static elements in fs_info separate (bsc#1176019). - btrfs: move all reflink implementation code into its own file (bsc#1176019). - btrfs: move block_group_item::flags to block group (bsc#1176019). - btrfs: move block_group_item::used to block group (bsc#1176019). - btrfs: move fs_info init work into it's own helper function (bsc#1176019). - btrfs: move fs root init stuff into btrfs_init_fs_root (bsc#1176019). - btrfs: open code btrfs_read_fs_root_no_name (bsc#1176019). - btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root (bsc#1176019). - btrfs: push grab_fs_root into read_fs_root (bsc#1176019). - btrfs: push __setup_root into btrfs_alloc_root (bsc#1176019). - btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1176019). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1176019). - btrfs: Remove block_rsv parameter from btrfs_drop_snapshot (bsc#1176019). - btrfs: remove btrfs_read_fs_root, not used anymore (bsc#1176019). - btrfs: remove embedded block_group_cache::item (bsc#1176019). - btrfs: Remove newest_gen argument from find_oldest_super_backup (bsc#1176019). - btrfs: Remove unused next_root_backup function (bsc#1176019). - btrfs: rename block_group_item on-stack accessors to follow naming (bsc#1176019). - btrfs: rename btrfs_block_group_cache (bsc#1176019). - btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root (bsc#1176019). - btrfs: rename extent buffer block group item accessors (bsc#1176019). - btrfs: Rename find_oldest_super_backup to init_backup_root_slot (bsc#1176019). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: reset tree root pointer after error in init_tree_roots (bsc#1176019). - btrfs: simplify inline extent handling when doing reflinks (bsc#1176019). - btrfs: stop clearing EXTENT_DIRTY in inode I/O tree (bsc#1176019). - btrfs: Streamline btrfs_fs_info::backup_root_index semantics (bsc#1176019). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - btrfs: unset reloc control if we fail to recover (bsc#1176019). - btrfs: use bool argument in free_root_pointers() (bsc#1176019). - btrfs: use btrfs_block_group_cache_done in update_block_group (bsc#1176019). - btrfs: use btrfs_put_fs_root to free roots always (bsc#1176019). - ceph: do not allow setlease on cephfs (bsc#1176537). - ceph: fix potential mdsc use-after-free crash (bsc#1176538). - ceph: fix use-after-free for fsc->mdsc (bsc#1176539). - ceph: handle zero-length feature mask in session messages (bsc#1176540). - ceph: set sec_context xattr on symlink creation (bsc#1176541). - ceph: use frag's MDS in either mode (bsc#1176542). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: davinci: Use the correct size when allocating memory (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - crypto: ecdh - check validity of Z before export (bsc#1175718). - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718). - crypto: dh - check validity of Z before export (bsc#1175718). - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718). - cxgb4: fix thermal zone device registration (git-fixes). - dax: do not print error message for non-persistent memory block device (bsc#1171073). - dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#1171073). - debugfs: Fix module state check condition (bsc#1173746). - debugfs: Fix module state check condition (git-fixes). - dev: Defer free of skbs in flush_backlog (networking-stable-20_07_29). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - dmaengine: acpi: Put the CSRT table after using it (git-fixes). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: dw-edma: Fix scatter-gather address calculation (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dm: do not call report zones for more than the user requested (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (networking-stable-20_08_08). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996). - driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (bsc#1176486 ltc#188130). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - Drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amd/display: Switch to immediate mode for updating infopackets (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu/gfx10: refine mgcg setting (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct the thermal alert temperature limit settings (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega20 swctf limit setting (git-fixes). - drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading (git-fixes). - drm/amd/powerplay: correct Vega20 cached smu feature state (git-fixes). - drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1152472) * context changes - drm/mgag200: Remove declaration of mgag200_mmap() from header file (bsc#1152472) * context changes - drm/msm/a6xx: fix crashdec section name typo (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm/gpu: make ringbuffer readonly (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/sched: Fix passing zero to 'PTR_ERR' warning v2 (git-fixes). - drm/sun4i: add missing put_device() call in (bsc#1152472) - drm/sun4i: backend: Disable alpha on the lowest plane on the A20 (bsc#1152472) - drm/sun4i: backend: Support alpha property on lowest plane (bsc#1152472) - drm/sun4i: Fix dsi dcs long write function (bsc#1152472) - drm/virtio: fix missing dma_fence_put() in (bsc#1152489) * context changes - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - EDAC/amd64: Add AMD family 17h model 60h PCI IDs (bsc#1152489). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1152489). - EDAC: Fix reference count leaks (bsc#1152489). - efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc#1174111). - efi: avoid error message when booting under Xen (bsc#1172419). - efi/efivars: Expose RT service availability via efivars abstraction (bsc#1174029, bsc#1174110, bsc#1174111). - efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#1173267). - efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Register EFI rtc platform device only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Store mask of supported runtime services in struct efi (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use more granular check for availability for variable services (bsc#1174029, bsc#1174110, bsc#1174111). - enetc: Remove the mdio bus on PF probe bailout (networking-stable-20_07_29). - epoll: atomically remove wait entry on wake up (bsc#1176236). - epoll: call final ep_events_available() check under the lock (bsc#1176237). - ext4: handle read only external journal device (bsc#1176063). - fbcon: prevent user font height or width change from causing potential out-of-bounds access (git-fixes). - felix: Fix initialization of ioremap resources (bsc#1175997). - Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600). - HID: core: Add printk_once variants to hid_warn() etc (bsc#1176775). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: core: fix dmesg flooding if report field larger than 32bit (bsc#1176775). - HID: core: reformat and reduce hid_printk macros (bsc#1176775). - HID: core: Sanitize event code and type when mapping input (git-fixes). - HID: elan: Fix memleak in elan_input_configured (git-fixes). - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands (git-fixes). - HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller (git-fixes). - HID: quirks: add NOGET quirk for Logitech GROUP (git-fixes). - HID: quirks: Always poll three more Lenovo PixArt mice (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:accel:mma8452: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio:adc:ti-adc084s021 Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio:chemical:ccs811: Fix timestamp alignment and prevent data leak (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - iio:proximity:mb1232: Fix timestamp alignment and prevent data leak (git-fixes). - include/asm-generic/vmlinux.lds.h: align ro_after_init (git-fixes). - include/linux/bitops.h: avoid clang shift-count-overflow warnings (git-fixes). - include/linux/poison.h: remove obsolete comment (git-fixes). - infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - initramfs: remove clean_rootfs (git-fixes). - initramfs: remove the populate_initrd_image and clean_rootfs stubs (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - integrity: Check properly whether EFI GetVariable() is available (bsc#1174029, bsc#1174110, bsc#1174111). - iommu/amd: Do not force direct mapping when SME is active (bsc#1174358). - iommu/amd: Do not use IOMMUv2 functionality when SME is active (bsc#1174358). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176357). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176358). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176359). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176360). - iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361). - iommu/vt-d: Handle 36bit addressing for x86-32 (bsc#1176362). - iommu/vt-d: Handle non-page aligned address (bsc#1176367). - iommu/vt-d: Remove global page support in devTLB flush (bsc#1176363). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176364). - iommu/vt-d: Support flushing more translation cache types (bsc#1176365). - ipv4: Silence suspicious RCU usage warning (networking-stable-20_08_08). - ipv6: fix memory leaks on IPV6_ADDRFORM path (networking-stable-20_08_08). - ipv6: Fix nexthop refcnt leak when creating ipv6 route info (networking-stable-20_08_08). - irqdomain/treewide: Free firmware node after domain removal (git-fixes). - irqdomain/treewide: Keep firmware node unconditionally allocated (git-fixes). - kABI: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111). - kABI: net: dsa: microchip: call phy_remove_link_mode during probe (kabi). - kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/ - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - libbpf: Fix readelf output parsing on powerpc with recent binutils (bsc#1155518). - libbpf: Fix readelf output parsing for Fedora (bsc#1155518). - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks (jsc#SLE-14459). - lib/mpi: Add mpi_sub_ui() (bsc#1175718). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: cedrus: Add missing v4l2_ctrl_request_hdl_put() (git-fixes). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: gpio-ir-tx: improve precision of transmitted signal due to scheduling (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - mei: fix CNL itouch device number to match the spec (bsc#1175952). - mei: me: disable mei interface on LBG servers (bsc#1175952). - mei: me: disable mei interface on Mehlow server platforms (bsc#1175952). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mlx4: disable device on shutdown (git-fixes). - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (networking-stable-20_07_29). - mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings (git-fixes). - mmc: mediatek: add optional module reset property (git-fixes). - mmc: sdhci-acpi: Clear amd_sdhci_host on reset (git-fixes). - mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-of-esdhc: Do not walk device-tree on every interrupt (git-fixes). - mmc: sdio: Use mmc_pre_req() / mmc_post_req() (git-fixes). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/pgalloc)). - mm/page_alloc: silence a KASAN false positive (git fixes (mm/pgalloc)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/shuffle: do not move pages between zones and do not read garbage memmaps (git fixes (mm/pgalloc)). - mm/sparse: rename pfn_present() to pfn_in_present_section() (git fixes (mm/pgalloc)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998). - net: dsa: microchip: call phy_remove_link_mode during probe (networking-stable-20_07_29). - net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999). - net: enetc: fix an issue about leak system resources (bsc#1176000). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix MTU warnings (networking-stable-20_08_08). - netfilter: ipset: Fix forceadd evaluation path (bsc#1176587). - net: Fix potential memory leak in proto_register() (networking-stable-20_08_15). - net: gre: recompute gre csum for sctp over gre tunnels (networking-stable-20_08_08). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge (bsc#1176001). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net: sched: initialize with 0 before setting erspan md->u (bsc#1154353). - net: Set fput_needed iff FDPUT_FPUT is set (networking-stable-20_08_15). - net/smc: put slot when connection is killed (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (networking-stable-20_08_08). - net/tls: Fix kmap usage (networking-stable-20_08_15). - net: udp: Fix wrong clean up for IS_UDPLITE macro (networking-stable-20_07_29). - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (networking-stable-20_08_08). - PCI: Add device even if driver attach failed (git-fixes). - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes). - platform/x86: dcdbas: Check SMBIOS for protected buffer address (jsc#SLE-14407). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64: mark emergency stacks valid to unwind (bsc#1156395). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: machine check interrupt update NMI accounting (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Do not flush caches when adding memory (bsc#1176980 ltc#187962). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm/radix: Create separate mappings for hot-plugged memory (bsc#1055186 ltc#153436). - powerpc/mm/radix: Fix PTE/PMD fragment count for early page table mappings (bsc#1055186 ltc#153436). - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1055186 ltc#153436). - powerpc/mm/radix: Remove split_kernel_mapping() (bsc#1055186 ltc#153436). - powerpc/numa: Early request for home node associativity (bsc#1171068 ltc#183935). - powerpc/numa: Offline memoryless cpuless node 0 (bsc#1171068 ltc#183935). - powerpc/numa: Prefer node id queried from vphn (bsc#1171068 ltc#183935). - powerpc/numa: Set numa_node for all possible cpus (bsc#1171068 ltc#183935). - powerpc/numa: Use cpu node map of first sibling thread (bsc#1171068 ltc#183935). - powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute (bsc#1176486 ltc#188130). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - qrtr: orphan socket in qrtr_release() (networking-stable-20_07_29). - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1173017). - RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017). - RDMA/bnxt_re: Remove set but not used variable 'qplib_ctx' (bsc#1170774). - RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds (bsc#1170774). - RDMA/bnxt_re: Restrict the max_gids to 256 (bsc#1173017). - RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774). - RDMA/mlx4: Read pkey table length instead of hardcoded value (git-fixes). - RDMA/siw: Suppress uninitialized var warning (jsc#SLE-8381). - regulator: core: Fix slab-out-of-bounds in regulator_unlock_recursive() (git-fixes). - regulator: fix memory leak on error path of regulator_register() (git-fixes). - regulator: plug of_node leak in regulator_register()'s error path (git-fixes). - regulator: push allocation in regulator_ena_gpio_request() out of lock (git-fixes). - regulator: push allocation in regulator_init_coupling() outside of lock (git-fixes). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - regulator: push allocations in create_regulator() outside of lock (git-fixes). - regulator: pwm: Fix machine constraints application (git-fixes). - regulator: remove superfluous lock in regulator_resolve_coupling() (git-fixes). - Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#1065600). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-binary.spec.in: pack .ipa-clones files for live patching When -fdump-ipa-clones option is enabled, GCC reports about its cloning operation during IPA optimizations. We use the information for live patches preparation, because it is crucial to know if and how functions are optimized. Currently, we create the needed .ipa-clones dump files manually. It is unnecessary, because the files may be created automatically during our kernel build. Prepare for the step and provide the resulting files in -livepatch-devel package. - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, "--ca-check" is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The "-c" option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390: Change s390_kernel_write() return type to match memcpy() (bsc#1176449). Prerequisite for bsc#1176449. - s390/dasd: fix inability to use DASD with DIAG driver (git-fixes). - s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig (git-fixes). - s390/maccess: add no DAT mode to kernel_write (bsc#1176449). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - s390/setup: init jump labels before command line parsing (git-fixes). - sbitmap: Consider cleared bits in sbitmap_bitmap_show() (git fixes (block drivers)). - sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: nohz: stop passing around unused "ticks" parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/numa: Check numa balancing information only when enabled (bsc#1176588). - sched/numa: Avoid creating large imbalances at task creation time (bsc#1176588). - sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - scsi: zfcp: Fix use-after-free in request timeout handlers (git-fixes). - sctp: shrink stream outq only when new outcnt < old outcnt (networking-stable-20_07_29). - sctp: shrink stream outq when fails to do addstream reconf (networking-stable-20_07_29). - sdhci: tegra: Add missing TMCLK for data timeout (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - selftests/net: relax cpu affinity requirement in msg_zerocopy test (networking-stable-20_08_08). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - soundwire: fix double free of dangling pointer (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: stm32: always perform registers configuration prior to transfer (git-fixes). - spi: stm32: clear only asserted irq flags on interrupt (git-fixes). - spi: stm32: fix fifo threshold level in case of short transfer (git-fixes). - spi: stm32: fix pm_runtime_get_sync() error checking (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate (git-fixes). - spi: stm32h7: fix race condition at end of transfer (git-fixes). - taprio: Fix using wrong queues in gate mask (bsc#1154353). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - tcp: correct read of TFO keys on big endian systems (networking-stable-20_08_15). - test_kmod: avoid potential double free in trigger_config_run_type() (git-fixes). - tg3: Fix soft lockup when tg3_reset_task() fails (git-fixes). - thermal: qcom-spmi-temp-alarm: Do not suppress negative temp (git-fixes). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tracing: fix double free (git-fixes). - Update patches.suse/btrfs-add-dedicated-members-for-start-and-length-of-.patch (bsc#1176019). - Update patches.suse/btrfs-Move-free_pages_out-label-in-inline-extent-han.patch (bsc#1174484). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisUSBvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: typec: ucsi: Prevent mode overrun (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vfio-pci: Avoid recursive read-lock usage (bsc#1176366). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes). - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer (networking-stable-20_07_29). - vt: defer kfree() of vc_screenbuf in vc_do_resize() (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (networking-stable-20_08_08). - wireguard: noise: take lock when removing handshake entry from table (git-fixes). - wireguard: peerlookup: take lock before checking hash in replace operation (git-fixes). - workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs (bsc#1176763). - x86/hotplug: Silence APIC only after all interrupts are migrated (git-fixes). - x86/ima: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1152489). - x86, sched: Bail out of frequency invariance if turbo_freq/base_freq gives 0 (bsc#1176925). - x86, sched: Bail out of frequency invariance if turbo frequency is unknown (bsc#1176925). - x86, sched: check for counters overflow in frequency invariant accounting (bsc#1176925). - x86/stacktrace: Fix reliable check for empty user task stacks (bsc#1058115). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed (git-fixes). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2879=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2879=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2879=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2879=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2879=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2879=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.24.1 kernel-default-debugsource-5.3.18-24.24.1 kernel-default-extra-5.3.18-24.24.1 kernel-default-extra-debuginfo-5.3.18-24.24.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.24.1 kernel-default-debugsource-5.3.18-24.24.1 kernel-default-livepatch-5.3.18-24.24.1 kernel-default-livepatch-devel-5.3.18-24.24.1 kernel-livepatch-5_3_18-24_24-default-1-5.3.6 kernel-livepatch-5_3_18-24_24-default-debuginfo-1-5.3.6 kernel-livepatch-SLE15-SP2_Update_4-debugsource-1-5.3.6 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.24.1 kernel-default-debugsource-5.3.18-24.24.1 reiserfs-kmp-default-5.3.18-24.24.1 reiserfs-kmp-default-debuginfo-5.3.18-24.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.24.1 kernel-obs-build-debugsource-5.3.18-24.24.1 kernel-syms-5.3.18-24.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.24.1 kernel-preempt-debugsource-5.3.18-24.24.1 kernel-preempt-devel-5.3.18-24.24.1 kernel-preempt-devel-debuginfo-5.3.18-24.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.24.1 kernel-source-5.3.18-24.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.24.1 kernel-default-base-5.3.18-24.24.1.9.7.6 kernel-default-debuginfo-5.3.18-24.24.1 kernel-default-debugsource-5.3.18-24.24.1 kernel-default-devel-5.3.18-24.24.1 kernel-default-devel-debuginfo-5.3.18-24.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.24.1 kernel-preempt-debuginfo-5.3.18-24.24.1 kernel-preempt-debugsource-5.3.18-24.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.24.1 kernel-macros-5.3.18-24.24.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.24.1 cluster-md-kmp-default-debuginfo-5.3.18-24.24.1 dlm-kmp-default-5.3.18-24.24.1 dlm-kmp-default-debuginfo-5.3.18-24.24.1 gfs2-kmp-default-5.3.18-24.24.1 gfs2-kmp-default-debuginfo-5.3.18-24.24.1 kernel-default-debuginfo-5.3.18-24.24.1 kernel-default-debugsource-5.3.18-24.24.1 ocfs2-kmp-default-5.3.18-24.24.1 ocfs2-kmp-default-debuginfo-5.3.18-24.24.1 References: https://www.suse.com/security/cve/CVE-2020-0404.html https://www.suse.com/security/cve/CVE-2020-0427.html https://www.suse.com/security/cve/CVE-2020-0431.html https://www.suse.com/security/cve/CVE-2020-0432.html https://www.suse.com/security/cve/CVE-2020-14385.html https://www.suse.com/security/cve/CVE-2020-14390.html https://www.suse.com/security/cve/CVE-2020-2521.html https://www.suse.com/security/cve/CVE-2020-25284.html https://www.suse.com/security/cve/CVE-2020-26088.html https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1136666 https://bugzilla.suse.com/1152148 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1155798 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1167527 https://bugzilla.suse.com/1170232 https://bugzilla.suse.com/1170774 https://bugzilla.suse.com/1171000 https://bugzilla.suse.com/1171068 https://bugzilla.suse.com/1171073 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171742 https://bugzilla.suse.com/1172419 https://bugzilla.suse.com/1172757 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1173017 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173115 https://bugzilla.suse.com/1173267 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1174029 https://bugzilla.suse.com/1174110 https://bugzilla.suse.com/1174111 https://bugzilla.suse.com/1174358 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174486 https://bugzilla.suse.com/1174899 https://bugzilla.suse.com/1175263 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1175718 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1175787 https://bugzilla.suse.com/1175882 https://bugzilla.suse.com/1175952 https://bugzilla.suse.com/1175996 https://bugzilla.suse.com/1175997 https://bugzilla.suse.com/1175998 https://bugzilla.suse.com/1175999 https://bugzilla.suse.com/1176000 https://bugzilla.suse.com/1176001 https://bugzilla.suse.com/1176019 https://bugzilla.suse.com/1176022 https://bugzilla.suse.com/1176038 https://bugzilla.suse.com/1176063 https://bugzilla.suse.com/1176137 https://bugzilla.suse.com/1176235 https://bugzilla.suse.com/1176236 https://bugzilla.suse.com/1176237 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176278 https://bugzilla.suse.com/1176357 https://bugzilla.suse.com/1176358 https://bugzilla.suse.com/1176359 https://bugzilla.suse.com/1176360 https://bugzilla.suse.com/1176361 https://bugzilla.suse.com/1176362 https://bugzilla.suse.com/1176363 https://bugzilla.suse.com/1176364 https://bugzilla.suse.com/1176365 https://bugzilla.suse.com/1176366 https://bugzilla.suse.com/1176367 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176423 https://bugzilla.suse.com/1176449 https://bugzilla.suse.com/1176482 https://bugzilla.suse.com/1176486 https://bugzilla.suse.com/1176507 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176537 https://bugzilla.suse.com/1176538 https://bugzilla.suse.com/1176539 https://bugzilla.suse.com/1176540 https://bugzilla.suse.com/1176541 https://bugzilla.suse.com/1176542 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176558 https://bugzilla.suse.com/1176559 https://bugzilla.suse.com/1176587 https://bugzilla.suse.com/1176588 https://bugzilla.suse.com/1176659 https://bugzilla.suse.com/1176698 https://bugzilla.suse.com/1176699 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176721 https://bugzilla.suse.com/1176722 https://bugzilla.suse.com/1176725 https://bugzilla.suse.com/1176732 https://bugzilla.suse.com/1176763 https://bugzilla.suse.com/1176775 https://bugzilla.suse.com/1176788 https://bugzilla.suse.com/1176789 https://bugzilla.suse.com/1176833 https://bugzilla.suse.com/1176869 https://bugzilla.suse.com/1176877 https://bugzilla.suse.com/1176925 https://bugzilla.suse.com/1176962 https://bugzilla.suse.com/1176980 https://bugzilla.suse.com/1176990 https://bugzilla.suse.com/1177021 https://bugzilla.suse.com/1177030 From sle-security-updates at lists.suse.com Fri Oct 9 10:15:19 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 9 Oct 2020 18:15:19 +0200 (CEST) Subject: SUSE-SU-2020:2881-1: critical: Security update for tigervnc Message-ID: <20201009161519.2E247FD12@maintenance.suse.de> SUSE Security Update: Security update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2881-1 Rating: critical References: #1176733 Cross-References: CVE-2020-26117 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2881=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2881=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2881=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2881=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2881=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libXvnc1-1.6.0-22.17.1 libXvnc1-debuginfo-1.6.0-22.17.1 tigervnc-1.6.0-22.17.1 tigervnc-debuginfo-1.6.0-22.17.1 tigervnc-debugsource-1.6.0-22.17.1 xorg-x11-Xvnc-1.6.0-22.17.1 xorg-x11-Xvnc-debuginfo-1.6.0-22.17.1 - SUSE OpenStack Cloud 9 (x86_64): libXvnc1-1.6.0-22.17.1 libXvnc1-debuginfo-1.6.0-22.17.1 tigervnc-1.6.0-22.17.1 tigervnc-debuginfo-1.6.0-22.17.1 tigervnc-debugsource-1.6.0-22.17.1 xorg-x11-Xvnc-1.6.0-22.17.1 xorg-x11-Xvnc-debuginfo-1.6.0-22.17.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libXvnc1-1.6.0-22.17.1 libXvnc1-debuginfo-1.6.0-22.17.1 tigervnc-1.6.0-22.17.1 tigervnc-debuginfo-1.6.0-22.17.1 tigervnc-debugsource-1.6.0-22.17.1 xorg-x11-Xvnc-1.6.0-22.17.1 xorg-x11-Xvnc-debuginfo-1.6.0-22.17.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libXvnc1-1.6.0-22.17.1 libXvnc1-debuginfo-1.6.0-22.17.1 tigervnc-1.6.0-22.17.1 tigervnc-debuginfo-1.6.0-22.17.1 tigervnc-debugsource-1.6.0-22.17.1 xorg-x11-Xvnc-1.6.0-22.17.1 xorg-x11-Xvnc-debuginfo-1.6.0-22.17.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libXvnc1-1.6.0-22.17.1 libXvnc1-debuginfo-1.6.0-22.17.1 tigervnc-1.6.0-22.17.1 tigervnc-debuginfo-1.6.0-22.17.1 tigervnc-debugsource-1.6.0-22.17.1 xorg-x11-Xvnc-1.6.0-22.17.1 xorg-x11-Xvnc-debuginfo-1.6.0-22.17.1 References: https://www.suse.com/security/cve/CVE-2020-26117.html https://bugzilla.suse.com/1176733 From sle-security-updates at lists.suse.com Fri Oct 9 10:17:23 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 9 Oct 2020 18:17:23 +0200 (CEST) Subject: SUSE-SU-2020:2882-1: critical: Security update for tigervnc Message-ID: <20201009161723.41AD8FD12@maintenance.suse.de> SUSE Security Update: Security update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2882-1 Rating: critical References: #1176733 Cross-References: CVE-2020-26117 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2882=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2882=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2882=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2882=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libXvnc1-1.8.0-13.14.1 libXvnc1-debuginfo-1.8.0-13.14.1 tigervnc-1.8.0-13.14.1 tigervnc-debuginfo-1.8.0-13.14.1 tigervnc-debugsource-1.8.0-13.14.1 xorg-x11-Xvnc-1.8.0-13.14.1 xorg-x11-Xvnc-debuginfo-1.8.0-13.14.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): xorg-x11-Xvnc-novnc-1.8.0-13.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libXvnc1-1.8.0-13.14.1 libXvnc1-debuginfo-1.8.0-13.14.1 tigervnc-1.8.0-13.14.1 tigervnc-debuginfo-1.8.0-13.14.1 tigervnc-debugsource-1.8.0-13.14.1 xorg-x11-Xvnc-1.8.0-13.14.1 xorg-x11-Xvnc-debuginfo-1.8.0-13.14.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): xorg-x11-Xvnc-novnc-1.8.0-13.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libXvnc1-1.8.0-13.14.1 libXvnc1-debuginfo-1.8.0-13.14.1 tigervnc-1.8.0-13.14.1 tigervnc-debuginfo-1.8.0-13.14.1 tigervnc-debugsource-1.8.0-13.14.1 xorg-x11-Xvnc-1.8.0-13.14.1 xorg-x11-Xvnc-debuginfo-1.8.0-13.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): xorg-x11-Xvnc-novnc-1.8.0-13.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libXvnc1-1.8.0-13.14.1 libXvnc1-debuginfo-1.8.0-13.14.1 tigervnc-1.8.0-13.14.1 tigervnc-debuginfo-1.8.0-13.14.1 tigervnc-debugsource-1.8.0-13.14.1 xorg-x11-Xvnc-1.8.0-13.14.1 xorg-x11-Xvnc-debuginfo-1.8.0-13.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): xorg-x11-Xvnc-novnc-1.8.0-13.14.1 References: https://www.suse.com/security/cve/CVE-2020-26117.html https://bugzilla.suse.com/1176733 From sle-security-updates at lists.suse.com Fri Oct 9 10:18:23 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 9 Oct 2020 18:18:23 +0200 (CEST) Subject: SUSE-SU-2020:2880-1: critical: Security update for tigervnc Message-ID: <20201009161823.25975FD12@maintenance.suse.de> SUSE Security Update: Security update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2880-1 Rating: critical References: #1176733 Cross-References: CVE-2020-26117 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2880=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2880=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2880=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2880=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libXvnc-devel-1.9.0-19.9.1 tigervnc-debuginfo-1.9.0-19.9.1 tigervnc-debugsource-1.9.0-19.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libXvnc-devel-1.9.0-19.9.1 tigervnc-debuginfo-1.9.0-19.9.1 tigervnc-debugsource-1.9.0-19.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libXvnc1-1.9.0-19.9.1 libXvnc1-debuginfo-1.9.0-19.9.1 tigervnc-1.9.0-19.9.1 tigervnc-debuginfo-1.9.0-19.9.1 tigervnc-debugsource-1.9.0-19.9.1 xorg-x11-Xvnc-1.9.0-19.9.1 xorg-x11-Xvnc-debuginfo-1.9.0-19.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le x86_64): xorg-x11-Xvnc-module-1.9.0-19.9.1 xorg-x11-Xvnc-module-debuginfo-1.9.0-19.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): xorg-x11-Xvnc-novnc-1.9.0-19.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libXvnc1-1.9.0-19.9.1 libXvnc1-debuginfo-1.9.0-19.9.1 tigervnc-1.9.0-19.9.1 tigervnc-debuginfo-1.9.0-19.9.1 tigervnc-debugsource-1.9.0-19.9.1 xorg-x11-Xvnc-1.9.0-19.9.1 xorg-x11-Xvnc-debuginfo-1.9.0-19.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le x86_64): xorg-x11-Xvnc-module-1.9.0-19.9.1 xorg-x11-Xvnc-module-debuginfo-1.9.0-19.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): xorg-x11-Xvnc-novnc-1.9.0-19.9.1 References: https://www.suse.com/security/cve/CVE-2020-26117.html https://bugzilla.suse.com/1176733 From sle-security-updates at lists.suse.com Mon Oct 12 13:14:22 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 12 Oct 2020 21:14:22 +0200 (CEST) Subject: SUSE-SU-2020:2894-1: important: Security update for php5 Message-ID: <20201012191422.3F74DFD12@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2894-1 Rating: important References: #1177352 Cross-References: CVE-2020-7070 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php5 fixes the following issues: - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2894=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.82.1 apache2-mod_php5-debuginfo-5.5.14-109.82.1 php5-5.5.14-109.82.1 php5-bcmath-5.5.14-109.82.1 php5-bcmath-debuginfo-5.5.14-109.82.1 php5-bz2-5.5.14-109.82.1 php5-bz2-debuginfo-5.5.14-109.82.1 php5-calendar-5.5.14-109.82.1 php5-calendar-debuginfo-5.5.14-109.82.1 php5-ctype-5.5.14-109.82.1 php5-ctype-debuginfo-5.5.14-109.82.1 php5-curl-5.5.14-109.82.1 php5-curl-debuginfo-5.5.14-109.82.1 php5-dba-5.5.14-109.82.1 php5-dba-debuginfo-5.5.14-109.82.1 php5-debuginfo-5.5.14-109.82.1 php5-debugsource-5.5.14-109.82.1 php5-dom-5.5.14-109.82.1 php5-dom-debuginfo-5.5.14-109.82.1 php5-enchant-5.5.14-109.82.1 php5-enchant-debuginfo-5.5.14-109.82.1 php5-exif-5.5.14-109.82.1 php5-exif-debuginfo-5.5.14-109.82.1 php5-fastcgi-5.5.14-109.82.1 php5-fastcgi-debuginfo-5.5.14-109.82.1 php5-fileinfo-5.5.14-109.82.1 php5-fileinfo-debuginfo-5.5.14-109.82.1 php5-fpm-5.5.14-109.82.1 php5-fpm-debuginfo-5.5.14-109.82.1 php5-ftp-5.5.14-109.82.1 php5-ftp-debuginfo-5.5.14-109.82.1 php5-gd-5.5.14-109.82.1 php5-gd-debuginfo-5.5.14-109.82.1 php5-gettext-5.5.14-109.82.1 php5-gettext-debuginfo-5.5.14-109.82.1 php5-gmp-5.5.14-109.82.1 php5-gmp-debuginfo-5.5.14-109.82.1 php5-iconv-5.5.14-109.82.1 php5-iconv-debuginfo-5.5.14-109.82.1 php5-imap-5.5.14-109.82.1 php5-imap-debuginfo-5.5.14-109.82.1 php5-intl-5.5.14-109.82.1 php5-intl-debuginfo-5.5.14-109.82.1 php5-json-5.5.14-109.82.1 php5-json-debuginfo-5.5.14-109.82.1 php5-ldap-5.5.14-109.82.1 php5-ldap-debuginfo-5.5.14-109.82.1 php5-mbstring-5.5.14-109.82.1 php5-mbstring-debuginfo-5.5.14-109.82.1 php5-mcrypt-5.5.14-109.82.1 php5-mcrypt-debuginfo-5.5.14-109.82.1 php5-mysql-5.5.14-109.82.1 php5-mysql-debuginfo-5.5.14-109.82.1 php5-odbc-5.5.14-109.82.1 php5-odbc-debuginfo-5.5.14-109.82.1 php5-opcache-5.5.14-109.82.1 php5-opcache-debuginfo-5.5.14-109.82.1 php5-openssl-5.5.14-109.82.1 php5-openssl-debuginfo-5.5.14-109.82.1 php5-pcntl-5.5.14-109.82.1 php5-pcntl-debuginfo-5.5.14-109.82.1 php5-pdo-5.5.14-109.82.1 php5-pdo-debuginfo-5.5.14-109.82.1 php5-pgsql-5.5.14-109.82.1 php5-pgsql-debuginfo-5.5.14-109.82.1 php5-phar-5.5.14-109.82.1 php5-phar-debuginfo-5.5.14-109.82.1 php5-posix-5.5.14-109.82.1 php5-posix-debuginfo-5.5.14-109.82.1 php5-pspell-5.5.14-109.82.1 php5-pspell-debuginfo-5.5.14-109.82.1 php5-shmop-5.5.14-109.82.1 php5-shmop-debuginfo-5.5.14-109.82.1 php5-snmp-5.5.14-109.82.1 php5-snmp-debuginfo-5.5.14-109.82.1 php5-soap-5.5.14-109.82.1 php5-soap-debuginfo-5.5.14-109.82.1 php5-sockets-5.5.14-109.82.1 php5-sockets-debuginfo-5.5.14-109.82.1 php5-sqlite-5.5.14-109.82.1 php5-sqlite-debuginfo-5.5.14-109.82.1 php5-suhosin-5.5.14-109.82.1 php5-suhosin-debuginfo-5.5.14-109.82.1 php5-sysvmsg-5.5.14-109.82.1 php5-sysvmsg-debuginfo-5.5.14-109.82.1 php5-sysvsem-5.5.14-109.82.1 php5-sysvsem-debuginfo-5.5.14-109.82.1 php5-sysvshm-5.5.14-109.82.1 php5-sysvshm-debuginfo-5.5.14-109.82.1 php5-tokenizer-5.5.14-109.82.1 php5-tokenizer-debuginfo-5.5.14-109.82.1 php5-wddx-5.5.14-109.82.1 php5-wddx-debuginfo-5.5.14-109.82.1 php5-xmlreader-5.5.14-109.82.1 php5-xmlreader-debuginfo-5.5.14-109.82.1 php5-xmlrpc-5.5.14-109.82.1 php5-xmlrpc-debuginfo-5.5.14-109.82.1 php5-xmlwriter-5.5.14-109.82.1 php5-xmlwriter-debuginfo-5.5.14-109.82.1 php5-xsl-5.5.14-109.82.1 php5-xsl-debuginfo-5.5.14-109.82.1 php5-zip-5.5.14-109.82.1 php5-zip-debuginfo-5.5.14-109.82.1 php5-zlib-5.5.14-109.82.1 php5-zlib-debuginfo-5.5.14-109.82.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.82.1 References: https://www.suse.com/security/cve/CVE-2020-7070.html https://bugzilla.suse.com/1177352 From sle-security-updates at lists.suse.com Tue Oct 13 10:15:40 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 18:15:40 +0200 (CEST) Subject: SUSE-SU-2020:2899-1: critical: Security update for rubygem-activesupport-5_1 Message-ID: <20201013161540.870B5FD12@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activesupport-5_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2899-1 Rating: critical References: #1172186 Cross-References: CVE-2020-8165 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activesupport-5_1 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution (bsc#1172186) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2899=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2899=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2899=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-3.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-3.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-8165.html https://bugzilla.suse.com/1172186 From sle-security-updates at lists.suse.com Tue Oct 13 10:16:40 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 18:16:40 +0200 (CEST) Subject: SUSE-SU-2020:2901-1: important: Security update for libproxy Message-ID: <20201013161640.B3F40FD12@maintenance.suse.de> SUSE Security Update: Security update for libproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2901-1 Rating: important References: #1176410 #1177143 Cross-References: CVE-2020-25219 CVE-2020-26154 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2901=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2901=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2901=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2901=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2901=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2901=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2901=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2901=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2901=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2901=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libproxy-plugins-debugsource-0.4.15-4.3.1 libproxy1-config-gnome3-0.4.15-4.3.1 libproxy1-config-gnome3-debuginfo-0.4.15-4.3.1 libproxy1-networkmanager-0.4.15-4.3.1 libproxy1-networkmanager-debuginfo-0.4.15-4.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): libproxy-plugins-debugsource-0.4.15-4.3.1 libproxy1-config-gnome3-0.4.15-4.3.1 libproxy1-config-gnome3-debuginfo-0.4.15-4.3.1 libproxy1-networkmanager-0.4.15-4.3.1 libproxy1-networkmanager-debuginfo-0.4.15-4.3.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libproxy-debugsource-0.4.15-4.3.1 libproxy-devel-0.4.15-4.3.1 libproxy-plugins-debugsource-0.4.15-4.3.1 libproxy1-0.4.15-4.3.1 libproxy1-debuginfo-0.4.15-4.3.1 perl-Net-Libproxy-0.4.15-4.3.1 perl-Net-Libproxy-debuginfo-0.4.15-4.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libproxy-debugsource-0.4.15-4.3.1 libproxy-devel-0.4.15-4.3.1 libproxy-plugins-debugsource-0.4.15-4.3.1 libproxy1-0.4.15-4.3.1 libproxy1-debuginfo-0.4.15-4.3.1 perl-Net-Libproxy-0.4.15-4.3.1 perl-Net-Libproxy-debuginfo-0.4.15-4.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): libproxy-plugins-debugsource-0.4.15-4.3.1 perl-Net-Libproxy-0.4.15-4.3.1 perl-Net-Libproxy-debuginfo-0.4.15-4.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libproxy-plugins-debugsource-0.4.15-4.3.1 perl-Net-Libproxy-0.4.15-4.3.1 perl-Net-Libproxy-debuginfo-0.4.15-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libproxy-debugsource-0.4.15-4.3.1 libproxy-devel-0.4.15-4.3.1 libproxy1-0.4.15-4.3.1 libproxy1-debuginfo-0.4.15-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libproxy-debugsource-0.4.15-4.3.1 libproxy-devel-0.4.15-4.3.1 libproxy1-0.4.15-4.3.1 libproxy1-debuginfo-0.4.15-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libproxy-debugsource-0.4.15-4.3.1 libproxy-devel-0.4.15-4.3.1 libproxy-plugins-debugsource-0.4.15-4.3.1 libproxy1-0.4.15-4.3.1 libproxy1-debuginfo-0.4.15-4.3.1 perl-Net-Libproxy-0.4.15-4.3.1 perl-Net-Libproxy-debuginfo-0.4.15-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libproxy-debugsource-0.4.15-4.3.1 libproxy-devel-0.4.15-4.3.1 libproxy-plugins-debugsource-0.4.15-4.3.1 libproxy1-0.4.15-4.3.1 libproxy1-debuginfo-0.4.15-4.3.1 perl-Net-Libproxy-0.4.15-4.3.1 perl-Net-Libproxy-debuginfo-0.4.15-4.3.1 References: https://www.suse.com/security/cve/CVE-2020-25219.html https://www.suse.com/security/cve/CVE-2020-26154.html https://bugzilla.suse.com/1176410 https://bugzilla.suse.com/1177143 From sle-security-updates at lists.suse.com Tue Oct 13 10:17:45 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 18:17:45 +0200 (CEST) Subject: SUSE-SU-2020:2896-1: important: Security update for php74 Message-ID: <20201013161745.3E56FFD12@maintenance.suse.de> SUSE Security Update: Security update for php74 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2896-1 Rating: important References: #1173786 #1177351 #1177352 Cross-References: CVE-2020-7069 CVE-2020-7070 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for php74 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV was used (bsc#1177351). - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). - Added tmpfiles.d for php-fpm to provide a base for a socket (bsc#1173786) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2896=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2896=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php74-debuginfo-7.4.6-1.13.1 php74-debugsource-7.4.6-1.13.1 php74-devel-7.4.6-1.13.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php74-7.4.6-1.13.1 apache2-mod_php74-debuginfo-7.4.6-1.13.1 php74-7.4.6-1.13.1 php74-bcmath-7.4.6-1.13.1 php74-bcmath-debuginfo-7.4.6-1.13.1 php74-bz2-7.4.6-1.13.1 php74-bz2-debuginfo-7.4.6-1.13.1 php74-calendar-7.4.6-1.13.1 php74-calendar-debuginfo-7.4.6-1.13.1 php74-ctype-7.4.6-1.13.1 php74-ctype-debuginfo-7.4.6-1.13.1 php74-curl-7.4.6-1.13.1 php74-curl-debuginfo-7.4.6-1.13.1 php74-dba-7.4.6-1.13.1 php74-dba-debuginfo-7.4.6-1.13.1 php74-debuginfo-7.4.6-1.13.1 php74-debugsource-7.4.6-1.13.1 php74-dom-7.4.6-1.13.1 php74-dom-debuginfo-7.4.6-1.13.1 php74-enchant-7.4.6-1.13.1 php74-enchant-debuginfo-7.4.6-1.13.1 php74-exif-7.4.6-1.13.1 php74-exif-debuginfo-7.4.6-1.13.1 php74-fastcgi-7.4.6-1.13.1 php74-fastcgi-debuginfo-7.4.6-1.13.1 php74-fileinfo-7.4.6-1.13.1 php74-fileinfo-debuginfo-7.4.6-1.13.1 php74-fpm-7.4.6-1.13.1 php74-fpm-debuginfo-7.4.6-1.13.1 php74-ftp-7.4.6-1.13.1 php74-ftp-debuginfo-7.4.6-1.13.1 php74-gd-7.4.6-1.13.1 php74-gd-debuginfo-7.4.6-1.13.1 php74-gettext-7.4.6-1.13.1 php74-gettext-debuginfo-7.4.6-1.13.1 php74-gmp-7.4.6-1.13.1 php74-gmp-debuginfo-7.4.6-1.13.1 php74-iconv-7.4.6-1.13.1 php74-iconv-debuginfo-7.4.6-1.13.1 php74-intl-7.4.6-1.13.1 php74-intl-debuginfo-7.4.6-1.13.1 php74-json-7.4.6-1.13.1 php74-json-debuginfo-7.4.6-1.13.1 php74-ldap-7.4.6-1.13.1 php74-ldap-debuginfo-7.4.6-1.13.1 php74-mbstring-7.4.6-1.13.1 php74-mbstring-debuginfo-7.4.6-1.13.1 php74-mysql-7.4.6-1.13.1 php74-mysql-debuginfo-7.4.6-1.13.1 php74-odbc-7.4.6-1.13.1 php74-odbc-debuginfo-7.4.6-1.13.1 php74-opcache-7.4.6-1.13.1 php74-opcache-debuginfo-7.4.6-1.13.1 php74-openssl-7.4.6-1.13.1 php74-openssl-debuginfo-7.4.6-1.13.1 php74-pcntl-7.4.6-1.13.1 php74-pcntl-debuginfo-7.4.6-1.13.1 php74-pdo-7.4.6-1.13.1 php74-pdo-debuginfo-7.4.6-1.13.1 php74-pgsql-7.4.6-1.13.1 php74-pgsql-debuginfo-7.4.6-1.13.1 php74-phar-7.4.6-1.13.1 php74-phar-debuginfo-7.4.6-1.13.1 php74-posix-7.4.6-1.13.1 php74-posix-debuginfo-7.4.6-1.13.1 php74-readline-7.4.6-1.13.1 php74-readline-debuginfo-7.4.6-1.13.1 php74-shmop-7.4.6-1.13.1 php74-shmop-debuginfo-7.4.6-1.13.1 php74-snmp-7.4.6-1.13.1 php74-snmp-debuginfo-7.4.6-1.13.1 php74-soap-7.4.6-1.13.1 php74-soap-debuginfo-7.4.6-1.13.1 php74-sockets-7.4.6-1.13.1 php74-sockets-debuginfo-7.4.6-1.13.1 php74-sodium-7.4.6-1.13.1 php74-sodium-debuginfo-7.4.6-1.13.1 php74-sqlite-7.4.6-1.13.1 php74-sqlite-debuginfo-7.4.6-1.13.1 php74-sysvmsg-7.4.6-1.13.1 php74-sysvmsg-debuginfo-7.4.6-1.13.1 php74-sysvsem-7.4.6-1.13.1 php74-sysvsem-debuginfo-7.4.6-1.13.1 php74-sysvshm-7.4.6-1.13.1 php74-sysvshm-debuginfo-7.4.6-1.13.1 php74-tidy-7.4.6-1.13.1 php74-tidy-debuginfo-7.4.6-1.13.1 php74-tokenizer-7.4.6-1.13.1 php74-tokenizer-debuginfo-7.4.6-1.13.1 php74-xmlreader-7.4.6-1.13.1 php74-xmlreader-debuginfo-7.4.6-1.13.1 php74-xmlrpc-7.4.6-1.13.1 php74-xmlrpc-debuginfo-7.4.6-1.13.1 php74-xmlwriter-7.4.6-1.13.1 php74-xmlwriter-debuginfo-7.4.6-1.13.1 php74-xsl-7.4.6-1.13.1 php74-xsl-debuginfo-7.4.6-1.13.1 php74-zip-7.4.6-1.13.1 php74-zip-debuginfo-7.4.6-1.13.1 php74-zlib-7.4.6-1.13.1 php74-zlib-debuginfo-7.4.6-1.13.1 References: https://www.suse.com/security/cve/CVE-2020-7069.html https://www.suse.com/security/cve/CVE-2020-7070.html https://bugzilla.suse.com/1173786 https://bugzilla.suse.com/1177351 https://bugzilla.suse.com/1177352 From sle-security-updates at lists.suse.com Tue Oct 13 10:18:55 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 18:18:55 +0200 (CEST) Subject: SUSE-SU-2020:2898-1: critical: Security update for tigervnc Message-ID: <20201013161855.2F134FD12@maintenance.suse.de> SUSE Security Update: Security update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2898-1 Rating: critical References: #1176733 Cross-References: CVE-2020-26117 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2898=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2898=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2898=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2898=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2898=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2898=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2898=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2898=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2898=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2898=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2898=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libXvnc1-1.6.0-27.1 libXvnc1-debuginfo-1.6.0-27.1 tigervnc-1.6.0-27.1 tigervnc-debuginfo-1.6.0-27.1 tigervnc-debugsource-1.6.0-27.1 xorg-x11-Xvnc-1.6.0-27.1 xorg-x11-Xvnc-debuginfo-1.6.0-27.1 - SUSE OpenStack Cloud 8 (x86_64): libXvnc1-1.6.0-27.1 libXvnc1-debuginfo-1.6.0-27.1 tigervnc-1.6.0-27.1 tigervnc-debuginfo-1.6.0-27.1 tigervnc-debugsource-1.6.0-27.1 xorg-x11-Xvnc-1.6.0-27.1 xorg-x11-Xvnc-debuginfo-1.6.0-27.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libXvnc1-1.6.0-27.1 libXvnc1-debuginfo-1.6.0-27.1 tigervnc-1.6.0-27.1 tigervnc-debuginfo-1.6.0-27.1 tigervnc-debugsource-1.6.0-27.1 xorg-x11-Xvnc-1.6.0-27.1 xorg-x11-Xvnc-debuginfo-1.6.0-27.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libXvnc1-1.6.0-27.1 libXvnc1-debuginfo-1.6.0-27.1 tigervnc-1.6.0-27.1 tigervnc-debuginfo-1.6.0-27.1 tigervnc-debugsource-1.6.0-27.1 xorg-x11-Xvnc-1.6.0-27.1 xorg-x11-Xvnc-debuginfo-1.6.0-27.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libXvnc1-1.6.0-27.1 libXvnc1-debuginfo-1.6.0-27.1 tigervnc-1.6.0-27.1 tigervnc-debuginfo-1.6.0-27.1 tigervnc-debugsource-1.6.0-27.1 xorg-x11-Xvnc-1.6.0-27.1 xorg-x11-Xvnc-debuginfo-1.6.0-27.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libXvnc1-1.6.0-27.1 libXvnc1-debuginfo-1.6.0-27.1 tigervnc-1.6.0-27.1 tigervnc-debuginfo-1.6.0-27.1 tigervnc-debugsource-1.6.0-27.1 xorg-x11-Xvnc-1.6.0-27.1 xorg-x11-Xvnc-debuginfo-1.6.0-27.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libXvnc1-1.6.0-27.1 libXvnc1-debuginfo-1.6.0-27.1 tigervnc-1.6.0-27.1 tigervnc-debuginfo-1.6.0-27.1 tigervnc-debugsource-1.6.0-27.1 xorg-x11-Xvnc-1.6.0-27.1 xorg-x11-Xvnc-debuginfo-1.6.0-27.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libXvnc1-1.6.0-27.1 libXvnc1-debuginfo-1.6.0-27.1 tigervnc-1.6.0-27.1 tigervnc-debuginfo-1.6.0-27.1 tigervnc-debugsource-1.6.0-27.1 xorg-x11-Xvnc-1.6.0-27.1 xorg-x11-Xvnc-debuginfo-1.6.0-27.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libXvnc1-1.6.0-27.1 libXvnc1-debuginfo-1.6.0-27.1 tigervnc-1.6.0-27.1 tigervnc-debuginfo-1.6.0-27.1 tigervnc-debugsource-1.6.0-27.1 xorg-x11-Xvnc-1.6.0-27.1 xorg-x11-Xvnc-debuginfo-1.6.0-27.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libXvnc1-1.6.0-27.1 libXvnc1-debuginfo-1.6.0-27.1 tigervnc-1.6.0-27.1 tigervnc-debuginfo-1.6.0-27.1 tigervnc-debugsource-1.6.0-27.1 xorg-x11-Xvnc-1.6.0-27.1 xorg-x11-Xvnc-debuginfo-1.6.0-27.1 - HPE Helion Openstack 8 (x86_64): libXvnc1-1.6.0-27.1 libXvnc1-debuginfo-1.6.0-27.1 tigervnc-1.6.0-27.1 tigervnc-debuginfo-1.6.0-27.1 tigervnc-debugsource-1.6.0-27.1 xorg-x11-Xvnc-1.6.0-27.1 xorg-x11-Xvnc-debuginfo-1.6.0-27.1 References: https://www.suse.com/security/cve/CVE-2020-26117.html https://bugzilla.suse.com/1176733 From sle-security-updates at lists.suse.com Tue Oct 13 10:21:10 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 18:21:10 +0200 (CEST) Subject: SUSE-SU-2020:2900-1: important: Security update for libproxy Message-ID: <20201013162110.42C60FD12@maintenance.suse.de> SUSE Security Update: Security update for libproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2900-1 Rating: important References: #1176410 #1177143 Cross-References: CVE-2020-25219 CVE-2020-26154 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2900=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2900=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2900=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2900=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2900=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2900=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2900=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2900=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2900=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2900=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2900=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2900=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2900=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2900=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2900=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2900=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2900=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2900=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE OpenStack Cloud 9 (x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE OpenStack Cloud 8 (x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-networkmanager-32bit-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-32bit-0.4.13-18.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-devel-0.4.13-18.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 - SUSE Enterprise Storage 5 (x86_64): libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 - HPE Helion Openstack 8 (x86_64): libproxy-debugsource-0.4.13-18.3.1 libproxy-plugins-debugsource-0.4.13-18.3.1 libproxy1-0.4.13-18.3.1 libproxy1-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-0.4.13-18.3.1 libproxy1-config-gnome3-32bit-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-0.4.13-18.3.1 libproxy1-config-gnome3-debuginfo-32bit-0.4.13-18.3.1 libproxy1-debuginfo-0.4.13-18.3.1 libproxy1-debuginfo-32bit-0.4.13-18.3.1 libproxy1-networkmanager-0.4.13-18.3.1 libproxy1-networkmanager-debuginfo-0.4.13-18.3.1 libproxy1-pacrunner-webkit-0.4.13-18.3.1 libproxy1-pacrunner-webkit-debuginfo-0.4.13-18.3.1 References: https://www.suse.com/security/cve/CVE-2020-25219.html https://www.suse.com/security/cve/CVE-2020-26154.html https://bugzilla.suse.com/1176410 https://bugzilla.suse.com/1177143 From sle-security-updates at lists.suse.com Tue Oct 13 13:16:09 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 21:16:09 +0200 (CEST) Subject: SUSE-SU-2020:2904-1: important: Security update for the Linux Kernel Message-ID: <20201013191609.17988FD12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2904-1 Rating: important References: #1055186 #1065600 #1065729 #1094244 #1112178 #1113956 #1154366 #1163524 #1167527 #1168468 #1169972 #1171675 #1171688 #1171742 #1173115 #1174354 #1174899 #1175228 #1175528 #1175716 #1175749 #1175882 #1176011 #1176022 #1176038 #1176235 #1176242 #1176278 #1176316 #1176317 #1176318 #1176319 #1176320 #1176321 #1176381 #1176423 #1176482 #1176507 #1176536 #1176544 #1176545 #1176546 #1176548 #1176659 #1176698 #1176699 #1176700 #1176721 #1176722 #1176725 #1176732 #1176788 #1176789 #1176869 #1176877 #1176935 #1176950 #1176962 #1176966 #1176990 #1177030 #1177041 #1177042 #1177043 #1177044 #1177121 #1177206 #1177258 #1177291 #1177293 #1177294 #1177295 #1177296 Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14381 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-25641 CVE-2020-25643 CVE-2020-26088 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow (bsc#1177206). - CVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA: firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084). - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084). - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: Convert pr_ uses to a more typical style (git fixes (block drivers)). - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)). - bcm63xx_enet: correct clock usage (git-fixes). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes). - btrfs: avoid possible signal interruption of btrfs_drop_snapshot() on relocation tree (bsc#1174354). - btrfs: balance: print to system log when balance ends or is paused (bsc#1174354). - btrfs: relocation: allow signal to cancel balance (bsc#1174354). - btrfs: relocation: review the call sites which can be interrupted by signal (bsc#1174354). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: take overcommit into account in inc_block_group_ro (bsc#1174354). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - ceph: do not allow setlease on cephfs (bsc#1177041). - ceph: fix potential mdsc use-after-free crash (bsc#1177042). - ceph: fix use-after-free for fsc->mdsc (bsc#1177043). - ceph: handle zero-length feature mask in session messages (bsc#1177044). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: Add (devm_)clk_get_optional() functions (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966). - crypto: dh - check validity of Z before export (bsc#1175716). - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175716). - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175716). - crypto: ecdh - check validity of Z before export (bsc#1175716). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dm crypt: avoid truncating the logical block size (git fixes (block drivers)). - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm: report suspended device during destroy (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm: use noio when sending kobject event (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - Drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes - drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes). - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/radeon: revert "Prefer lower feedback dividers" (git-fixes). - drm/sun4i: Fix dsi dcs long write function (git-fixes). - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes). - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - fbcon: prevent user font height or width change from causing (bsc#1112178) * move from drivers/video/fbdev/fbcon to drivers/video/console * context changes - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950). - ftrace: Move RCU is watching check after recursion check (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes). - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes). - gtp: fix use-after-free in gtp_newlink() (git-fixes). - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - hwmon: (applesmc) check status earlier (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - include: add additional sizes (bsc#1094244 ltc#168122). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293). - iommu/amd: Fix potential @entry null deref (bsc#1177294). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320). - kernel-binary.spec.in: SLE12 tar does not understand --verbatim-files-from - kernel-syms.spec.in: Also use bz compression (boo#1175882). - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084). - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084). - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084). - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084). - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084). - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084). - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084). - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084). - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084). - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084). - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084). - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084). - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084). - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084). - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084). - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084). - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084). - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084). - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084). - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084). - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084). - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084). - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084). - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084). - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084). - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084). - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084). - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084). - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084). - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084). - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084). - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084). - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178). - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321). - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084). - libceph: allow setting abort_on_full for rbd (bsc#1169972). - lib/mpi: Add mpi_sub_ui() (bsc#1175716). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)). - mac802154: tx: fix use-after-free (git-fixes). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)). - mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: lpddr: Fix a double free in probe() (git-fixes). - mtd: phram: fix a double free issue in error path (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes). - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes). - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes). - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes). - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes). - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes). - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes). - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes). - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes). - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: fs_enet: do not call phy_stop() in interrupts (git-fixes). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes). - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08). - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes). - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes). - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes). - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes). - net: mvneta: fix mtu change on port without link (git-fixes). - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: qca_spi: Avoid packet drop during initial sync (git-fixes). - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: improve close of terminated socket (git-fixes). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: tolerate future SMCD versions (git-fixes). - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes). - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes). - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes). - net: stmmac: dwmac4: fix flow control issue (git-fixes). - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes). - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes). - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes). - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes). - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes). - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes). - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes). - net: stmmac: set MSS for each tx DMA channel (git-fixes). - net: stmmac: Use correct values in TQS/RQS fields (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes). - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes). - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes). - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - PCI/ASPM: Allow re-enabling Clock PM (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122). - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122). - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122). - powerpc/64s: Include header file to fix a warning (bsc#1094244 ltc#168122). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122). - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208). - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436). - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122). - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, "--ca-check" is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The "-c" option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtc: ds1374: fix possible race condition (git-fixes). - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: free response frame from GPN_ID (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: libfc: free skb when receiving invalid flogi resp (bsc#1175528). - scsi: libfc: Handling of extra kref (bsc#1175528). - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1175528). - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1175528). - scsi: libfc: Skip additional kref updating work event (bsc#1175528). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08). - usblp: fix race between disconnect() and read() (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes). - USB: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vgacon: remove software scrollback support (bsc#1176278). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vrf: prevent adding upper devices (git-fixes). - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2904=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2904=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2904=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2904=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.41.1 kernel-default-debugsource-4.12.14-122.41.1 kernel-default-extra-4.12.14-122.41.1 kernel-default-extra-debuginfo-4.12.14-122.41.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.41.1 kernel-obs-build-debugsource-4.12.14-122.41.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.41.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.41.1 kernel-default-base-4.12.14-122.41.1 kernel-default-base-debuginfo-4.12.14-122.41.1 kernel-default-debuginfo-4.12.14-122.41.1 kernel-default-debugsource-4.12.14-122.41.1 kernel-default-devel-4.12.14-122.41.1 kernel-syms-4.12.14-122.41.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.41.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.41.1 kernel-macros-4.12.14-122.41.1 kernel-source-4.12.14-122.41.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.41.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.41.1 cluster-md-kmp-default-debuginfo-4.12.14-122.41.1 dlm-kmp-default-4.12.14-122.41.1 dlm-kmp-default-debuginfo-4.12.14-122.41.1 gfs2-kmp-default-4.12.14-122.41.1 gfs2-kmp-default-debuginfo-4.12.14-122.41.1 kernel-default-debuginfo-4.12.14-122.41.1 kernel-default-debugsource-4.12.14-122.41.1 ocfs2-kmp-default-4.12.14-122.41.1 ocfs2-kmp-default-debuginfo-4.12.14-122.41.1 References: https://www.suse.com/security/cve/CVE-2020-0404.html https://www.suse.com/security/cve/CVE-2020-0427.html https://www.suse.com/security/cve/CVE-2020-0431.html https://www.suse.com/security/cve/CVE-2020-0432.html https://www.suse.com/security/cve/CVE-2020-14381.html https://www.suse.com/security/cve/CVE-2020-14390.html https://www.suse.com/security/cve/CVE-2020-25212.html https://www.suse.com/security/cve/CVE-2020-25284.html https://www.suse.com/security/cve/CVE-2020-25641.html https://www.suse.com/security/cve/CVE-2020-25643.html https://www.suse.com/security/cve/CVE-2020-26088.html https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1154366 https://bugzilla.suse.com/1163524 https://bugzilla.suse.com/1167527 https://bugzilla.suse.com/1168468 https://bugzilla.suse.com/1169972 https://bugzilla.suse.com/1171675 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171742 https://bugzilla.suse.com/1173115 https://bugzilla.suse.com/1174354 https://bugzilla.suse.com/1174899 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175528 https://bugzilla.suse.com/1175716 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1175882 https://bugzilla.suse.com/1176011 https://bugzilla.suse.com/1176022 https://bugzilla.suse.com/1176038 https://bugzilla.suse.com/1176235 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176278 https://bugzilla.suse.com/1176316 https://bugzilla.suse.com/1176317 https://bugzilla.suse.com/1176318 https://bugzilla.suse.com/1176319 https://bugzilla.suse.com/1176320 https://bugzilla.suse.com/1176321 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176423 https://bugzilla.suse.com/1176482 https://bugzilla.suse.com/1176507 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176659 https://bugzilla.suse.com/1176698 https://bugzilla.suse.com/1176699 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176721 https://bugzilla.suse.com/1176722 https://bugzilla.suse.com/1176725 https://bugzilla.suse.com/1176732 https://bugzilla.suse.com/1176788 https://bugzilla.suse.com/1176789 https://bugzilla.suse.com/1176869 https://bugzilla.suse.com/1176877 https://bugzilla.suse.com/1176935 https://bugzilla.suse.com/1176950 https://bugzilla.suse.com/1176962 https://bugzilla.suse.com/1176966 https://bugzilla.suse.com/1176990 https://bugzilla.suse.com/1177030 https://bugzilla.suse.com/1177041 https://bugzilla.suse.com/1177042 https://bugzilla.suse.com/1177043 https://bugzilla.suse.com/1177044 https://bugzilla.suse.com/1177121 https://bugzilla.suse.com/1177206 https://bugzilla.suse.com/1177258 https://bugzilla.suse.com/1177291 https://bugzilla.suse.com/1177293 https://bugzilla.suse.com/1177294 https://bugzilla.suse.com/1177295 https://bugzilla.suse.com/1177296 From sle-security-updates at lists.suse.com Tue Oct 13 13:25:27 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 21:25:27 +0200 (CEST) Subject: SUSE-SU-2020:2905-1: important: Security update for the Linux Kernel Message-ID: <20201013192527.DED75FD12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2905-1 Rating: important References: #1055186 #1065600 #1065729 #1094244 #1112178 #1113956 #1154366 #1167527 #1168468 #1169972 #1171675 #1171688 #1171742 #1173115 #1174899 #1175228 #1175749 #1175882 #1176011 #1176022 #1176038 #1176235 #1176242 #1176278 #1176316 #1176317 #1176318 #1176319 #1176320 #1176321 #1176381 #1176395 #1176410 #1176423 #1176482 #1176507 #1176536 #1176544 #1176545 #1176546 #1176548 #1176659 #1176698 #1176699 #1176700 #1176721 #1176722 #1176725 #1176732 #1176788 #1176789 #1176869 #1176877 #1176935 #1176950 #1176962 #1176966 #1176990 #1177027 #1177030 #1177041 #1177042 #1177043 #1177044 #1177121 #1177206 #1177258 #1177291 #1177293 #1177294 #1177295 #1177296 Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14381 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-25641 CVE-2020-25643 CVE-2020-26088 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 61 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow (bsc#1177206). - CVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084). - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084). - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: Convert pr_ uses to a more typical style (git fixes (block drivers)). - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)). - bcm63xx_enet: correct clock usage (git-fixes). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - ceph: do not allow setlease on cephfs (bsc#1177041). - ceph: fix potential mdsc use-after-free crash (bsc#1177042). - ceph: fix use-after-free for fsc->mdsc (bsc#1177043). - ceph: handle zero-length feature mask in session messages (bsc#1177044). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: Add (devm_)clk_get_optional() functions (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dm crypt: avoid truncating the logical block size (git fixes (block drivers)). - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm: report suspended device during destroy (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm: use noio when sending kobject event (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes - drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes). - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/radeon: revert "Prefer lower feedback dividers" (git-fixes). - drm/sun4i: Fix dsi dcs long write function (git-fixes). - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes). - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - EDAC: Fix reference count leaks (bsc#1112178). - fbcon: prevent user font height or width change from causing (bsc#1112178) - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950). - ftrace: Move RCU is watching check after recursion check (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes). - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes). - gtp: fix use-after-free in gtp_newlink() (git-fixes). - Hide e21a4f3a930c as of its duplication - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - hwmon: (applesmc) check status earlier (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - include: add additional sizes (bsc#1094244 ltc#168122). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293). - iommu/amd: Fix potential @entry null deref (bsc#1177294). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084). - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084). - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084). - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084). - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084). - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084). - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084). - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084). - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084). - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084). - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084). - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084). - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084). - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084). - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084). - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084). - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084). - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084). - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084). - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084). - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084). - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084). - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084). - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084). - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084). - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084). - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084). - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084). - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084). - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084). - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084). - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084). - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178). - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321). - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178). - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084). - libceph: allow setting abort_on_full for rbd (bsc#1169972). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)). - mac802154: tx: fix use-after-free (git-fixes). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)). - mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: lpddr: Fix a double free in probe() (git-fixes). - mtd: phram: fix a double free issue in error path (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes). - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes). - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes). - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes). - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes). - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes). - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes). - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes). - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes). - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: fs_enet: do not call phy_stop() in interrupts (git-fixes). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes). - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08). - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes). - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes). - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes). - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes). - net: mvneta: fix mtu change on port without link (git-fixes). - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: qca_spi: Avoid packet drop during initial sync (git-fixes). - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: improve close of terminated socket (git-fixes). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: tolerate future SMCD versions (git-fixes). - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes). - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes). - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes). - net: stmmac: dwmac4: fix flow control issue (git-fixes). - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes). - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes). - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes). - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes). - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes). - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes). - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes). - net: stmmac: set MSS for each tx DMA channel (git-fixes). - net: stmmac: Use correct values in TQS/RQS fields (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes). - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes). - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes). - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - PCI/ASPM: Allow re-enabling Clock PM (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122). - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122). - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122). - powerpc/64s: Include header file to fix a warning (bsc#1094244 ltc#168122). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122). - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208). - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436). - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122). - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, "--ca-check" is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The "-c" option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtc: ds1374: fix possible race condition (git-fixes). - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: free response frame from GPN_ID (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08). - usblp: fix race between disconnect() and read() (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes). - USB: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vgacon: remove software scrollback support (bsc#1176278). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vrf: prevent adding upper devices (git-fixes). - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2905=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2905=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2905=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2905=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2905=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.61.1 kernel-default-debugsource-4.12.14-197.61.1 kernel-default-extra-4.12.14-197.61.1 kernel-default-extra-debuginfo-4.12.14-197.61.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.61.1 kernel-default-debugsource-4.12.14-197.61.1 reiserfs-kmp-default-4.12.14-197.61.1 reiserfs-kmp-default-debuginfo-4.12.14-197.61.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.61.1 kernel-obs-build-debugsource-4.12.14-197.61.1 kernel-syms-4.12.14-197.61.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.61.1 kernel-source-4.12.14-197.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.61.1 kernel-default-base-4.12.14-197.61.1 kernel-default-base-debuginfo-4.12.14-197.61.1 kernel-default-debuginfo-4.12.14-197.61.1 kernel-default-debugsource-4.12.14-197.61.1 kernel-default-devel-4.12.14-197.61.1 kernel-default-devel-debuginfo-4.12.14-197.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.61.1 kernel-macros-4.12.14-197.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.61.1 kernel-zfcpdump-debuginfo-4.12.14-197.61.1 kernel-zfcpdump-debugsource-4.12.14-197.61.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.61.1 cluster-md-kmp-default-debuginfo-4.12.14-197.61.1 dlm-kmp-default-4.12.14-197.61.1 dlm-kmp-default-debuginfo-4.12.14-197.61.1 gfs2-kmp-default-4.12.14-197.61.1 gfs2-kmp-default-debuginfo-4.12.14-197.61.1 kernel-default-debuginfo-4.12.14-197.61.1 kernel-default-debugsource-4.12.14-197.61.1 ocfs2-kmp-default-4.12.14-197.61.1 ocfs2-kmp-default-debuginfo-4.12.14-197.61.1 References: https://www.suse.com/security/cve/CVE-2020-0404.html https://www.suse.com/security/cve/CVE-2020-0427.html https://www.suse.com/security/cve/CVE-2020-0431.html https://www.suse.com/security/cve/CVE-2020-0432.html https://www.suse.com/security/cve/CVE-2020-14381.html https://www.suse.com/security/cve/CVE-2020-14390.html https://www.suse.com/security/cve/CVE-2020-25212.html https://www.suse.com/security/cve/CVE-2020-25284.html https://www.suse.com/security/cve/CVE-2020-25641.html https://www.suse.com/security/cve/CVE-2020-25643.html https://www.suse.com/security/cve/CVE-2020-26088.html https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1154366 https://bugzilla.suse.com/1167527 https://bugzilla.suse.com/1168468 https://bugzilla.suse.com/1169972 https://bugzilla.suse.com/1171675 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171742 https://bugzilla.suse.com/1173115 https://bugzilla.suse.com/1174899 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1175882 https://bugzilla.suse.com/1176011 https://bugzilla.suse.com/1176022 https://bugzilla.suse.com/1176038 https://bugzilla.suse.com/1176235 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176278 https://bugzilla.suse.com/1176316 https://bugzilla.suse.com/1176317 https://bugzilla.suse.com/1176318 https://bugzilla.suse.com/1176319 https://bugzilla.suse.com/1176320 https://bugzilla.suse.com/1176321 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176410 https://bugzilla.suse.com/1176423 https://bugzilla.suse.com/1176482 https://bugzilla.suse.com/1176507 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176659 https://bugzilla.suse.com/1176698 https://bugzilla.suse.com/1176699 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176721 https://bugzilla.suse.com/1176722 https://bugzilla.suse.com/1176725 https://bugzilla.suse.com/1176732 https://bugzilla.suse.com/1176788 https://bugzilla.suse.com/1176789 https://bugzilla.suse.com/1176869 https://bugzilla.suse.com/1176877 https://bugzilla.suse.com/1176935 https://bugzilla.suse.com/1176950 https://bugzilla.suse.com/1176962 https://bugzilla.suse.com/1176966 https://bugzilla.suse.com/1176990 https://bugzilla.suse.com/1177027 https://bugzilla.suse.com/1177030 https://bugzilla.suse.com/1177041 https://bugzilla.suse.com/1177042 https://bugzilla.suse.com/1177043 https://bugzilla.suse.com/1177044 https://bugzilla.suse.com/1177121 https://bugzilla.suse.com/1177206 https://bugzilla.suse.com/1177258 https://bugzilla.suse.com/1177291 https://bugzilla.suse.com/1177293 https://bugzilla.suse.com/1177294 https://bugzilla.suse.com/1177295 https://bugzilla.suse.com/1177296 From sle-security-updates at lists.suse.com Tue Oct 13 13:33:43 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 21:33:43 +0200 (CEST) Subject: SUSE-SU-2020:2905-1: important: Security update for the Linux Kernel Message-ID: <20201013193343.A7C1AFD12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2905-1 Rating: important References: #1055186 #1065600 #1065729 #1094244 #1112178 #1113956 #1154366 #1167527 #1168468 #1169972 #1171675 #1171688 #1171742 #1173115 #1174899 #1175228 #1175749 #1175882 #1176011 #1176022 #1176038 #1176235 #1176242 #1176278 #1176316 #1176317 #1176318 #1176319 #1176320 #1176321 #1176381 #1176395 #1176410 #1176423 #1176482 #1176507 #1176536 #1176544 #1176545 #1176546 #1176548 #1176659 #1176698 #1176699 #1176700 #1176721 #1176722 #1176725 #1176732 #1176788 #1176789 #1176869 #1176877 #1176935 #1176950 #1176962 #1176966 #1176990 #1177027 #1177030 #1177041 #1177042 #1177043 #1177044 #1177121 #1177206 #1177258 #1177291 #1177293 #1177294 #1177295 #1177296 Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14381 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-25641 CVE-2020-25643 CVE-2020-26088 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 61 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow (bsc#1177206). - CVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084). - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084). - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: Convert pr_ uses to a more typical style (git fixes (block drivers)). - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)). - bcm63xx_enet: correct clock usage (git-fixes). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - ceph: do not allow setlease on cephfs (bsc#1177041). - ceph: fix potential mdsc use-after-free crash (bsc#1177042). - ceph: fix use-after-free for fsc->mdsc (bsc#1177043). - ceph: handle zero-length feature mask in session messages (bsc#1177044). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: Add (devm_)clk_get_optional() functions (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dm crypt: avoid truncating the logical block size (git fixes (block drivers)). - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm: report suspended device during destroy (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm: use noio when sending kobject event (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes - drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes). - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/radeon: revert "Prefer lower feedback dividers" (git-fixes). - drm/sun4i: Fix dsi dcs long write function (git-fixes). - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes). - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - EDAC: Fix reference count leaks (bsc#1112178). - fbcon: prevent user font height or width change from causing (bsc#1112178) - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950). - ftrace: Move RCU is watching check after recursion check (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes). - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes). - gtp: fix use-after-free in gtp_newlink() (git-fixes). - Hide e21a4f3a930c as of its duplication - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - hwmon: (applesmc) check status earlier (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - include: add additional sizes (bsc#1094244 ltc#168122). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293). - iommu/amd: Fix potential @entry null deref (bsc#1177294). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084). - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084). - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084). - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084). - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084). - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084). - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084). - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084). - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084). - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084). - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084). - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084). - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084). - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084). - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084). - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084). - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084). - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084). - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084). - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084). - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084). - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084). - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084). - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084). - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084). - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084). - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084). - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084). - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084). - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084). - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084). - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084). - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178). - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321). - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178). - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084). - libceph: allow setting abort_on_full for rbd (bsc#1169972). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)). - mac802154: tx: fix use-after-free (git-fixes). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)). - mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: lpddr: Fix a double free in probe() (git-fixes). - mtd: phram: fix a double free issue in error path (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes). - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes). - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes). - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes). - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes). - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes). - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes). - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes). - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes). - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: fs_enet: do not call phy_stop() in interrupts (git-fixes). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes). - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08). - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes). - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes). - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes). - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes). - net: mvneta: fix mtu change on port without link (git-fixes). - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: qca_spi: Avoid packet drop during initial sync (git-fixes). - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: improve close of terminated socket (git-fixes). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: tolerate future SMCD versions (git-fixes). - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes). - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes). - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes). - net: stmmac: dwmac4: fix flow control issue (git-fixes). - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes). - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes). - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes). - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes). - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes). - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes). - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes). - net: stmmac: set MSS for each tx DMA channel (git-fixes). - net: stmmac: Use correct values in TQS/RQS fields (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes). - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes). - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes). - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - PCI/ASPM: Allow re-enabling Clock PM (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122). - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122). - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122). - powerpc/64s: Include header file to fix a warning (bsc#1094244 ltc#168122). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122). - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208). - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436). - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122). - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, "--ca-check" is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The "-c" option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtc: ds1374: fix possible race condition (git-fixes). - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: free response frame from GPN_ID (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08). - usblp: fix race between disconnect() and read() (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes). - USB: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vgacon: remove software scrollback support (bsc#1176278). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vrf: prevent adding upper devices (git-fixes). - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2905=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2905=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2905=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2905=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2905=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2905=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.61.1 kernel-default-debugsource-4.12.14-197.61.1 kernel-default-extra-4.12.14-197.61.1 kernel-default-extra-debuginfo-4.12.14-197.61.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.61.1 kernel-default-debugsource-4.12.14-197.61.1 kernel-default-livepatch-4.12.14-197.61.1 kernel-default-livepatch-devel-4.12.14-197.61.1 kernel-livepatch-4_12_14-197_61-default-1-3.5.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.61.1 kernel-default-debugsource-4.12.14-197.61.1 reiserfs-kmp-default-4.12.14-197.61.1 reiserfs-kmp-default-debuginfo-4.12.14-197.61.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.61.1 kernel-obs-build-debugsource-4.12.14-197.61.1 kernel-syms-4.12.14-197.61.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.61.1 kernel-source-4.12.14-197.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.61.1 kernel-default-base-4.12.14-197.61.1 kernel-default-base-debuginfo-4.12.14-197.61.1 kernel-default-debuginfo-4.12.14-197.61.1 kernel-default-debugsource-4.12.14-197.61.1 kernel-default-devel-4.12.14-197.61.1 kernel-default-devel-debuginfo-4.12.14-197.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.61.1 kernel-macros-4.12.14-197.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.61.1 kernel-zfcpdump-debuginfo-4.12.14-197.61.1 kernel-zfcpdump-debugsource-4.12.14-197.61.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.61.1 cluster-md-kmp-default-debuginfo-4.12.14-197.61.1 dlm-kmp-default-4.12.14-197.61.1 dlm-kmp-default-debuginfo-4.12.14-197.61.1 gfs2-kmp-default-4.12.14-197.61.1 gfs2-kmp-default-debuginfo-4.12.14-197.61.1 kernel-default-debuginfo-4.12.14-197.61.1 kernel-default-debugsource-4.12.14-197.61.1 ocfs2-kmp-default-4.12.14-197.61.1 ocfs2-kmp-default-debuginfo-4.12.14-197.61.1 References: https://www.suse.com/security/cve/CVE-2020-0404.html https://www.suse.com/security/cve/CVE-2020-0427.html https://www.suse.com/security/cve/CVE-2020-0431.html https://www.suse.com/security/cve/CVE-2020-0432.html https://www.suse.com/security/cve/CVE-2020-14381.html https://www.suse.com/security/cve/CVE-2020-14390.html https://www.suse.com/security/cve/CVE-2020-25212.html https://www.suse.com/security/cve/CVE-2020-25284.html https://www.suse.com/security/cve/CVE-2020-25641.html https://www.suse.com/security/cve/CVE-2020-25643.html https://www.suse.com/security/cve/CVE-2020-26088.html https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1154366 https://bugzilla.suse.com/1167527 https://bugzilla.suse.com/1168468 https://bugzilla.suse.com/1169972 https://bugzilla.suse.com/1171675 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171742 https://bugzilla.suse.com/1173115 https://bugzilla.suse.com/1174899 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1175882 https://bugzilla.suse.com/1176011 https://bugzilla.suse.com/1176022 https://bugzilla.suse.com/1176038 https://bugzilla.suse.com/1176235 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176278 https://bugzilla.suse.com/1176316 https://bugzilla.suse.com/1176317 https://bugzilla.suse.com/1176318 https://bugzilla.suse.com/1176319 https://bugzilla.suse.com/1176320 https://bugzilla.suse.com/1176321 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176410 https://bugzilla.suse.com/1176423 https://bugzilla.suse.com/1176482 https://bugzilla.suse.com/1176507 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176659 https://bugzilla.suse.com/1176698 https://bugzilla.suse.com/1176699 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176721 https://bugzilla.suse.com/1176722 https://bugzilla.suse.com/1176725 https://bugzilla.suse.com/1176732 https://bugzilla.suse.com/1176788 https://bugzilla.suse.com/1176789 https://bugzilla.suse.com/1176869 https://bugzilla.suse.com/1176877 https://bugzilla.suse.com/1176935 https://bugzilla.suse.com/1176950 https://bugzilla.suse.com/1176962 https://bugzilla.suse.com/1176966 https://bugzilla.suse.com/1176990 https://bugzilla.suse.com/1177027 https://bugzilla.suse.com/1177030 https://bugzilla.suse.com/1177041 https://bugzilla.suse.com/1177042 https://bugzilla.suse.com/1177043 https://bugzilla.suse.com/1177044 https://bugzilla.suse.com/1177121 https://bugzilla.suse.com/1177206 https://bugzilla.suse.com/1177258 https://bugzilla.suse.com/1177291 https://bugzilla.suse.com/1177293 https://bugzilla.suse.com/1177294 https://bugzilla.suse.com/1177295 https://bugzilla.suse.com/1177296 From sle-security-updates at lists.suse.com Tue Oct 13 13:44:10 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 21:44:10 +0200 (CEST) Subject: SUSE-SU-2020:2904-1: important: Security update for the Linux Kernel Message-ID: <20201013194410.2B5DFFD12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2904-1 Rating: important References: #1055186 #1065600 #1065729 #1094244 #1112178 #1113956 #1154366 #1163524 #1167527 #1168468 #1169972 #1171675 #1171688 #1171742 #1173115 #1174354 #1174899 #1175228 #1175528 #1175716 #1175749 #1175882 #1176011 #1176022 #1176038 #1176235 #1176242 #1176278 #1176316 #1176317 #1176318 #1176319 #1176320 #1176321 #1176381 #1176423 #1176482 #1176507 #1176536 #1176544 #1176545 #1176546 #1176548 #1176659 #1176698 #1176699 #1176700 #1176721 #1176722 #1176725 #1176732 #1176788 #1176789 #1176869 #1176877 #1176935 #1176950 #1176962 #1176966 #1176990 #1177030 #1177041 #1177042 #1177043 #1177044 #1177121 #1177206 #1177258 #1177291 #1177293 #1177294 #1177295 #1177296 Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14381 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-25641 CVE-2020-25643 CVE-2020-26088 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow (bsc#1177206). - CVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA: firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084). - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084). - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: Convert pr_ uses to a more typical style (git fixes (block drivers)). - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)). - bcm63xx_enet: correct clock usage (git-fixes). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes). - btrfs: avoid possible signal interruption of btrfs_drop_snapshot() on relocation tree (bsc#1174354). - btrfs: balance: print to system log when balance ends or is paused (bsc#1174354). - btrfs: relocation: allow signal to cancel balance (bsc#1174354). - btrfs: relocation: review the call sites which can be interrupted by signal (bsc#1174354). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: take overcommit into account in inc_block_group_ro (bsc#1174354). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - ceph: do not allow setlease on cephfs (bsc#1177041). - ceph: fix potential mdsc use-after-free crash (bsc#1177042). - ceph: fix use-after-free for fsc->mdsc (bsc#1177043). - ceph: handle zero-length feature mask in session messages (bsc#1177044). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: Add (devm_)clk_get_optional() functions (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966). - crypto: dh - check validity of Z before export (bsc#1175716). - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175716). - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175716). - crypto: ecdh - check validity of Z before export (bsc#1175716). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dm crypt: avoid truncating the logical block size (git fixes (block drivers)). - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm: report suspended device during destroy (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm: use noio when sending kobject event (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - Drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes - drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes). - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/radeon: revert "Prefer lower feedback dividers" (git-fixes). - drm/sun4i: Fix dsi dcs long write function (git-fixes). - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes). - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - fbcon: prevent user font height or width change from causing (bsc#1112178) * move from drivers/video/fbdev/fbcon to drivers/video/console * context changes - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950). - ftrace: Move RCU is watching check after recursion check (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes). - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes). - gtp: fix use-after-free in gtp_newlink() (git-fixes). - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - hwmon: (applesmc) check status earlier (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - include: add additional sizes (bsc#1094244 ltc#168122). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293). - iommu/amd: Fix potential @entry null deref (bsc#1177294). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320). - kernel-binary.spec.in: SLE12 tar does not understand --verbatim-files-from - kernel-syms.spec.in: Also use bz compression (boo#1175882). - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084). - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084). - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084). - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084). - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084). - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084). - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084). - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084). - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084). - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084). - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084). - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084). - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084). - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084). - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084). - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084). - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084). - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084). - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084). - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084). - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084). - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084). - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084). - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084). - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084). - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084). - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084). - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084). - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084). - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084). - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084). - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084). - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178). - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321). - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084). - libceph: allow setting abort_on_full for rbd (bsc#1169972). - lib/mpi: Add mpi_sub_ui() (bsc#1175716). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)). - mac802154: tx: fix use-after-free (git-fixes). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)). - mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: lpddr: Fix a double free in probe() (git-fixes). - mtd: phram: fix a double free issue in error path (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes). - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes). - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes). - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes). - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes). - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes). - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes). - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes). - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes). - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: fs_enet: do not call phy_stop() in interrupts (git-fixes). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes). - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08). - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes). - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes). - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes). - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes). - net: mvneta: fix mtu change on port without link (git-fixes). - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: qca_spi: Avoid packet drop during initial sync (git-fixes). - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: improve close of terminated socket (git-fixes). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: tolerate future SMCD versions (git-fixes). - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes). - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes). - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes). - net: stmmac: dwmac4: fix flow control issue (git-fixes). - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes). - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes). - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes). - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes). - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes). - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes). - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes). - net: stmmac: set MSS for each tx DMA channel (git-fixes). - net: stmmac: Use correct values in TQS/RQS fields (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes). - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes). - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes). - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - PCI/ASPM: Allow re-enabling Clock PM (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122). - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122). - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122). - powerpc/64s: Include header file to fix a warning (bsc#1094244 ltc#168122). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122). - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208). - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436). - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122). - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, "--ca-check" is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The "-c" option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtc: ds1374: fix possible race condition (git-fixes). - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: free response frame from GPN_ID (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: libfc: free skb when receiving invalid flogi resp (bsc#1175528). - scsi: libfc: Handling of extra kref (bsc#1175528). - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1175528). - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1175528). - scsi: libfc: Skip additional kref updating work event (bsc#1175528). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08). - usblp: fix race between disconnect() and read() (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes). - USB: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vgacon: remove software scrollback support (bsc#1176278). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vrf: prevent adding upper devices (git-fixes). - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2904=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2904=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2904=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2904=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2904=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.41.1 kernel-default-debugsource-4.12.14-122.41.1 kernel-default-extra-4.12.14-122.41.1 kernel-default-extra-debuginfo-4.12.14-122.41.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.41.1 kernel-obs-build-debugsource-4.12.14-122.41.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.41.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.41.1 kernel-default-base-4.12.14-122.41.1 kernel-default-base-debuginfo-4.12.14-122.41.1 kernel-default-debuginfo-4.12.14-122.41.1 kernel-default-debugsource-4.12.14-122.41.1 kernel-default-devel-4.12.14-122.41.1 kernel-syms-4.12.14-122.41.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.41.1 kernel-macros-4.12.14-122.41.1 kernel-source-4.12.14-122.41.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.41.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.41.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.41.1 kernel-default-debugsource-4.12.14-122.41.1 kernel-default-kgraft-4.12.14-122.41.1 kernel-default-kgraft-devel-4.12.14-122.41.1 kgraft-patch-4_12_14-122_41-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.41.1 cluster-md-kmp-default-debuginfo-4.12.14-122.41.1 dlm-kmp-default-4.12.14-122.41.1 dlm-kmp-default-debuginfo-4.12.14-122.41.1 gfs2-kmp-default-4.12.14-122.41.1 gfs2-kmp-default-debuginfo-4.12.14-122.41.1 kernel-default-debuginfo-4.12.14-122.41.1 kernel-default-debugsource-4.12.14-122.41.1 ocfs2-kmp-default-4.12.14-122.41.1 ocfs2-kmp-default-debuginfo-4.12.14-122.41.1 References: https://www.suse.com/security/cve/CVE-2020-0404.html https://www.suse.com/security/cve/CVE-2020-0427.html https://www.suse.com/security/cve/CVE-2020-0431.html https://www.suse.com/security/cve/CVE-2020-0432.html https://www.suse.com/security/cve/CVE-2020-14381.html https://www.suse.com/security/cve/CVE-2020-14390.html https://www.suse.com/security/cve/CVE-2020-25212.html https://www.suse.com/security/cve/CVE-2020-25284.html https://www.suse.com/security/cve/CVE-2020-25641.html https://www.suse.com/security/cve/CVE-2020-25643.html https://www.suse.com/security/cve/CVE-2020-26088.html https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1154366 https://bugzilla.suse.com/1163524 https://bugzilla.suse.com/1167527 https://bugzilla.suse.com/1168468 https://bugzilla.suse.com/1169972 https://bugzilla.suse.com/1171675 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171742 https://bugzilla.suse.com/1173115 https://bugzilla.suse.com/1174354 https://bugzilla.suse.com/1174899 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175528 https://bugzilla.suse.com/1175716 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1175882 https://bugzilla.suse.com/1176011 https://bugzilla.suse.com/1176022 https://bugzilla.suse.com/1176038 https://bugzilla.suse.com/1176235 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176278 https://bugzilla.suse.com/1176316 https://bugzilla.suse.com/1176317 https://bugzilla.suse.com/1176318 https://bugzilla.suse.com/1176319 https://bugzilla.suse.com/1176320 https://bugzilla.suse.com/1176321 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176423 https://bugzilla.suse.com/1176482 https://bugzilla.suse.com/1176507 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176659 https://bugzilla.suse.com/1176698 https://bugzilla.suse.com/1176699 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176721 https://bugzilla.suse.com/1176722 https://bugzilla.suse.com/1176725 https://bugzilla.suse.com/1176732 https://bugzilla.suse.com/1176788 https://bugzilla.suse.com/1176789 https://bugzilla.suse.com/1176869 https://bugzilla.suse.com/1176877 https://bugzilla.suse.com/1176935 https://bugzilla.suse.com/1176950 https://bugzilla.suse.com/1176962 https://bugzilla.suse.com/1176966 https://bugzilla.suse.com/1176990 https://bugzilla.suse.com/1177030 https://bugzilla.suse.com/1177041 https://bugzilla.suse.com/1177042 https://bugzilla.suse.com/1177043 https://bugzilla.suse.com/1177044 https://bugzilla.suse.com/1177121 https://bugzilla.suse.com/1177206 https://bugzilla.suse.com/1177258 https://bugzilla.suse.com/1177291 https://bugzilla.suse.com/1177293 https://bugzilla.suse.com/1177294 https://bugzilla.suse.com/1177295 https://bugzilla.suse.com/1177296 From sle-security-updates at lists.suse.com Tue Oct 13 13:53:25 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 21:53:25 +0200 (CEST) Subject: SUSE-SU-2020:2907-1: important: Security update for the Linux Kernel Message-ID: <20201013195325.87079FD11@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2907-1 Rating: important References: #1055186 #1065600 #1065729 #1094244 #1112178 #1113956 #1154366 #1163524 #1167527 #1169972 #1171688 #1171742 #1173115 #1174354 #1174899 #1175228 #1175528 #1175749 #1175882 #1176011 #1176022 #1176038 #1176235 #1176242 #1176278 #1176316 #1176317 #1176318 #1176319 #1176320 #1176321 #1176381 #1176395 #1176410 #1176423 #1176482 #1176507 #1176536 #1176544 #1176545 #1176546 #1176548 #1176659 #1176698 #1176699 #1176700 #1176721 #1176722 #1176725 #1176732 #1176788 #1176789 #1176869 #1176877 #1176935 #1176950 #1176962 #1176966 #1176990 #1177027 #1177030 #1177041 #1177042 #1177043 #1177044 #1177121 #1177206 #1177291 #1177293 #1177294 #1177295 #1177296 Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14381 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-25641 CVE-2020-25643 CVE-2020-26088 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 61 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow (bsc#1177206). - CVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121). The following non-security bugs were fixed: - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA: firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084). - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084). - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: Convert pr_ uses to a more typical style (git fixes (block drivers)). - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)). - bcm63xx_enet: correct clock usage (git-fixes). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes). - btrfs: avoid possible signal interruption of btrfs_drop_snapshot() on relocation tree (bsc#1174354). - btrfs: balance: print to system log when balance ends or is paused (bsc#1174354). - btrfs: relocation: allow signal to cancel balance (bsc#1174354). - btrfs: relocation: review the call sites which can be interrupted by signal (bsc#1174354). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: take overcommit into account in inc_block_group_ro (bsc#1174354). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - ceph: do not allow setlease on cephfs (bsc#1177041). - ceph: fix potential mdsc use-after-free crash (bsc#1177042). - ceph: fix use-after-free for fsc->mdsc (bsc#1177043). - ceph: handle zero-length feature mask in session messages (bsc#1177044). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: Add (devm_)clk_get_optional() functions (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dm crypt: avoid truncating the logical block size (git fixes (block drivers)). - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm: report suspended device during destroy (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm: use noio when sending kobject event (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes - drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes). - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/radeon: revert "Prefer lower feedback dividers" (git-fixes). - drm/sun4i: Fix dsi dcs long write function (git-fixes). - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes). - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - fbcon: prevent user font height or width change from causing (bsc#1112178) - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950). - ftrace: Move RCU is watching check after recursion check (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes). - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes). - gtp: fix use-after-free in gtp_newlink() (git-fixes). - Hide e21a4f3a930c as of its duplication - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - hwmon: (applesmc) check status earlier (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - include: add additional sizes (bsc#1094244 ltc#168122). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293). - iommu/amd: Fix potential @entry null deref (bsc#1177294). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320). - kernel-binary.spec.in: SLE12 tar does not understand --verbatim-files-from - kernel-syms.spec.in: Also use bz compression (boo#1175882). - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084). - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084). - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084). - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084). - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084). - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084). - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084). - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084). - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084). - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084). - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084). - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084). - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084). - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084). - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084). - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084). - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084). - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084). - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084). - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084). - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084). - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084). - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084). - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084). - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084). - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084). - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084). - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084). - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084). - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084). - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084). - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084). - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178). - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321). - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084). - libceph: allow setting abort_on_full for rbd (bsc#1169972). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)). - mac802154: tx: fix use-after-free (git-fixes). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)). - mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: lpddr: Fix a double free in probe() (git-fixes). - mtd: phram: fix a double free issue in error path (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes). - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes). - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes). - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes). - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes). - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes). - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes). - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes). - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes). - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: fs_enet: do not call phy_stop() in interrupts (git-fixes). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes). - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08). - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes). - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes). - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes). - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes). - net: mvneta: fix mtu change on port without link (git-fixes). - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: qca_spi: Avoid packet drop during initial sync (git-fixes). - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: improve close of terminated socket (git-fixes). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: tolerate future SMCD versions (git-fixes). - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes). - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes). - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes). - net: stmmac: dwmac4: fix flow control issue (git-fixes). - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes). - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes). - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes). - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes). - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes). - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes). - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes). - net: stmmac: set MSS for each tx DMA channel (git-fixes). - net: stmmac: Use correct values in TQS/RQS fields (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes). - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes). - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes). - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - PCI/ASPM: Allow re-enabling Clock PM (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122). - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122). - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122). - powerpc/64s: Include header file to fix a warning (bsc#1094244 ltc#168122). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122). - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208). - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436). - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122). - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - Revert "rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857" This reverts commit 971fc3df729b6a7692040f4e7fc7664d8e12c659. - Revert "sign also s390x kernel images (bsc#1163524)" - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, "--ca-check" is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The "-c" option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtc: ds1374: fix possible race condition (git-fixes). - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: free response frame from GPN_ID (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: libfc: free skb when receiving invalid flogi resp (bsc#1175528). - scsi: libfc: Handling of extra kref (bsc#1175528). - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1175528). - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1175528). - scsi: libfc: Skip additional kref updating work event (bsc#1175528). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08). - usblp: fix race between disconnect() and read() (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes). - USB: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vgacon: remove software scrollback support (bsc#1176278). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vrf: prevent adding upper devices (git-fixes). - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2907=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.31.1 kernel-azure-base-4.12.14-16.31.1 kernel-azure-base-debuginfo-4.12.14-16.31.1 kernel-azure-debuginfo-4.12.14-16.31.1 kernel-azure-debugsource-4.12.14-16.31.1 kernel-azure-devel-4.12.14-16.31.1 kernel-syms-azure-4.12.14-16.31.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.31.1 kernel-source-azure-4.12.14-16.31.1 References: https://www.suse.com/security/cve/CVE-2020-0404.html https://www.suse.com/security/cve/CVE-2020-0427.html https://www.suse.com/security/cve/CVE-2020-0431.html https://www.suse.com/security/cve/CVE-2020-0432.html https://www.suse.com/security/cve/CVE-2020-14381.html https://www.suse.com/security/cve/CVE-2020-14390.html https://www.suse.com/security/cve/CVE-2020-25212.html https://www.suse.com/security/cve/CVE-2020-25284.html https://www.suse.com/security/cve/CVE-2020-25641.html https://www.suse.com/security/cve/CVE-2020-25643.html https://www.suse.com/security/cve/CVE-2020-26088.html https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1154366 https://bugzilla.suse.com/1163524 https://bugzilla.suse.com/1167527 https://bugzilla.suse.com/1169972 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171742 https://bugzilla.suse.com/1173115 https://bugzilla.suse.com/1174354 https://bugzilla.suse.com/1174899 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175528 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1175882 https://bugzilla.suse.com/1176011 https://bugzilla.suse.com/1176022 https://bugzilla.suse.com/1176038 https://bugzilla.suse.com/1176235 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176278 https://bugzilla.suse.com/1176316 https://bugzilla.suse.com/1176317 https://bugzilla.suse.com/1176318 https://bugzilla.suse.com/1176319 https://bugzilla.suse.com/1176320 https://bugzilla.suse.com/1176321 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176410 https://bugzilla.suse.com/1176423 https://bugzilla.suse.com/1176482 https://bugzilla.suse.com/1176507 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176659 https://bugzilla.suse.com/1176698 https://bugzilla.suse.com/1176699 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176721 https://bugzilla.suse.com/1176722 https://bugzilla.suse.com/1176725 https://bugzilla.suse.com/1176732 https://bugzilla.suse.com/1176788 https://bugzilla.suse.com/1176789 https://bugzilla.suse.com/1176869 https://bugzilla.suse.com/1176877 https://bugzilla.suse.com/1176935 https://bugzilla.suse.com/1176950 https://bugzilla.suse.com/1176962 https://bugzilla.suse.com/1176966 https://bugzilla.suse.com/1176990 https://bugzilla.suse.com/1177027 https://bugzilla.suse.com/1177030 https://bugzilla.suse.com/1177041 https://bugzilla.suse.com/1177042 https://bugzilla.suse.com/1177043 https://bugzilla.suse.com/1177044 https://bugzilla.suse.com/1177121 https://bugzilla.suse.com/1177206 https://bugzilla.suse.com/1177291 https://bugzilla.suse.com/1177293 https://bugzilla.suse.com/1177294 https://bugzilla.suse.com/1177295 https://bugzilla.suse.com/1177296 From sle-security-updates at lists.suse.com Tue Oct 13 14:01:20 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 22:01:20 +0200 (CEST) Subject: SUSE-SU-2020:2913-1: moderate: Security update for crmsh Message-ID: <20201013200120.15F64FD12@maintenance.suse.de> SUSE Security Update: Security update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2913-1 Rating: moderate References: #1163581 #1176569 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fixed start_delay with start-delay(bsc#1176569) - fix on_fail should be on-fail(bsc#1176569) - config: Try to handle configparser.MissingSectionHeaderError while reading config file - ui_configure: Obscure sensitive data by default(bsc#1163581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2913=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.2.0+git.1602225426.5f84efb5-5.23.1 crmsh-scripts-4.2.0+git.1602225426.5f84efb5-5.23.1 References: https://bugzilla.suse.com/1163581 https://bugzilla.suse.com/1176569 From sle-security-updates at lists.suse.com Tue Oct 13 14:02:23 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 22:02:23 +0200 (CEST) Subject: SUSE-SU-2020:2911-1: critical: Security update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano, openstack-neutron, openstack-neutron-vpnaas, openstack-nova, openstack-sahara, python-Pillow, rubygem-crowbar-client Message-ID: <20201013200223.D842DFD12@maintenance.suse.de> SUSE Security Update: Security update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano, openstack-neutron, openstack-neutron-vpnaas, openstack-nova, openstack-sahara, python-Pillow, rubygem-crowbar-client ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2911-1 Rating: critical References: #1117080 #1154434 #1164140 #1171823 #1172450 #1173413 #1173416 #1173418 #1174583 #1175484 #965582 SOC-11352 SOC-11389 Cross-References: CVE-2016-0775 CVE-2018-17954 CVE-2018-18623 CVE-2018-18624 CVE-2018-18625 CVE-2019-15043 CVE-2020-10177 CVE-2020-10378 CVE-2020-10744 CVE-2020-10994 CVE-2020-11110 CVE-2020-12052 CVE-2020-13379 CVE-2020-1733 CVE-2020-17376 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes 15 vulnerabilities, contains two features is now available. Description: This update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano, openstack-neutron, openstack-neutron-vpnaas, openstack-nova, openstack-sahara, python-Pillow, rubygem-crowbar-client fixes the following issues: Security fixes included on this update: for ansible: - CVE-2020-1733,CVE-2020-10744: Fixed a race condition and insecure permissions which could have allowed another user on the node to gain control of the become user (bsc#1171823 and bsc#1164140). for grafana: - CVE-2020-11110, CVE-2018-18623, CVE-2018-18624, CVE-2018-18625: Fixed XSS vulnerabilities in dashboard due to an incomplete fix for CVE-2018-12099 for openstack-nova: - CVE-2020-17376: Fixed an issue in which live migration failed to update persistent domain XML (bsc#1175484) for python-pillow: - CVE-2016-0775: Fixed a buffer overflow in FliDecode.c (bsc#965582) - CVE-2020-10177: Fix-OOB-reads-in-FLI-decoding (bsc#1173413) - CVE-2020-10994: Fix-bounds-overflow-in-JPEG-2000-decoding (bsc#1173418) - CVE-2020-10378: Fix-bounds-overflow-in-PCX-decoding (bsc#1173416) for rubygem-crowbar-client: - CVE-2018-17954: Fixed an issue where provision leaks admin password to all nodes in cleartext (bsc#1117080) Non-security fixes included on this update: Changes in ansible: - Update CVE-2020-10744_avoid_mkdir_p.patch to include missing parts and rename to CVE-2020-1733_avoid_mkdir_p.patch to make it clear which CVE is fixed there (bsc#1164140) - Add CVE-2020-10744_avoid_mkdir_p.patch (bsc#1171823) to fix insecure temporary directory creation. Changes in crowbar-core: - Update to version 4.0+git.1600767499.0615a418f: * provisioner: check for client_user (SOC-11389) * crowbar: Also add access to /restricted/ in SSL vhost (SOC-11352) * crowbar: Allow hardware-installing -> discovering transition (noref) * crowbar: Add Restricted controller with API for restricted clients (bsc#1117080) * crowbar: Add complete list of states to Crowbar::State (noref) * provisioner: Remove the need for /updates/parse_node_data (noref) * crowbar: Create helper module to validate states (noref) * provisioner: Use new restricted API (bsc#1117080) * provisioner: Do not read /etc/crowbar.install.key from crowbar_joi (bsc#1117080) * provisioner: Remove use of privileged user for Windows machine (bsc#1117080) * provisioner: Use restricted client during provisioning (bsc#1117080) * provisioner: Use restricted client for crowbar_register (bsc#1117080) * provisioner: Drop /etc/crowbar.install.key bits from autoyast prof (bsc#1117080) * Avoid hardcoding machine-install user (bsc#1117080) * crowbar: Restrict admin access (bsc#1117080) - Update to version 4.0+git.1600416364.5a9286e31: * Whitelist fixed CVEs in travis (noref) * Disable cookbook tests (noref) Changes in crowbar-openstack: - Update to version 4.0+git.1599037255.25b759234: * horizon: Update configuration for Grafana 5.x Changes in grafana: - BuildRequire go1.14 explicitly - Add recompress source service - Add go_modules source service to create vendor.tar.gz containing 3rd party go modules. - Adjust spec to work for Grafana-6.7.4 - Adjust Makefile to work for Grafana-6.7.4 - Remove CVE-2019-15043.patch (merged upstream) - Remove CVE-2020-13379.patch (merged upstream) - Remove 0001-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch (merged upstream) - Update to version 6.7.4 (bsc#1172450, CVE-2018-18623, CVE-2018-18624, CVE-2018-18625, bsc#1174583, CVE-2020-11110) * Only allow 32 hexadecimal digits for the avatar hash * 6.7.3 cherry-picks (#23808) * Fix CI for pushing a multi-architecture manifest (#23327) * AzureMonitor: Fix Log Analytics and Application Insights for Azure China (#21803) (#22753) * Revert "grafana/data: PanelTypeChangedHandler API update to use PanelModel instead of panel options object [BREAKING] (#22754)" * Bumped version * Snapshots: Sanitize orignal url (#23254) * Plugins: Expose promiseToDigest (#23249) * Variables: Do not update variable from url when value is the same (#23220) * DashboardSave: Add new dashboard check (#23104) * Fix: reverted back to `import * as module` instead of using namespaces (#23069) * BackendSrv: Adds config to response to fix external plugins that use this (#23032) * DataLinks: make sure we use the correct datapoint when dataset contains null value. (#22981) * Fix mysterious Babel plugin errors (#22974) * Select: Fixed select text positition (#22952) * grafana/data: PanelTypeChangedHandler API update to use PanelModel instead of panel options object [BREAKING] (#22754) * Docs: Fix Broken Link (#22894) * Panels: Fixed size issue with panels when existing panel edit mode (#22912) * Azure: Fixed dropdowns not showing current value (#22914) * BackendSrv: only add content-type on POST, PUT requests (#22910) * Check if the datasource is of type loki using meta.id instead of name. (#22877) * CircleCI: Pin grabpl to 0.1.0 (#22904) * Design tweaks (#22886) * Rich history UX fixes (#22783) * AzureMonitor: support workspaces function for template variables (#22882) * SQLStore: Add migration for adding index on annotation.alert_id (#22876) * Plugins: Return jsondetails as an json object instead of raw json on datasource healthchecks. (#22859) * Backend plugins: Exclude plugin metrics in Grafana's metrics endpoint (#22857) * Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node (#22856) * Stackdriver: Fix GCE auth bug when creating new data source (#22836) * @grafana/runtime: Add cancellation of queries to DataSourceWithBackend (#22818) * Rich history: Test coverage (#22852) * Datasource config was not mapped for datasource healthcheck (#22848) * upgrades plugin sdk to 0.30.0 (#22846) * Rich History: UX adjustments and fixes (#22729) * TablePanel: Enable new units picker (#22833) * Fix dashboard picker's props (#22815) * Grafana-UI: Add invalid state to Forms.Textarea (#22775) * SaveDashboard: Updated modal design/layout a bit (#22810) * Forms: Fix input suffix position (#22780) * AngularPanels: Fixed inner height calculation (#22796) * Fix: fixes issue with headers property with different casing (#22778) * DataSourceWithBackend: use /health endpoint for test (#22789) * Chore: remove expressions flag and allow (#22764) * Core: Pass the rest of to props to Select (#22776) * Add support for sending health check to datasource plugins. (#22771) * Datasource: making sure we are having the same data field order when using mixed data sources. (#22718) * DashboardSave: Autofocus save dashboard form input (#22748) * @grafana/e2e: cherry picked 4fecf5a7a65f5b7b4c03fefb9a3da15cee938f02 (#22739) * CircleCI: Implement new release pipeline (#22625) * Toolkit: use fs-extra instead of fs (#22723) * What's new docs for 6.7 release (#22721) * Backend Plugins: use sdk v0.26.0 (#22725) * PanelInspector: Add Stats Tab (#22683) * Revert "Graph: Improve point rendering performance (#22610)" (#22716) * Docs: add rendering configuration in reporting (#22715) * reverting the changes that failed the e2e tests. (#22714) * Remove multiple occurrences of "before" (#22710) * Datasources: Update dashboards (#22476) * API: Fix redirect issues (#22285) * Explore: adds QueryRowErrors component, moves error display to QueryRow (#22438) * RichHistory: Design Tweaks (#22703) * Modals: Unify angular/react modals backdrop color (#22708) * Graphite: Don't issue empty "select metric" queries (#22699) * support duplicate field names in arrow format (#22705) * UX: Update new form styles to dark inputs (#22701) * Docs: Grammar corrections * Docs: Overcoming Grammatical errors (#22707) * Pass dashboard via angular directive (#22696) * Docs: Replace "API" by "Integration" key for PagerDuty (#22639) * Docs: Edited Enterprise docs (#22602) * CloudWatch: Expand alias variables when query yields no result (#22695) * Dependency: sdk's dataframe package renamed to data (#22700) * @grafana/e2e: include Cypress tsconfig in published package (#22698) * Graphite: Update config editor (#22553) * @grafana/e2e: fix runtime ts-loader errors with Cypress support files (#22688) * Docs: Add version note about Azure AD OAuth2 (#22692) * StatPanel: Return base color when there is no value set (#22690) * Send jsondata for Datasources on DatasourceConfig for backend plugins (#22681) * Explore: Rich History (#22570) * XSS: Fixed history XSS issue (#22680) * Fix caching problem (#22473) * on update for checkbox and switch (#22656) * Notification Channel: Make test button wider (#22653) * Backend plugins: Updates due to changes in SDK (#22649) * Make sure commit hook in FieldPropertiesEditor is invalidated when value changes (#22673) * Docs: Plugin.json: Fix property descriptions, add missing properties, add example (#22281) * Alerting: Fixed bad background color for default notifications in alert tab (#22660) * Webpack: Updated terser plugin (#22669) * Core: DashboardPicker improvements (#22619) * Storybook: Forms.Form docs (#22654) * Templating: Migrates some variable types from Angular to React/Redux (#22434) * Grafana UI: Fix Forms.Select onChangeWithEmpty (#22647) * Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo (#21879) * @grafana/e2e: install necessary dependencies for published package (#22657) * DashboardSave: Correctly overwrite dashboard when saving (#22650) * StatPanel: Fixes base color is being used for null values (#22646) * FieldOverrides: Add value mappings editor to standard config properties registry (#22648) * Docs: Update gauge.md (#22637) * Docs: Create Intro grafana (#22522) * Toolkit: wrap plugin signing stub with error checking (#22626) * @grafana/e2e: fix empty bundle files (#22607) * Toolkit: include a github release utility (#22520) * Rendering: Have phantomjs wait a bit before rendering to give fonts a change to load (#22623) * Cascader: Do not override default width behavior (#22620) * Update documentation-style-guide.md (#22581) * Adds signed in user to backend v2 plugins requests (#22584) * CloudWatch: updated namespaces - Athena, DocDB, and Route53Resolver (#22604) * Graph: Improve point rendering performance (#22610) * Alerting: Fix state age test failures (#22606) * Docs: Update image_rendering.md (#22586) * UI: Segment improvements (#22601) * remove section about alias imports (#22585) * Backend Plugins: Support handling of streaming resource response (#22580) * Stackdriver: Migrate GCE default project (#22593) * Toolkit: plugin ci needs to cooperate better with make/mage (#22588) * surround CloudWatch dimension names with double quotes (#22222) * Fix: when reloading page make sure that time picker history is converted to dateTime. * Core: add active users stat (#22563) * Chore: Modules tidy and vendor (#22578) * Loki: use series API for stream facetting (#21332) * Testing code owners for backend code (#22572) * Azure Monitor: config editor updates, update sameas switch, fix test snaps (#22554) * Grafana-UI: Use value for Radio group id (#22568) * Chore: fix moment import in alerting tests (#22567) * avoid aliased import in cli (#22566) * Chore: Avoid aliasing importing models in api package (#22492) * ShareModal: able to extend tabs (#22537) * Tests: fix alerting reducers tests (#22560) * Logs: Improve log level guess (#22094) * DataSourceWithBackend: apply template variables (#22558) * @grafana/e2e: added support for plugin repositories (#22546) * Add fallback to search_base_dns if group_search_base_dns is undefined. (#21263) * Docs: Added a Markdown Style Guide (#22425) * Old AsyncSelect: Add story (#22536) * Chore: add missing aria-label for rendered panel image (e2e tests) (#22543) * Form migrations: Dashboard- and TimeZonePicker (#22459) * Migration: Share dashboard/panel modal (#22436) * Revert "Select: scroll into view when navigate with up/down arrows (#22503)" (#22535) * Backend plugins: Prepare and clean request headers before resource calls (#22321) * Cascader: Add size for input (#22517) * ArrowDataFrame: allow empty results (#22524) * Migration: Save dashboard modals (#22395) * Toolkit: don't clean dist folder before build (#22521) * Docs: Add Storybook guidelines (#22465) * Docs: Removed menu links to SDK Reference until we are ready for 7.0 (#22509) * Stackdriver: Project selector (#22447) * Select: scroll into view when navigate with up/down arrows (#22503) * Elastic: To get fields, start with today's index and go backwards (#22318) * API: Include IP address when logging request error (#21596) * chore: avoid aliasing imports in services (#22499) * Grafana-UI: add storysource addon to Storybook (#22490) * canary 404 previous versions (#22495) * Fix Dockerfile lint errors (#22496) * Migration: Invite Signup (#22437) * Core: add hideFromMenu for child items (#22494) * Dashboard: Adds support for a global minimum dashboard refresh interval (#19416) * CI: Deploy enterprise image (#22488) * changelog: adds note about breaking change (#22480) * chore: avoid alias for models in plugins (#22483) * chore: avoid aliasing models in middleware (#22484) * Grafana UI: Add missing argument (#22487) * NewPanelEditor: Angular panel options, and angular component state to redux major change (#22448) * @grafana/ui: Create slider component (#22275) * Icons: add reports icon (#22445) * Panel inspect: Horizontal scrolling in Data table (#22245) * Alerting: Fixed the issue/bug of diff and percent_diff functions *Breaking change* (#21338) * App Plugins: support react pages in nav (#22428) * Optimized package.json files (#22475) * Toolkit: add junit reporting and jest.config.js to plugin build (#22450) * Grafana UI: Add forwardRef (#22466) * Docs: Update Getting started (#22422) * pkg/api/pluginproxy: Access token provider should handle access tokens without ExpiresOn field (#19928) * Documentation: Specify usage of datasource whitelist (#22412) * Form: Allow default values updates (#22435) * NewPanelEditor: Wait a bit before resending query result on panel editor exit (#22421) * Grafana-UI: update date picker (#22414) * grafana-cli: Upgrade to urfave/cli v2 (#22402) * Docs: adding first version of the auto-generated packages API docs. (#22107) * NewPanelEditor: Panel edit tweaks (#22415) * Core: Make application title customizable for WL (#22401) * Fix: making select to return empty list when no values are selected in multivalue mode. * Fix: Added missing "remove"-icon for light theme. * Docs: adding API reference documentation support for the packages libraries. (#21931) * Accessibility: Makes tag colors more accessible (#22398) * Admin: fix images on license page (#22413) * DataSourceWithBackend: Add a get/post resource standard path (#22408) * Docs: Fix examples, grammar, add links (#22406) * Docs: Add links, fix grammar, formatting, wording (#22381) * Changelog: adds missing enterprise features (#22399) * Docs: Add info on active LDAP sync (#22347) * Docs: Fixed formatting issue in new stat docs (#22390) * @grafana/toolkit: completed support for source maps in plugin builds (#22379) * UX: BackButton left arrow icon (#22369) * Scrollbar: Show scrollbar on only on hover (#22386) * NewPanelEditor: Fixed cleanup that could cause crash (#22384) * Theme: Fixed bug in sass file (#22382) * Alerting: Don't include image_url field with Slack message if empty (#22372) * Docs: New doc pages for panels Stat, Gauge & Bar Gauge (#22335) * Docs: Update front-end style guide (#22197) * Chore: Update latest.json (#22345) * CircleCI: Fix publishing of releases (#22342) * Changelog: v6.6.2 (#22341) * CircleCI: Switch to new master build pipeline (#22158) * Docs: Update white-labeling.md (#22224) * Webpack: Upgrade terser webpack plugin (#22332) * grafana/ui: Export TextArea under Forms namespace (#22328) * Suggesting couple of changes to the document (#22298) * Correcting Line 22 (#22292) * Docs: Fix "enable" steps formatting (#22324) * [Docs] Improvised instructions for adding data source. (#22305) * DashLinks: Add pull right to dropdown menu (#22233) * Migration: User invite (#22263) * Select: Fix focus issue and remove select container (#22309) * Annotations: Call panel refresh when table transform changes to annotations (#22323) * Docs: Couple of changes to the document (#22291) * Docs: Typo correction in Line 19 (#22297) * Rendering: Store render key in remote cache (#22031) * Backend Plugins: Provide proper plugin config to plugins (#21985) * New panel edit: data links tweaks (#22304) * Metrics: Add gauge for requests currently in flight (#22168) * OAuth: Enforce auto_assign_org_id setting when role mapping enabled using Generic OAuth (#22268) * CircleCI: Upgrade Ubuntu base image to 19.10 also for enterprise (#22315) * CI: check ubuntu and alpine images with trivy (#22314) * Docker: Upgrade Ubuntu to 19.10 (#22306) * grafana/data: runtime dependencies moved from devDependencies (#22283) * PanelInspector: Fixed issue in panel inspector (#22302) * grafana/ui: Add basic horizontal and vertical layout components (#22303) * Field Config Editors: Remove namespacing from standard field config editors (#22296) * CircleCI: Increase nodejs max memory (#22295) * Update rpm.md (#22284) * FieldConfigs: String select type & cell display mode added to table panel (#22274) * LinkSrv: Add newlines so I can read code * Docs: Fix TestData docs (#22279) * API: Improve recovery middleware when response already been written (#22256) * Update mac.md (#22280) * @grafana/toolkit: lint fix option now writes changes to disk (#22278) * Docs: minor fixes (#22223) * Reorder cipher suites for better security (#22101) * Docs: Minor typo fix (#22221) * NewPanelEdit: Add back datalinks and new table panel fix (#22267) * Prometheus: Implement region annotation (#22225) * Table: Fixed header alignment (#22236) * Data proxy: Log proxy errors using Grafana logger (#22174) * TimePicker: fixing weird behavior with calendar when switching between months/years (#22253) * Update timeseries.md (#20795) * Auth: Don't rotate auth token when requests are cancelled by client (#22106) * Elastic: Map level field based on config. (#22182) * Sqlstore: guard against getting a dashboard without specifying identi??? (#22246) * Migrations: Signup page (#21514) * Storybook: Add color theme and theme switcher (#22005) * NewPanelEditor: Making angular panels reuse data and render on edit mode enter (#22229) * PanelEdit: Title tweaks (#22237) * NewPanelEdit: Minor changes (#22239) * Chore: Fixed strict null errors (#22238) * NewPanelEditor: Thresholds v2 (#22232) * Toolkit: support sass style for plugins (#22235) * add CloudWatch Usage Metrics (#22179) * FieldOverrides: Fix issue with same series name for every display value (#22234) * Inspector: find the datasource from the refId, not the metadata (#22231) * New panel editor: Persist panel editor ui state (#22210) * Toolkit: don't create declaration files for plugins (by default) (#22228) * Docs: Update windows.md (#22185) * Docs: Add linking topic (#21986) * Docs: Refactored Enterprise side menu (#22189) * CircleCI: Push master Docker images without revision in tag (#22218) * Alerting: Update the types of recipient supported by the Slack notifier (#22205) * docs: change URL occurences to uppercase (#22151) * Docs: Fix link for provisioning data sources (#22159) * DevEnv: update frontend dependencies - tests (#22140) * DevEnv: update frontend dependencies - type definitions (#22141) * Make Explore panel link work when grafana served from sub url (#22202) * DevEnv: update frontend dependencies - node (#22139) * API: Fix redirect issue when configured to use a subpath (#21652) * Inspect: Inspect header design update (#22120) * FieldOverrides: FieldOverrides UI (#22187) * Azure OAuth: enable teamsync (#22160) * Docs: Organize basic concepts and getting started (#21859) * FieldOverides: apply field overrides based on configuration (#22047) * Docs: Suggesting few changes to the doc (#22115) * Docs: Update phrasing line 35 (#22152) * Docs: Correcting Typo in Line131 (#22155) * Dashboard: fixed padding inconsistency * BackendSrv: Fixes a stupid mistake with a missing return (#22177) * PanelEdit: Fixed timing and state related issues (#22131) * Elastic: Replace range as number not string (#22173) * change sync target branch to master (#21930) * e2e: Fixed issue with aria label (#22166) * Fix: Do not remove whitespace in PanelLink url (#22087) * React Migration: Migrates FolderPicker from angular to react (#21088) * Auth: Azure AD OAuth (#20030) * DevEnv: update frontend dependencies - grunt (#22136) * Bugfix: updates cloudwatch query editor test async render to prevent it from throwing error (#22150) * NewPanelEdit: Design tweaks (#22156) * TestData: Update streaming.json (#22132) * DevEnv: update frontend dependencies - babel (#22135) * Docs: Fix port config list formatting (#22113) * Explore: Refactor active buttons css (#22124) * Forms/Switch: Simplifies and adjusts CSS/Markup (#22129) * Datasource/Loki: Fixes issue where live tailing displayed date as invalid (#22128) * NewPanelEditor: Fixed issue going back to dashboard after pull page reload (#22121) * Loki, Prometheus: Fix PromQL and LogQL syntax highlighting (#21944) * NewPanelEdit: Added visualization tab / selection view (#22117) * Increase ts fork check mem limit (#22118) * NewPanelEditor: Panel editor tabs in state (url) (#22102) * Delete report.20200209.125304.14262.0.001.json * Annotation & Alerts: Makes various annotation and alert requests cancelable (#22055) * Select zindex (#22109) * Docs: Add doc templates (#21927) * Fix mentioning Slack users/groups (#21734) * Docs: Update rules.md (#21989) * Docs: Update metrics.md (#21988) * Docs: Update dashboard.md (#21951) * Docs: Added release notes tag (#22012) * Forms/RadioButtonGroup: Improves semantics and simplifies CSS (#22093) * Docs: add LDAP active sync limitation for single bind configuration (#22098) * Docs: Update behind_proxy.md to include HTTPS and URL rewrite example (#21832) * DataLinks: Avoid null exception in new edit mode (#22100) * Docs: Image rendering improvements (#22084) * Fix display of multiline logs in log panel and explore (#22057) * Fix/add width to toggle button group (#21924) * NewPanelEditor: Introduce redux state and reducer (#22070) * Prometheus: make $__range more precise (#21722) * New panel edit: data links edit (#22077) * Docs: fix minor typos in datasources.md (#22092) * Toolkit: add a warning about tslint migration (#22089) * Read `target` prop from the links in the footer (#22074) * CircleCI: Publish enterprise Docker dev image for new master pipeline (#22091) * CircleCI: Include build ID in version for new master pipeline (#22013) * Alerting: Handle NaN in reducers (#22053) * Toolkit: create manifest files for plugins (#22056) * Backend Plugins: make transform work again (#22078) * Docs: Fix broken link (#22010) * Docs: Fix formatting typo (#22067) * CircleCI: Publish enterprise ARM variants from master pipeline (#22011) * Chore: Adds cancellation to backendSrv request function (#22066) * Dashboard: Move some plugin & panel state to redux (#22052) * Docs: Clarify that extraction of zip is required to install plugin (#22061) * Chore: Fixes non utc tests (#22063) * Grafana ui/time of day picker ui improvements (#21950) * Links: Assure base url when single stat, panel and data links are built (#21956) * BackendSrv: Returns correct error when a request is cancelled (#21992) * Make zoom and time shift work after emmitter change (#22051) * New Editor: refresh when time values change (#22049) * New Editor: Add ValuePicker for overrides selection (#22048) * Collapse: add a controlled collapse (#22046) * Cascader: Fix issue where the dropdown wouldn't show (#22045) * New Editor: add display modes to fix ratio with actual display (#22032) * Chore: Use forwardRef in ButtonSelect (#22042) * DashNavTimeControls: remove $injector and rootScope from time picker (#22041) * New panel edit: field overrides ui (#22036) * Select: Portaling for Select (#22040) * New Select: Fix the overflow issue and menu positioning (#22039) * Upgrade: React layout grid upgrade (#22038) * PanelChrome: Use react Panel Header for angular panels. (#21265) * New Editor: add a tabs row for the query section (#22037) * New Editor: use unit picker (#22033) * Dashboard: Refactor dashboard reducer & actions (#22021) * New panel editor: Add title editor (#22030) * UnitPicker: Use the new Cascader implementation (#22029) * FieldEditor: extendable FieldConfig UI (#21882) * Cascader: Add enable custom value (#21812) * New panel edit: support scrolling (#22026) * Thresholds: get theme from context automatically (#22025) * New Panel Edit: works for panels with and without queries (#22024) * PanelEditor: use splitpane for new editor (#22022) * Select: Fixed allow custom value in Select/UnitPicker/Segment/AsyncSegment (#22018) * Chore: export arrow dataframe utilities (#22016) * TSLint ??? ESLint (#21006) * Docker: Publish enterprise image with master-commit tag (#22008) * Chore: Resolve random failure with golangci-lint (#21970) * New panel edit: don't query when entering edit mode (#21921) * Fix bad grammar in Dashboard Link page (#21984) * Update documentation-style-guide.md (#21736) * Prometheus: Allow sub-second step in the prometheus datasource (#21861) * Update latest.json versions to 6.6.1 (#21972) * Change log for 6.6.1 (#21969) * Datasource: updates PromExploreQueryEditor to prevent it from throwing error on edit (#21605) * Explore: Adds Loki explore query editor (#21497) * @grafana/ui: Fix displaying of bars in React Graph (#21968) * Prometheus: Do not show rate hint when increase function is applied (#21955) * Elastic: Limit the number of datapoints for the counts query (#21937) * Storybook: Update categories (#21898) * Quota: Makes sure we provide the request context to the quota service (#21949) * Docs: Documentation for 6.6 Explore and Logs panel features (#21754) * Annotations: Change indices and rewrites annotation find query to improve database query performance (#21915) * Prometheus: Fixes default step value for annotation query (#21934) * Dashboard edit: Fix 404 when making dashboard editable * Publish from new master pipeline (#21813) * Metrics: Adds back missing summary quantiles (#21858) * delete redundant alias (#21907) * grafana/ui: Fix displaying of bars in React Graph (#21922) * Docs: Added developer-resources.md (#21806) * Fix formatting (#21894) * New Select: Blur input on select (#21876) * Fix/add default props to prom query editor (#21908) * Graph Panel: Fixed typo in thresholds form (#21903) * Disable logging in button (#21900) * DatasourceEditor: Add UI to edit custom HTTP headers (#17846) * Datasource: Show access (Browser/Server) select on the Prometheus datasource (#21833) * Docs: Update dashboard.md (#21896) * Docs: Update dashboard.md (#21200) * Docs: Make upgrading instructions for Docker work (#21836) * deps so can mock in tests (#21827) * Templating: Add new global built-in variables (#21790) * Fix: Reimplement HideFromTabs in Tabs component (#21863) * grafana/data: Remove unused PanelSize interface (#21877) * New Select: Extend creatable select api (#21869) * Backend plugins: Implement support for resources (#21805) * Docker: change plugin path in custom docker (#21837) * Image Rendering: Fix render of graph panel legend aligned to the right using Grafana image renderer plugin/service (#21854) * Docs: Update _index.md (#21700) * grafana/toolkit: Fix failing linter when there were lint issues (#21849) * DatasourceSettings: Fixed issue navigating away from data source settings page (#21841) * AppPageCtrl: Fix digest issue with app page initialisation (#21847) * Explore: adds basic tests to TableContainer checking the render and output on 0 series returned * Explore: adds MetaInfoText tests * Explore: adds export of MetaItem and its props * Explore: updates TableContainer to use MetaInfoText component * Explore: updates Logs component to use MetaInfoText component * Explore: adds MetaInfoText component * Explore: removes unnecessary styles for panel logs * Explore: updates Table container render to avoid rendering table on empty result * Explore: updates explore table container to show a span on 0 series returned * docs/cli: Fix documentation of reset-admin-password with --homepath (#21840) * Replace ts-loader with Babel (#21587) * Docs: Add information about license expiration (#21578) * Fix digest issue with query part editor's actions menu (#21834) * Graphite: Fixed issue with functions with multiple required params and no defaults caused params that could not be edited (groupByNodes groupByTags) (#21814) * TimePicker: Should display in kiosk mode (#21816) * Chore: Upgrade Storybook to 5.3.9 (#21550) * Table: Make the height of the table include header cells (#21824) * StatPanels: Fixed migration from old singlestat and default min & max being copied even when gauge was disbled (#21820) * Docs: Update docker image run and configuration instructions (#21705) * DataFrame: update golden test files (#21808) * Docs: Alphabetize datasource names in sidebar under docs/Features/DataSources (#21740) * Inspect: Add error tab (#21565) * Select: Fix direct usages of react-select to make the scroll great again (#21822) * TablePanel: display multi-line text (#20210) * Fixed strict errors (#21823) * Fix: prevents the BarGauge from exploding when the datasource returns empty result. (#21791) * Select: Fix scroll issue (#21795) * Fix: Fixes user logout for datasourceRequests with 401 from datasource (#21800) * Azure Monitor: Fix Application Insights API key field to allow input (#21738) * Influxdb: Fix cascader when doing log query in explore (#21787) * Devenv: OpenTSDB dashboard (#21797) * MSI: License for Enterprise (#21794) * OpenTSDB: Add back missing ngInject (#21796) * Heatmap: Legend color range is incorrect when using custom min/max (#21748) * Config: add meta feature toggle (#21786) * Logs panel: Rename labels to unique labels (#21783) * Add link guide for installing new renderer (#21702) * Chore: Lowers strict error limit (#21781) * Chore: Removes Cypress record (#21782) * Docs: Document configuration of console, file and syslog log formats (#21768) * Annotations: Fixes this.templateSrv.replace is not a function error for Grafana datasource (#21778) * Fix typos in the communication documentation (#21774) * Chore: Fixes various strict null errors (#21763) * Forms: Allow custom value creation in async select (#21759) * Chore: bump react-select to 3.0.8 (#21638) * grafana/data: Add type for secure json in DataSourceAPI (#21772) * Influxdb: Fix issues with request creation and parsing (#21743) * Explore/Loki: Fix handling of legacy log row context request (#21767) * 6.6.0 latest (#21762) * Docs: Updates Changelog for 6.6.0 (#21753) * Docs: Update image rendering (#21650) * Docs: misc. nitpicks to the HTTP API docs (#21758) * Dashboard: fixes issue with UI not being re-rendered after moving dashboard * Dashboard: fixed issues with re-rendering of UI when importing dashboard (#21723) * Build: Added devenv docker block for testing grafana with traefik. * Update What's new in 6.6 (#21745) * Footer: Display Grafana edition (#21717) * BackendSrv: Fixes POST body for form data (#21714) * Docs: Update CloudWatch and Stackdriver docs for 6.6 (#21679) * BackendSrv: Adds missing props back to response object in datasourceRequest (#21727) * Explore: Fix context view in logs, where some rows may have been filtered out. (#21729) * Toolkit: add canvas-mock to test setup (#21739) * TablePabel: Sanitize column link (#21735) * Docs: Fix getting started links on Windows installation page (#21724) * Docs: Enterprise 6.6 (#21666) * Template vars: Add error message for failed query var (#21731) * Loki: Refactor editor and syntax hooks (#21687) * Devenv: Fixed devenv dashboard template var datasource (#21715) * Footer: added back missing footer to login page (#21720) * Admin: Viewer should not see link to teams in side menu (#21716) * Annotations: Fix issue with annotation queries editors (#21712) * grafana/ui: Remove path import from grafana-data (#21707) * Loki: Fix Loki with repeated panels and interpolation for Explore (#21685) * CircleCI: Add workflow for building with Grafana Build Pipeline (#21449) * StatPanels: Fixed possible migration issue (#21681) * Make importDataSourcePlugin cancelable (#21430) * Docs: Update what's new in 6.6 (#21699) * Docs: Fix broken link in upgrade notes (#21698) * Alerting: Support passing tags to Pagerduty and allow notification on specific event categories (#21335) * PhantomJS: Fix rendering of panels using Prometheus datasource * backendSrv: Only stringifies request body if payload isn't already a string (#21639) * Update changelog generation to ignore not merged pull requests (#21641) * StatPanel: minor height tweak (#21663) * Circle: Introduce es-check to branches & pr workflow (#21677) * Run query when region, namespace and metric changes (#21633) * Explore: Fixes some LogDetailsRow markup (#21671) * SQLStore: Fix PostgreSQL failure to create organisation for first time (#21648) * Migrations: migrate admin user create page (#21506) * Docs: Whats new updates (#21664) * CloudWatch: Auto period snap to next higher period (#21659) * Login: Better auto sizing of login logo (#21645) * Chore: Fixes PhantomJs by adding polyfills for fetch and AbortController (#21655) * Alert: Minor tweak to work with license warnings (#21654) * Toolkit: copyIfNonExistent order swapped (#21653) * Doc: Update configuration.md (#21602) * Explore: Fix log level color and add tests (#21646) * Templating: A way to support object syntax for global vars (#21634) * CloudWatch: Add DynamoDB Accelerator (DAX) metrics & dimensions (#21644) * next version 6.7.0 (#21617) * latest.jso: Update latest beta 6.6.0-beta1 (#21623) * Docs: Update changelog with attribution (#21637) * Docs: Updated what's new article (#21624) * Plugins: Apply adhoc filter in Elasticsearch logs query (#21346) * Changelog: v6.6.0-beta1 (#21619) * Chore: Remove angular dependency from backendSrv (#20999) * Emotion: Add main package with version 10 (#21560) * TestData: allow negative values for random_walk parameters (#21627) * Update musl checksums (#21621) * CloudWatch: Expand dimension value in alias correctly (#21626) * Devenv: InfluxDB logs dashboard (#21620) * Build: adds missing filters required to build oss msi (#21618) * BigValue: Updated test dashboard and made some chart sizing tweaks (#21616) * TestData: Adds important new features to the random walk scenario (#21613) * graphite: does not modify last segment when... (#21588) * grafana/ui: Add synced timepickers styling to TimePicker (#21598) * Explore: Remove destructuring of empty state in LogRowMessage (#21579) * Build: enables deployment of enterprise msi (#21607) * CI: MSI for Enterprise (#21569) * E2E docs: Add guide to debuging PhantomJS (#21606) * Toolkit: fix prettier error reporting (#21599) * Render: Use https as protocol when rendering if HTTP2 enabled (#21600) * Typescript: null check fixes, and news panel fix (#21595) * Inspect: table take full height in drawer (#21580) * OAuth: Fix role mapping from id token (#20300) * ButtonCascader: Fix error in Explore (#21585) * CloudWatch: Fix ordering of map to resolve flaky test take 2 (#21577) * Redux: Fixed function adding a new reducer (#21575) * Minor style changes on upgrade page (#21566) * Revert "Babel: use babel-loader instead of ts-loader, ng-annotate with babel-plugin-angularjs-annotate (#21554)" (#21570) * Explore: Context tooltip to copy labels and values from graph (#21405) * Config: Use license info instead of build info for feature toggling (#21558) * Fix merge problem (#21574) * CloudWatch: Fix ordering of map to resolve flaky test (#21572) * Docs: What's new in Grafana v6.6 Draft (#21562) * Explore: Create unique ids and deduplicate Loki logs (#21493) * Chore: Fix go vet problem (#21568) * Provisioning: Start provision dashboards after Grafana server have started (#21564) * CloudWatch: Calculate period based on time range (#21471) * Inspect: Download DataFrame to Csv (#21549) * CloudWatch: Multi-valued template variable dimension alias fix (#21541) * Babel: use babel-loader instead of ts-loader, ng-annotate with babel-plugin-angularjs-annotate (#21554) * Stackdriver: Support meta labels (#21373) * CI: Revert msi build (#21561) * Alerting: Fix image rendering and uploading timeout preventing to send alert notifications (#21536) * CI: adds missing files for ee msi (#21559) * CI: Enterprise MSI (#21518) * Add component: Cascader (#21410) * CloudWatch: Display partial result in graph when max DP/call limit is reached (#21533) * Dashboards: Default Home Dashboard Update (#21534) * Docs: Update rpm.md (#21547) * Docs: Update mac.md (#20782) * Templating: update variables on location changed (#21480) * Vendor: grafana-plugin-sdk-go v0.11.0 (#21552) * fix dateMath import in grafana-ui (#21546) * Explore/Loki: Filter expression only treated as regex when regex operator is used (#21538) * Fix TypeScript error (#21545) * Build: Ignore content of /pkg/extensions, not directory (#21540) * Update latest to 6.5.3 (#21509) * Explore: Ensures queries aren't updated when returning to dashboard if browser back is used (#20897) * Inspect: Use AutoSizer for managing width for content in tabs. (#21511) * Changelog generation: Generate grafana/ui changelog (#21531) * Toolkit: support less loader (#21527) * AppPlugin: remove simple app from the core repo (#21526) * @grafana/toolkit: cleanup (#21441) * DataFrames: add arrow test and capture metadata parsing errors (#21524) * DataLinks: allow using values from other fields in the same row (#21478) * grafana/data: Update plugin config page typings (BREAKING) (#21503) * Fix regex in convertCSSToStyle, add test coverage (#21508) * CloudWatch: Annotation Editor rewrite (#20765) * Admin: Add promotional page for Grafana Enterprise (#21422) * Add changelog for 6.5.3 * Backend Plugins: Collect and expose metrics and plugin process health check (#21481) * Auth: Rotate auth tokens at the end of requests (#21347) * Tabs: Hide Tabs on Page header on small screens (#21489) * Fix importing plugin dashboards (#21501) * SideMenu: Fixes issue with logout link opened in new tab (#21488) * DataLinks: Make data links input grow again (#21499) * Templating: use default datasource when missing (#21495) * Explore: Fix timepicker when browsing back after switching datasource (#21454) * Add disabled option for cookie samesite attribute (#21472) * Chore: Adds basic alerting notification service tests (#21467) * ImportDashboardCommand: Validate JSON fields (#21350) * Docs: add test for website build (#21364) * Fix: when clicking a plot on a touch device we won't display the annotation menu (#21479) * Backend Plugins: add a common implementation (#21408) * Alerting: new min_interval_seconds options to enforce a minimum eval frequency (#21188) * Panel: Use Tabs in panel inspector (#21468) * Docs: Update rpm install (#21475) * Alerting: Enable setting of OpsGenie priority via a tag (#21298) * Alerting: fallbackText added to Google Chat notifier (#21464) * Plugins: Move backend plugin manager to service (#21474) * Backend Plugins: Refactor backend plugin registration and start (#21452) * Admin: New Admin User page (#20498) * Docs: Update cli.md (#21470) * Fix: Tab icons not showing (#21465) * Chore: Add react-table typings to Table (#21418) * Login: Refactoring how login background is rendered (#21446) * StatPanel: Refactoring & fixes (#21437) * Chore: Migrates reducers and actions to Redux Toolkit (#21287) * DeleteButton: Button with icon only was not centered correctly. (#21432) * Logos: Refactoring a bit how logos are rendered (#21421) * Docs: Update documentation-style-guide.md (#21322) * More datasource funcs poc (#21047) * Docs: Update plugin installation and CLI (#21179) * Docs: Update debian.md (#21339) * Alerting: Adds support for sending a single email to all recipients in notification channel (#21091) * ThreemaNotifier: Use fully qualified status emoji (#21305) * Settings: Env override support for dynamic settings (#21439) * Security: refactor 'redirect_to' cookie to use 'Secure' flag (#19787) * Logs: Fix parsing for logfmt fields that have parens (#21407) * Improve documentation for the Prometheus data source (#21415) * Heatmap: fix formatting (#21433) * Docs: Fixed broken links of Datasource doc at Grafana plugin page (#21363) * ApiUser: Fix response when enabling, disabling or deleting a nonexistent user (#21391) * grafana/ui: Create Tabs component (#21328) * Inspector: support custom metadata display (#20854) * Table: Added text align option to column styles (#21175) * PluginPage: Add appSubUrl string to config pages url (#21414) * Docs: Remove comment about upcoming alerting for singlestat and table panels (#21416) * Footer: Single footer component for both react & angular pages (#21389) * API: Added alert state validation before changing its state (#21375) * AddDataSource: Added missing phantom plugin (#21406) * Plugins: Use grafana-plugin-sdk-go v0.5.0 (#21116) * UnitPicker: show custom units on load (#21397) * Cloud Watch: Standardize Config Editor Implementation (#20489) * CloudWatch: dimension_values templating fix (#21401) * Docs: explain how to setup the apt repo without helpers (#21194) * Build: prevent changes to pkg/extentions/main.go from throwing error on merge * TimeZones: fix utc test (#21393) * Build: package all binaries for enterprise (#21381) * Datasource: fixes prometheus datasource tests - adds align range * CircleCI: Testing upgrade to CircleCI 2.1 (#21374) * Storybook: Remove reference to jquery.flot.pie file from storybook config (#21378) * Cloudwatch: Fixed crash when switching from cloudwatch data source (#21376) * Docs: Added Squadcast notifications (#21372) * Chore: upgrade d3 (#21368) * Datasource: fix a bug where deleting data source will trigger save and test events (#21300) * Forms: revamped select (#21092) * Toolkit: add git log info to the plugin build report (#21344) * Docs: Use https scheme for Grafana playground links (#21360) * fix docs links (#21359) * AddDatasourcePage: Refactoring & more Phantom plugins (#21261) * Chore: Remove empty flot.pie file (#21356) * Docs: Fix link (#21358) * Docs: Fix InfluxDB templated dashboard link (#21343) * Rendering: Fix panel PNG rendering when using sub url & serve_from_sub_path = true (#21306) * NewsPanel: update default feed url (#21342) * docs: fix influxdb templated dashboard link (#21336) * Docs: Update Windows.md (#21333) * Arrow: don't export arrow... breaking phantomjs e2e test (#21331) * DataFrame: round trip metadata to arrow Table (#21277) * Prometheus: user metrics metadata to inform query hints (#21304) * Panel: disable edit/duplicate/delete entry for repeat panel (#21257) * Prometheus: Disable suggestions at beginning of value (#21302) * grafana/ui: Do not build in strict mode as grafana/ui depends on non-strict libs (#21319) * Docs: Update security.md (#20981) * @grafana/data: use timeZone parameter rather than isUtc (#21276) * Units: support dynamic count and currency units (#21279) * Docs: Added sudo and removed $ where inconsistent. (#21314) * ImgUploader: add support for non-amazon S3 (#20354) * Fix: tooltips value disappear when label has too long word (#21267) * Docs: Update provisioning.md (#21303) * Docs: Update alerting_notification_channels.md (#21245) * Loki: fix filter expression suggestions (#21290) * Prometheus: Fix label value suggestion (#21294) * Prometheus: Fix term completion that contain keywords (#21295) * Docs: Fixed broken links in Basic Concepts (#21035) * Docs: Edited Windows install instructions (#20780) * Docs: Update troubleshooting.md (#21244) * Fix internal links in http_api/dashboard.md (#21255) * Docs: Update README.md (#21274) * Docs: Fix aliases/redirects (#21241) * Docs: Document tracing.jaeger configuration (#21181) * Websockets: upgrade websocket libray to 1.4.1 (#21280) * FieldConfig: add thresholds and color modes (#21273) * Prometheus: improve tooltips (#21247) * Explore: Moves PromContext from query level to DataQueryRequest level (#21260) * BridgeSrv: do not strip base from `state.location.url` (#20161) * Graph: another tooltip fix (#21251) * Alerting: Add configurable severity support for PagerDuty notifier (#19425) * Graph: Fixed no value in graph tooltip (#21246) * Units: support farenheit (existing misspelling) (#21249) * Docs: fix typo (#21190) * Promtheus: Fix hint and error display for query rows (#21242) * Docs: fixed broken doc link for graph and table panels (#21238) * Docs: fix of broken doc link in the dashlist panel's help section (#21230) * Docs: Update the link to docs for singlestat (#21225) * Docks: Update provisioning.md with proper Slack settings (#21227) * Editor: Ignore closing brace when it was added by editor (#21172) * Explore: moves add query row button below query rows (#20522) * Explore: adds PrometheusExploreQueryEditor (#20195) * Simplify adjustInterval (#21226) * Sass: Checked in tmpl files * Table: Component progress & custom FieldConfig options (#21231) * Chore: remove StreamHandler and DataStreamState (#21234) * DashboardGrid: Fixed flickering while resizing (#21221) * docs: rename premium plugins to enterprise plugins (#21222) * NewsPanel: add news as a builtin panel (#21128) * grafana/toolkit: Readme update (#21218) * grafana/toolkit: Resolve modules correctly (#21216) * New bar gauge style: Unfilled (#21201) * Dashboard: new updated time picker (#20931) * Metrictank: fix bundled dashboard (#21209) * Tooltip: preventing xss injections via the colors variable. (#21203) * Livetailing: set table withd to 100% (#21213) * Docs: Fix broken link in debian.md (#21199) * Added back logo file (#21198) * Docs: fix ordering of apt setup (#21192) * Docs: Fix Azure ad generic OAuth code markdown formatting (#21189) * docs: rendering plugin required for reporting (#21162) * Chore: Fixes wrong e2e path in .gitignore (#21186) * e2e: Waits for login before moving forward (#21185) * PanelChrome: Mini refactor (#21171) * Tracing: Support configuring Jaeger client from environment (#21103) * @grafana/toolkit: webpack extend TS???JS (#21176) * [docs] Azure monitor link in templating (#21173) * grafana/toolkit: Add option to override webpack config (#20872) * Docs: Adds best practices after visit and a link back to e2e.md (#21117) * Changelog: Add PagerDuty breaking change (#21170) * DashboardGrid: Change grid margin to 8, to align to 8px grid (#21167) * Alerting: Add more information to webhook notifications (#20420) * Panel: Show inspect panel in Drawer instead of Modal (#21148) * Prometheus: Fix typehead after binary operators (#21152) * docs: always updates docker image before building docs site (#21165) * Table: Matches column names with unescaped regex characters (#21164) * DataLinks: Sanitize data/panel link URLs (#21140) * Dashboard: Only show resize-handle on hover (#21160) * PagerDuty: Fix custom_details to be a JSON object instead of a string (#21150) * grafana/ui: New table component (#20991) * e2e: Migrates query variable CRUD tests to new framework (#21146) * Chore: Upgrade react, react-dom, react-test-renderer versions (#21130) * Fix log row when query is short (#21126) * Prometheus: Display HELP and TYPE of metrics if available (#21124) * e2e: Updates truth image (#21132) * Cloudwatch ECS Container Insights Support (#21125) * FontSize: Change base font size to 14px (#21104) * Explore: Refactor log rows (#21066) * phantomjs: performance.getEntriesByType not supported (#21009) * New panel editor (behind feature toggle) (#21097) * e2e: Adds ScenarioContext and video recordings to e2e (#21110) * DashboardImport: Fixes broken import page in prod builds (#21101) * Dependencies: Bump npm from 6.9.0 to 6.13.4 (#21095) * Docs: Fix broken link in loki.md (#21098) * Dependencies: Upgrade grunt-contrib-compress to resolve issues with iltorb (#21096) * Update CODEOWNERS (#21093) * E2E: Testing recording e2e tests (#21094) * FieldConfig: set min/max automatically for gauge (#21073) * Postgres/MySQL/MSSQL: Adds support for region annotations (#20752) * Azure Monitor: Use default from datasource if not saved on dashboard/query (#20899) * Azure Monitor: Copy AM Creds to Log Analytics When Using Same As (#21032) * Docs: Add minimal hugo build, update docs README (#20905) * CI: Added junit test report (#21084) * UI: ConfirmButton component (#20993) * Angular/React: Migrates team creation form to react (#21058) * Templating: Fixes digest issues in Template Variable Editor (#21079) * OrgSwitcher: Fixed issue rendering org switcher even when it's not open (#21061) * Chore: Remove rejected files (#21072) * e2e: Uses should on first element after visit to prevent flakiness (#21077) * FieldConfig: support overrides model (#20986) * AngularPanels: fixed transparency issue (#21070) * Docs: Update configuration.md for #3349 (#21069) * OAuth: Removes send_client_credentials_via_post setting (#20044) * API: Validate redirect_to cookie has valid (Grafana) url (#21057) * Explore: Refactor log details table (#21044) * Prometheus: Prevents validation of inputs when clicking in them without changing the value (#21059) * Prometheus: Fixes so user can change HTTP Method in config (#21055) * MetricSegment: Fix metric segment UI crash in prod builds (#21053) * OpenTSDB: Adding lookup limit to OpenTSDB datasource settings (#20647) * Templating: Fixes default visibility for submenu to same as dashboard (#21050) * Create CODEOWNERS (#21045) * Elastic: Add data links in datasource config (#20186) * Alerting: Fix panic in dingding notifier (#20378) * Logs: Optional logs label column (#21025) * Chore: updated to latest stable version (#21033) * Docs: change log for release v6.5.2 (#21028) * Chore: Improve rendering logging (#21008) * Modules: Add patched goavro dependency for extensions (#21027) * Explore: Sync timepicker and logs after live-tailing stops (#20979) * Fix: Shows SubMenu when filtering directly from table (#21017) * Alerting: Fix template variable in query check (#20721) * Toolkit: remove unused plugin-ci report types (#21012) * MixedDatasources: Do not filter out all mixed data sources in add mixed query dropdown (#20990) * Docs: Change checkout to check out where necessary (#20926) * Promtheus: Improve tab completion (#20938) * build: adds IANA timezone info to windows build (#21001) * Loki: fix labels fetching when no initial range given (#21000) * Docs: Update datasource API examples (#20951) * UI: Segment fixes (#20947) * Stackdriver: Make service list searchable (#20989) * Remove un-used imports (#20937) * upgrade aws-sdk-go (#20957) * UI: ConfirmModal component (#20965) * Docs: Updates from puppeteer to Cypress (#20962) * e2e: Adds better log information during test runs (#20987) * Alert: If the permission is forbidden, keep the historical alarm data present. (#19007) * Graph: Add fill gradient option to series override line fill (#20941) * use https for fetch gravatar by default (#20964) * Prometheus: disable dynamic label lookup on big datasources (#20936) * Loki: Fix datasource config page test run (#20971) * Devenv: Fix loki block (#20967) * e2e: Replaces truth image (#20966) * Forms: introduce RadioButtonGroup (#20828) * Fix: Adds e2e as a package that needs to be built (#20961) * Make sure datasource variable is being used everywhere (#20917) * Refactor: Navigates directly to add data source page instead (#20959) * Alerting: Improve alert threshold handle dragging behavior (#20922) * DisplayProcessor: Interpret empty strings as NaN instead of 0 to support empty value map texts in Singlestat (#20952) * Prometheus: Refactor labels caching (#20898) * e2e: Uses Cypress instead of Puppeteer (#20753) * Renderer: Add user-agent to rendering plugin requests (#20956) * DataSource: remove delta option (#20949) * Elasticsearch: set default port to 9200 in ConfigEditor (#20948) * Loki: Remove appending of (?i) in Loki query editor if not added by user (#20908) * Datasource/Loki: Loki now goes to Logs mode when importing prom queries (#20890) * Cloudwatch: Defined explore query editor for cloudwatch (#20909) * Datasource/Loki: Empty metric name no longer replaced by query (#20924) * Revert "Modules: Add goavro dependency for extensions (#20920)" (#20928) * Docs: Update debian.md (#20910) * UI: Segment Input change (#20925) * Modules: Add goavro dependency for extensions (#20920) * UI: Segment Input (#20904) * Remove escaping of \ ( ) characters (#20915) * AngularPanels: Check for digest cycle on root scope (#20919) * InfluxDB: Use new datasource update option funcs (#20907) * Docs: Update debian-ubuntu installation instructions (#20875) * Search: Fixed angular digest issues (#20906) * Remove false positive error message for expression and id field (#20864) * fix notifications page (#20903) * Update documentation-style-guide.md (#20871) * Docs: update content to work with website repo (#20693) * Elastic: Fix multiselect variable interpolation for logs (#20894) * Singlestat: Fixed unit not showing and switched to new unit picker (#20892) * MetaAnalytics: Minor fix for meta analytics event (#20888) * Explore: Cleanup redundant state variables and unused actions (#20837) * Chore/Tech debt: Remove (most) instances of $q angular service use (#20668) * AngularPanels: Fixed loading spinner being stuck in some rare cases (#20878) * TeamPicker: Increase size limit from 10 to 100 (#20882) * Echo: mechanism for collecting custom events lazily (#20365) * StatPanel: change to beta * Azure Monitor: Standardize Config Editor Implementation (#20455) * GraphTooltip: added boundaries so we never render tooltip outside window. (#20874) * Graphite: Use data frames when procesing annotation query in graphite ds (#20857) * Elastic: Fix parsing for millisecond number timestamps (#20290) * Docs: Sync docs with website repo via GitHub Action (#20694) * Gauge/BarGauge: Added support for value mapping of "no data"-state to text/value (#20842) * UI: Use SelectableValue as Segment value (#20867) * Datasource/Loki: Fixes issue where time range wasn't being supplied with annotation query (#20829) * Server: Return 404 when non-pending invite is requested (#20863) * Explore: Fix reset reducer duplication (#20838) * CLI: Return error and aborts when plugin file extraction fails (#20849) * Datasource/Loki: Simplifies autocompletion (#20840) * Update README.md (#20820) * ValueFormats: dynamically create units (#20763) * @grafana/data: don't export ArrowDataFrame (#20855) * @grafana/data: export ArrowDataFrame (#20832) * Docs: Add section about derived fields for Loki (#20648) * Migration: Migrate org switcher to react (#19607) * Remove screencasts.md (#20845) * Update requirements.md (#20778) * Explore: Log message line wrapping options for logs (#20360) * AlertNotifier: Support alert tags in OpsGenie notifier (#20810) * Fix prettier (#20827) * Loki: Support for template variable queries (#20697) * Explore: Export timezone from redux state (#20812) * Forms: introduce checkbox (#20701) * OpenTsdb: Migrate Config Editor to React (#20808) * TablePanel, GraphPanel: Exclude hidden columns from CSV (#19925) * DataFrame: add utilities to @grafana/data that support apache arrow (#20813) * Panels: Fixed transparency option for angular panels (#20814) * CloudWatch: Upgrade aws-sdk-go (#20510) * Update documentation-style-guide.md (#20777) * Chore: Move Prometheus datasorce tests from specs folder and merge duplicated test files (#20755) * Profile: Remove sign-out tab from profile page (#20802) * Doc: Change inline comment on interface to doc comment (#20794) * Server: Fail when unable to create log directory (#20804) * Update stale.yml * Rename config.yaml to config.yml * GitHub: Add link to forum when adding new issue (#20798) * Datasource/Loki: Fixes regression where enhanceDataFrame was not called (#20660) * Updated changelog * Docs: Updated changelog * SQLStore: Test admins/editors/viewers stats validity (#20751) * Graph-Panel: Center option for bar charts (#19723) * Packages: Fixed rollup issue with grafana-ui (#20790) * Stalebot: update issue config (#20789) * Stalebot: Automatically label PRs with no activity after 14 days as stale, then after 30 days close (#20179) * StatPanel: ColorMode, GraphMode & JustifyMode changes (#20680) * Units: Remove SI prefix symbol from new milli/microSievert(/h) (#20650) * Graphite: Add metrictank dashboard to Graphite datasource (#20776) * Docs: Remove typo from mssql.md (#20748) * Navigation: Fix navigation when new password is chosen (#20747) * Cleanup: use the local variable (#20767) * Prometheus: Fix caching for default labels request (#20718) * Release: Updates latest.json and grafana/packages/*/package.json (#20734) * Release: Updates Changelog for 6.5.1 (#20723) * ReactMigration: Migrate Graphite config page to React (#20444) * SQLStore: Rewrite system statistics query to count users once (#20711) * Docs: Clean up influxdb.md (#20618) * CloudWatch: Region template query fix (#20661) * Units: remove unreachable code (#20684) * Tests: Skipping Template Variable tests for now (#20707) * Datasource/Loki: Fix issue where annotation queries weren't getting their variables interpolated (#20702) * Documentation: Add missing blank in docker run command (#20705) * Server: Defer wg.Done call to ensure it's called (#20700) * Fix: Fixes templateSrv is undefined for plugins that do not use @@ngInject (#20696) * Server: Clean up startup logic/error checking (#20679) * CloudWatch: Annotations query editor loading fix (#20687) * OAuth: Add missing setting from defaults.ini (#20691) * DataLinks: Refactor title state (#20256) * Forms: TextArea component (#20484) * Explore: Adjust the max-width of the tooltip (#20675) * Units: Add currency and energy units (#20428) * transform: update to use sdk with frame.labels moved to frame.[]field.labels (#20670) * dev: fix pre-commit typo in toolkit (#20673) * Docs: Update change user password payload in http api (#20666) * Chore: Sync defaults.ini with sample.ini (#20645) * Loki: Fix query error for step parameter (#20607) * Fix: Disable draggable panels on small devices (#20629) * Chore: Remove several instances of non-strict null usage (#20563) * StatPanel: Rename singlestat2 to stat (#20651) * Panels: Add support for panels with no padding (#20012) * CloudWatch: Docs updates after feedback (#20643) * Explore: Update docs with updated images (#20633) * Build: Update latest.json (#20638) * Forms: Introduce form field (#20632) * docs: update versions (#20635) * Changelog: 6.4.5 (#20625) * Changelog: 6.5.0 (#20620) * Docs: 6.5 update (#20617) * Chore: Improve grafana-server profiling and tracing (#20593) * grafana/toolkit: Update FAQ (#20592) * Forms: Introduce new Switch component (#20470) * E2E: Adds tests for QueryVariable CRUD (#20448) * Toolkit: Do not continue after compile error (#20590) * BarGauge/Gauge: Add back missing title option field display options (#20616) * VizRepeater/BarGauge: Use common font dimensions across repeated visualisations (#19983) * Update services.md (#20604) * Docs: CloudWatch docs fixes (#20609) * Changelog: Add v6.3.7 (#20602) * Cloudwatch: Docs improvements (#20100) * Fix: Wrong path when sending package build time (#20595) * CloudWatch: Fix high CPU load (#20579) * Explore: UI changes for split view and live tailing (#20516) * Explore: Keep logQL filters when selecting labels in log row details (#20570) * Instrumentation: Edition and license info to usage stats (#20589) * Metrics: Add metric for each package build time (#20566) * grafana/toolkit: Smaller output after successful upload (#20580) * Table: Use the configured field formatter if it exists (#20584) * TextPanel: Fixes issue with template variable value not properly html escaped (#20588) * Docs: Update Explore docs for 6.5 (time-sync button & log details) (#20390) * Explore: UI changes for derived fields (#20557) * Docker: Custom dockerfiles, docker and image rendering docs update (#20492) * Tooltip: Fix issue with tooltip throwing an error when retrieving values (#20565) * Changelog: Reference a few more issues that were fixed (#20562) * Enable theme context mocking in tests (#20519) * Chore: Remove angular dependency from prometheus datasource (#20536) * Build: Verify checksums when downloading PhantomJS (#20558) * DevEnv: updates nodejs from 10.x to 12.x and golang to 1.13 in ci-deploy dockerfile. (#20405) * Explore: updates responsive button to pass all the div element props * Explore: fixes explore responsive button ref * Explore: adds a ref to responsive button * Explore: updates responsive button to forward ref * Explore: UI fixes for log details (#20485) * Document required Go version in developer guide (#20546) * UserTableView: Show user name in table view (#18108) * CloudWatch: enable min_interval (#20260) * CI: fix release script remove filtering (#20552) * Update dashboards (#20486) * CI: Build all platforms for Enterprise (#20389) * Alerting: Propagate failures to delete dashboard alerts (#20507) * Cloudwatch: Fix LaunchTime attribute tag bug (#20237) * Fix: Prevents crash when searchFilter is non string (#20526) * docs: what's new fixes (#20535) * What's new in 6.5 - adding CloudWatch topics (#20497) * grafana/ui: Expose Icon component (#20524) * Backend plugins: Log wrapper args formatting fix (#20521) * Build: Clean up scripts/grunt/options/phantomjs.js (#20503) * MySql: Fix tls auth settings in config page (#20501) * Backend plugins: Log wrapper args formatting (#20514) * CloudWatch: Remove HighResolution toggle since it's not being used (#20440) * API: Optionally list expired keys (#20468) * Image-rendering: Cleanup of rendering code (#20496) * Build: Reports times and outcomes from CircleCI jobs (#20474) * Chore: Upgrade prettier for grafana-toolkit (#20476) * TimePicker: Fixed update issue after plugin uses getLocationSrv().update (#20466) * Docs: Add explore images to What's new in v6.5 (#20442) * Chore: Bumps prettier version for new typescript syntax support (#20463) * handle PartialData status (#20459) * CloudWatch: Make sure period variable is being interpreted correctly (#20447) * Forms: New Input component (#20159) * UsersPage: Removed icon in external button (#20441) * Build: Fix RPM verification (#20460) * Dashboard Migrator: persist thresholds param if already set (#20458) * Docs: Fix developer guide link (#20434) * Fix package signing (#20451) * Build: Fix signing (#20450) * transform: changes to support sdk v0.2.0 (#20426) * Reporting: Handle timeouts in rendering (#20415) * Build: Upgrade build-container Docker image version (#20443) * Upgrade build-container image (#20438) * Provisioning: Fix unmarshaling nested jsonData values (#20399) * Fail when server is unable to bind port (#20409) * Devenv: Fix integration of postgres and fake-data-gen containers (#20329) * Util: Modify SplitHostPortDefault not to return an error for empty input (#20351) * InfluxDB: convert config editor to react (#20282) * Packages: stable release tags update (#20417) * Chore/Go-dep: change sdk to use new tag (#20422) * Chore: Log actual error when oauth pass thru fails (#20419) * Grafana/Loki: Adds support for new Loki endpoints and metrics (#20158) * Chore: Fix error caused by typescript upgrade (#20408) * Chore: Upgrade typescript to 3.7 (#20375) * NavLinks: Make ordering in navigation configurable (#20382) * Fix flot overriding onselectstart/ondrag events (#20381) * Docs: Updates docs for redux framework (#20377) * chore: fix "testing" version is latest.json (#20398) * transform_plugin: stop plugin when grafana stops (#20397) * Chore: Update latest.json (#20393) * Docs: What's new in Grafana v6.5 Draft (#20368) * Update changelog for v6.5.0-beta1 (#20350) * Chore: Move and wrap Cascader component to @grafana/ui (#20246) * MySql: Fix password regression in MySQL datasource (#20376) * CloudWatch: Datasource improvements (#20268) * grafana/toolkit: remove aws-sdk and upload to grafana.com API endpoint (#20372) * LDAP: last org admin can login but wont be removed (#20326) * Devenv: Replace deprecated SQL Server docker image (#20352) * DataFrame processing: Require table rows to be array (#20357) * grafana/ui: Add Icon component (#20353) * Telegram: Check error before adding defer close of image (#20331) * ValueFormats: fix description for dateTimeAsUS (#20355) * Fix alert names in dev dashboard (#20306) * Docs: Getting started edits (#19915) * Bus: Remove unused wildcard handlers and clean up tests (#20327) * Explore: updates breakpoint used to collapse datasource picker * Elastic: Fix Elastic template variables interpolation when redirecting to Explore (#20314) * transform_plugin: pass encoded dataframes through (#20333) * Links: Updated links to grafana.com (#20320) * Avatar: Don't log failure to add existing item to cache (#19947) * Devenv: Enable tracing for loki docker block (#20309) * Build: adds make target run-frontend (#20227) * Devenv: fix kibana in elastic7 docker block (#20308) * Build: Fix Docker builds (#20312) * Devenv: Add nginx_proxy_mac/nginx_login_only.conf (#20310) * Build: Build Ubuntu based Docker images also for ARM (#20267) * Devenv: fix connection in elastic 5 and 6 blocks (#20304) * Prometheus: Adds hint support to dashboard and fixes prometheus link in query editor (#20275) * Explore: Fix always disabled QueryField for InfluxDB (#20299) * Docker blocks: Add loki blocks for loki releases (#20172) * Explore: Fix interpolation of error message (#20301) * PanelLinks: fixed issue with old panel links and grafana behind a subpath (#20298) * ColorPicker: Fixes issue with ColorPicker disappearing too quickly (#20289) * Configuration: Update root_url to reflect the default value (#20278) * Templating: Made default template variable query editor field a text area with dynamic automatic height (#20288) * Transformations: filter results by refId (#20261) * PanelData: Support showing data and errors in angular panels (#20286) * Fix: URL Encode Groupd IDs for external team sync (#20280) * Build: Collect frontend build time metric (#20254) * Datasource: fixes prometheus metrics query query field definition (#20273) * Update version (#20271) * Admin: Adds setting to disable creating initial admin user (#19505) * Tests: We should not click on default button when there is only one ds (#20266) * AuthProxy: additions to ttl config change (#20249) * Graphite: add metrictank meta in response (#20138) * Docker: Add dependencies to support oracle plugin in alpine (#20214) * ReactMigration: Migrate Prometheus config page to React (#20248) * Templating: highlight first item when searching a variable dropdown (#20264) * e2eTests: Adds cleanup of created datasource and dashboard (#20244) * Gauge Panel: fix the default value of thresholds cannot be modified (#20190) * AuthProxy: Can now login with auth proxy and get a login token (#20175) * DataFrame: move labels to field (#19926) * Add Dockerfiles for Ubuntu (#20196) * Graph: Fixed no graph in panel edit mode (#20247) * Explore: Configure explore series colours via field config (#20239) * LDAP: Fixing sync issues (#19446) * Docs: Added alias for old reporting page location (#20238) * ReactPanels: Adds Explore menu item (#20236) * Elasticsearch: Support rendering in logs panel (#20229) * Alerting: Add alert_state to the kafka message Fixes #11401 (#20099) * Graph: introduce Tooltip to React graph (#20046) * @grafana/runtime: Expose datasourceRequest in backendSrv * Auth Proxy: replace ini setting ldap_sync_ttl with sync_ttl (#20191) * DevEnv: updates prometheus random data golang image to 1.13.0 * Provisioning: fix for cannot save provisioned dashboard (#20218) * DisplayProcessor: improve time field support (#20223) * Docs: Adding how to use plugin version, through docker env variable (#19924) * Docs: Add docs abooout time range URL query params (#20215) * MixedQuery: refactor so other components could also batch queries (#20219) * SharedQuery: don't explode when missing logo (#20187) * LDAP: Interpolate env variable expressions in ldap.toml file (#20173) * Chore: Update latest.json (#20216) * build: Ignore Azure test snapshot for msi build (long file name) (#20217) * Explore: fixes toolbars datasource selector and date picker responsiveness (#19718) * Logs Panel: Generate valid logQL for multi-select template variable (#20200) * Fix when only icon is present (#20208) * TablePanel: Prevents crash when data contains mixed data formats (#20202) * OAuth: Make the login button display name of custom OAuth provider (#20209) * Explore: Add custom DataLinks on datasource level for Loki (#20060) * QueryField: Prevent query runs on blur in Explore (#20180) * Azure Monitor: Datasource Config Type (#20183) * PluginLoader: export classes on @grafana/ui (#20188) * Changelog: 6.4.4 release (#20201) * CLI: Reduce memory usage for plugin installation (#19639) * DataLinks: fix syntax highlighting not being applied on first render (#20199) * SafeDynamicImport: Updates so that it does not act as an ErrorBoundary (#20170) * grafana/data: Make display processor work with time fields (#20174) * update triggers to use new deployment_tools location (#20194) * mysql: fix encoding in connection string (#20192) * pkg/util: Replace custom pbkdf2 implementation by maintained version (#19941) * Datasource/Elasticsearch: Fix logs which were displayed with incorrect timestamp in Explore logs tab (#20009) * Error Handling: support errors and data in a response (#20169) * OAuth: Generic OAuth role mapping support (#17149) * sdk: update to latest (#20182) * Docs: Add introduction to time series (#20068) * Docs: Simplify headings and make active (#20163) * Docs: Add "the" to license reference in README (#20167) * LDAP: All LDAP servers should be tried even if one of them returns a connection error (#20077) * Dashboards: add panel inspector (#20052) * Docker: Reduce layers in build container and modified initialization of PATH env in final container (#20132) * Docs: Display panels alphabetically (#20130) * Docs: Updates getting_started.md for spelling mistake "configuered" to "configured" (#20027) * fix: modifying AWS Kafka dimension names to correct ones (#19986) * Templating: Makes so __searchFilter can be used as part of regular expression (#20103) * Dashboard Editor: use chevron icon rather than > (#19588) * Docs: update datasources that support alerting (#20066) * Units: Add milli/microSievert, milli/microSievert/h and pixels (#20144) * Toolkit: copy full directory structure for img,libs,static (#20145) * Heatmap: Insert div to fix layout (#20056) * Build: adds the pkg/errors dependency that was missing from go.mod (#20143) * Explore: Memory leak fix due to dedup selector (#20107) * DataLinks: Fix access to labels when using Prometheus instant queries (#20113) * PluginLoader: fix imports for react-redux (#19780) * LDAP Debug: No longer shows incorrectly matching groups based on role (#20018) * Licensing service (#19903) * Explore: Add titles to query row action buttons (#20128) * Graph: Added series override option to have hidden series be persisted (#20124) * grafana/ui: Drawer component (#20078) * Depedency: Bump crewjam/saml to the latest master (#20126) * grafana/ui: fix button icon styles (#20084) * Explore: UI change for log row details (#20034) * api/dashboard: fix panic on UI save (#20137) * grafana/toolkit: Fixup save artifacts in a zip id in the folder (#20071) (#20139) * Docs: Fix InfluxDB Typos (#20004) * Docs: Data Sources subsection naming (#20127) * Docs: Update basic_concepts.md (#20102) * GEL: include the expression count in the request (#20114) * GEL: wrap arrow utils in async load (#20134) * grafana/toolkit: save artifacts in a zip id in the folder (#20123) * remove editor keys and null coalescing (#20115) * Emails: Update notification templates (#19662) * Docs: Ordering and formatting of datasources in docs (#19485) * Docs: Improve remote image renderer documentation (#20031) * Add devenv block for apache proxy working for Mac (#20119) * Allow saving of provisioned dashboards (#19820) * Update Azure AD instructions in generic-oauth.md (#20091) * Docs: Fixed a broken link to LogQL in the docs (#20106) * Explore: Fix deferred rendering of logs (#20110) * Templating: Adds typings to Variables (#20117) * Chore: Reorg packages (#20111) * Chore: Moves QueryField to @grafana/ui (#19678) * Docs: Consolidate backend guidelines (#19823) * transform: add expressions to query editor (w/ feature flag) (#20072) * DataSource: don't filter hidden queries automatically (#20088) * Docker: makes it possible to parse timezones in the docker image (#20081) * Plugins: Transform plugin support (#20036) * Add data link from panel to cloudwatch console (#20061) * DataLinks: Fix blur issues (#19883) * Explore: Remove datasource testing on selector (#19910) * Grafana/ui: Refactor button and add default type = button (#20042) * Add some typings for react events (#20038) * PanelQuerRunnerrremove logging (#20073) * Enable errcheck for golangci-lint (#19976) * DataLinks: Implement javascript callback (#19851) * Chore: correct typo in word Fahrenheit (#20040) * ReactMigration: Migrate Loki and Elastic config pages to React (#19979) * api: new v2 metrics query endpoint * Forms: Introduce new Primary, Secondary and Destructive buttons (#19973) * grafana/ui: Fix modal component (#19987) * WIP: Spawn backend plugins v2 (#19835) * build: Fix building of Enterprise Docker images (#19992) * Docker: Build and use musl-based binaries in alpine images to resolve glibc incompatibility issues (#19798) * PluginPage: replace plugin absolute url with relative (#19956) * Add info about static files (#19965) * Explore: Change loading state to done after live-tailing stops (#19955) * pkg/util: Check errors (#19832) * Core: Show browser not supported notification (#19904) * grafana/toolkit: Support js plugins (#19952) * Forms: Introduce typographic form elements (#19879) * SingleStat: apply mappings to no data response (#19951) * Docs: Clean up contribute docs (#19716) * pkg/models: Check errors (#19839) * pkg/setting: Check errors (#19838) * pkg/tsdb: Check errors (#19837) * Docs: Document Makefile (#19720) * Explore: Add functionality to show/hide query row results (#19794) * pkg/services: Check errors (#19712) * API: Fix logging of dynamic listening port (#19644) * Cloudwatch: Make it clear that role switching is not supported (#19706) * Update Apache configuration to work with MPMs as shared modules (#19900) * Cloudwatch: Lowercase Redshift Dimension entry for service class and stage (#19897) * Units: Added mega ampere and watt-hour per kg Units (#19922) * Clarify use of custom.ini on deb/rpm platforms (#19939) * Update ISSUE_TRIAGE.md (#19942) * docs: improved setup instructions for reporting (#19935) * grafana/ui: Enable mdx imports in stories (#19937) * Refactor: Suggestion plugin for slate (#19825) * grafana/ui: Enable storybook docs (#19930) * Fix: Correct color on TagItems (#19933) * Dependencies: Update yarn.lock (#19927) * Chore: Updates yarn.lock (#19919) * pkg/plugins: Only warn if plugins fail to load. Fixes #19846 (#19859) * Chore: Bump storybook to 5.2.4 (#19895) * QueryEditor: move QueryEditorRows to its own component (#19756) * ReactMigration: Migrate DataSource HTTP Settings to React (#19452) * TemplateVariables: Introduces $__searchFilter to Query Variables (#19858) * Forms: Introduce new spacing variables to GrafanaTheme (#19875) * Forms: Introduce new color variables to GrafanaTheme (#19874) * Chore: Bump Angularjs 1.6.6 -> 1.6.9 (#19849) * Update documentation.md * Edited Contribute docs * devenv: have bra watch attempt graceful shutdown (#19857) * Release: Update latest (#19866) * DataFrame: guess number field when on NaN (#19833) * Loki: Remove param (#19854) * InputDataSource: Fixed issue with config editor (#19818) * Fix: Unsubscribe from events in dashboards (#19788) * Explore: Add unit test to TimeSyncButton (#19836) * build: update scripts go.(mod|sum) (#19834) * Loki: Return empty result if no valid targets (#19830) * DataLinks: Fix url field not releasing focus (#19804) * Alerting: All notification channels should always send (#19807) * @grafana/toolkit: Check if git user.name config is set (#19821) * pkg/middleware: Check errors (#19749) * Fix: clicking outside of some query editors required 2 clicks (#19822) * pkg/cmd: Check errors (#19700) * grafana/toolkit: Add font file loader (#19781) * Select: Allow custom value for selects (#19775) * Docs: Add database architecture docs (#19800) * Call next in azure editor (#19799) * grafana/toolkit: Use http rather than ssh for git checkout (#19754) * DataLinks: Fix context menu not showing in singlestat-ish visualisations (#19809) * Elasticsearch: Adds support for region annotations (#17602) * Docs: Add additional capitalization rules (#19805) * Docs: Add additional word usage rule (#19812) * Update aws-sdk-go (#19138) * Dashboard: Allows the d-solo route to be used without slug (#19640) * pkg/bus: Check errors (#19748) * Panels: Fixes default tab for visualizations without Queries Tab (#19803) * Chore: Refactor grafana-server (#19796) * Add missing info about stylesFactory * Types: Adds type safety to appEvents (#19418) * Docs: Split up Sharing topic (#19680) * Update README.md (#19457) * Docs: Link to architecture docs from Developer guide (#19778) * toolkit linter line number off by one (#19782) * pkg/plugins: Check errors (#19715) * Explore: updates live button to responsive button * Explore: fixes live button margin * Explore: fixes a responsive fold of live tailing button * updated live tailing text * updated live tail button - responsive fold * updated toolbar - added media query for tail buttons * Docs: Add docs on services (#19741) * fix: export Bus on search service (#19773) * Chore: Refactor GoConvey into stdlib for search service (#19765) * Quick typo fix (#19759) * Docs: Fixes go get command in developer guide (#19766) * Datasource: Add custom headers on alerting queries (#19508) * Docs: Add API style/casing rule (#19627) * Explore: updates clear all button to responsive button (#19719) * pkg/infra: Check errors (#19705) * Docs: Update Prometheus Custom Query Parameters docs. (#19524) * Docs: Fix playlist layout issues (#19739) * Docs: Update instructions and flows in Playlist.md (#19590) * pkg/components: Check errors (#19703) * UX: Fix empty space in select (#19713) * pkg/login: Check errors (#19714) * enforce GO111MODULE=on when running make run (#19724) * Docs: Add Troubleshooting section to Developer guide (#19721) * Update README.md (#19551) * Singlestat: Fixed issue with mapping null to text (#19689) * Don't truncate IPv6 addresses (#19573) * Tests: Fix runRequest test (#19711) * Docs: Update pkg\README.md (#19615) * Feature: Adds connectWithCleanup HOC (#19629) * Docs: Add "repository" case, and "open source" to style guide * React group by segment poc (#19436) * Graph: make ContextMenu potitioning aware of the viewport width (#19699) * pkg/api: Check errors (#19657) * Explore: Synchronise time ranges in split mode (#19274) * build: use vendored packages for circle backend tests (#19708) * Docs: Add correct casing for API and ID to style guide (#19625) * API: added dashboardId and slug in response after import (#19692) * Docs: Simplify README (#19702) * Docs: Move dev guide from README (#19707) * Explore: Expand template variables when redirecting from dashboard panel (#19582) * Alerting: Fix dates stored in local time when pausing alerts (#19525) * Explore/UI: Removes unnecessary grafana-info-box wrapper around InfluxCheatSheet (#19701) * Docs: Updating to 6.4.0 (#19698) * Chore: Fixes lines that exceeded 150 chars (#19694) * Chore: Updates latest.json for 6.4.2 (#19697) * Chore: Updates Changelog for 6.4.2 (#19696) * Docs: Update folder.md (#19674) * build: use vendor folder for building (#19677) * Table: Proper handling of json data with dataframes (#19596) * SharedQuery: Fixed issue when using rows (#19610) * SingleStat: Fixes $__name postfix/prefix usage (#19687) * Chore: Upgrade Docker images to Go 1.13.1 (#19576) * Grafana Image Renderer: Fixes plugin page (#19664) * Units: consistent Meter spelling and abbreviations (#19648) * CloudWatch: Changes incorrect dimension wmlid to wlmid (#19679) * Loki: Fix lookup for label key token (#19579) * Documentation: Fix time range controls formatting (#19589) * Docs: Add additional style rules (#19634) * De-duplicate `lint-go` step (#19675) * Docs: Update keyboard shortcuts formatting (#19637) * AzureMonitor: Alerting for Azure Application Insights (#19381) * ci-build: Improve build-deploy script (#19653) * Rename live option in queries (#19658) * Docs: Update README.md (#19456) * Docs: Update typos, make docs more consistent. (#19633) * Docs: Fix operating system names (#19638) * Docs: Move issue triage docs to contribute (#19652) * DataFormats: When transforming TableModel -> DataFrame -> Table preserve the type attribute (#19621) * Graph: Updated auto decimals logic and test dashboard (#19618) * Graph: Switching to series mode should re-render graph (#19623) * Revert "Feature: Adds connectWithCleanup HOC (#19392)" (#19628) * Feature: Adds connectWithCleanup HOC (#19392) * Panels: Progress on new singlestat / BigValue (#19374) * Units: fixed wrong id for Terabits/sec (#19611) * Docs: General improvements to docs, and a fix in oauth (#19587) * Docs: Replace ampersands with and (#19609) * Profile: Fix issue with user profile not showing more than sessions some times (#19578) * Azure Monitor : Query more than 10 dimensions ( Fixes #17230 ) (#18693) * Login: Show SAML login button if SAML is enabled (#19591) * UI: Adds Modal component (#19369) * Prometheus: Fixes so results in Panel always are sorted by query order (#19597) * Docs: Improve guides for contributing (#19575) * Migration: Migrates Admin settings from angular to react (#19594) * Chore: Converts HelpModal from angular to react (#19474) * Fix typo (#19571) * Chore: Upgrade to Go 1.13 (#19502) * Explore: Move data source loader into the select (#19465) * Release: Fix issue with tag script on osx (#19557) * Release: Update latest (#19559) * Docs: Updates about Loki annotations (#19537) * Theme: follow-up fix for snapshot * UI: Centers the filter tags in input field (#19546) * Update README.md (#19515) * Docs: Updated changelog (#19558) * Theme: fix theme issue * Provisioning: Handle empty nested keys on YAML provisioning datasources (#19547) * Docs: updates to what's new in 6.4 (#19539) * Loki: remove live option for logs panel (#19533) * Chore: Updates to 6.4.0 stable (#19528) * CloudWatch: Add ap-east-1 to hard-coded region lists (#19523) * ChangeLog: Release 6.4.0 Stable (#19526) * Docs: Add notice about plugins that need updating (#19519) * Panels: Skip re-rendering panel/visualisation in loading state (#19518) * Docs: LDAP Debug View documentation (#19513) * Docs: reports feature (#19472) * SeriesOverrides: Fixed issue with color picker * Build: Fix building when $LDFLAGS is set (#19509) * API: Add `createdAt` and `updatedAt` to api/users/lookup (#19496) * Fix logs panel image path * Logs: Publish logs panel (#19504) * Explore: Update broken link to logql docs (#19510) * Chore: Remove console.log (#19412) * Refactor: Split LogRow component (#19471) * Build: Upgrade go to 1.12.10 (#19499) * CLI: Fix version selection for plugin install (#19498) * Upgrade grafana-plugin-model (#19438) * grafana-ui: Moves slate types from devDependencies to dependencies (#19470) * Docs: Improve guide descriptions on docs start page #19109 (#19479) * Explore: Generate log row uid (#18994) * Editor: Brings up suggestions menu after clicking suggestion (#19359) * Docs: Add Live tail section in Explore (#19321) * Docs: Add guide for developing on macOS (#19464) * API: Add createdAt field to /api/users/:id (#19475) * Docs: Updated heading to sentence case (#19450) * grafana/toolkit: Remove hack to expose plugin/e2e exports & types (#19467) * Testdata: Rename package to circumvent convention in go (#19409) * Docs: Update package's manual release guide (#19469) * Users: revert LDAP admin user page (#19463) * Explore: Take root_url setting into account when redirecting from dashboard to explore (#19447) * Refactor: RefreshPicker export things as statics on class (#19443) * grafana/ui: Fix value time zone names to be capitalized (#19417) * Release: Make sure packages are released from clean git state (#19402) * Docs: Add styling.md with guide to Emotion at Grafana (#19411) * Docs: Update SECURITY.md (#19385) * Debt: Simplifies actionCreatorFactory (#19433) * Update PLUGIN_DEV.md (#19387) * Release: Create cherrypick task work for enterprise repo (#19424) * Theme: Generate colors SASS * DisplayFormat: use toLocaleString for infinity * Docs: Update Loki docs with new syntax and features (#19370) * UI: Add orangeDark color to theme (#19407) * grafana/toolkit: Improve contribution readme (#19400) * Docs: Remove hard wrap (#19413) * Tests: Adds throwUnhandledRejections to jest setup (#19398) * DataLinks: suggestions menu improvements (#19396) * Dev: Sets `preserveSymlinks` to `false` in top-level tsconfig (#19395) * Build: fixed signing script issue with circle-ci (#19397) * Docs: Update readme with info about ongoing migration (#19362) * PanelData: Adds timeRange prop to PanelData (#19361) * Docs: Update Playlist.md (#19382) * Update documentation-style-guide.md (#19389) * Build: Fix correct sort order of merged pr's in cherrypick task (#19379) * dependencies: Update yarn.lock (#19377) * ValueFormats: check for inf (#19376) * Update UPGRADING_DEPENDENCIES.md (#19386) * Update ROADMAP.md (#19384) * Update SUPPORT.md (#19383) * Update ISSUE_TRIAGE.md (#19280) * Update datasource_permissions.md (#19336) * MySQL: Limit datasource error details returned from the backend (#19373) * MySQL, Postgres: Update raw sql when query builder updates (#19209) * MySQL, Postgres, MSSQL: Fix validating query with template variables in alert (#19237) * Explore: Do not send explicit maxDataPoints for logs. (#19235) * grafana/ui: Add Timezone picker (#19364) * Heatmap: use DataFrame rather than LegacyResponseData (#19026) * Explore: Refactor mode selection (#19356) * Dashboard: Fix export for sharing when panels use default data source (#19315) * Azure Monitor: Revert support for cross resource queries (#19115)" (#19346) * grafana/ui: Add electrical units mAh and kAh (#19314) * grafana/ui: Add Indian Rupee (INR) to currencies (#19201) * Chore: Bump typescript to version 3.6.3 (#19308) * Explore: Refactor live tail controls (#19328) * Docs: Documentation for return-to-dashboard feature (#19198) * Select: Set placeholder color (#19309) * Keybindings: Improve esc / exit / blur logic (#19320) * Plugins: Skips existence of module.js for renderer plugins (#19318) * Explore: Fix unsubscribing from Loki websocket (#19263) * Release: update latest.json (#19312) * Docs: Uppercase HTTP acronyms (#19317) * Multi-LDAP: Do not fail-fast on invalid credentials (#19261) * DataLinks: Small UX improvements to DataLinksInput (#19313) * Alerting: Prevents creating alerts from unsupported queries (#19250) * Chore: Update Slate to 0.47.8 (#19197) * Chore: Upgrades react-redux to version 7.1.1 (#19272) * Docs: Update documentation-style-guide.md (#19292) * Admin/user: fix textarea postion in 'Pending Invites' to avoid page scrolling (#19288) * Changelog update for 6.3.6 * Revert "Changelog update for 6.3.6" * Changelog update for 6.3.6 * Build: Split up task in the CI pipeline to ease running outside circleci (#18861) * Build: Scanning grafana master docker image with trivy in ci (#19195) * Dashboard: Hides alpha icon for visualization that is not in alpha/beta stage #19300 * Update changelog task to generate toolkit changelog too (#19262) * QueryEditor: Clean-up interface to only have one PanelData (#19249) * Docs: Add style rule for Git (#19277) * Docs: Update CONTRIBUTING.md (#19273) * Docs: Add glossary (#19148) * Docs: Add style guide for docs (#19190) * Vector: remove toJSON() from interface (#19254) * MySQL, Postgres, MSSQL: Only debug log when in development (#19239) * Graphite: Changed range expansion from 1m to 1s (#19246) * AlertBox: Merged Alertbox into Alert (#19212) * Explore: live tail UI fixes and improvements (#19187) * Docs: Update theming docs (#19248) * grafana/toolkit: Fix toolkit not building @grafana/toolkit (#19253) * CloudWatch: ContainerInsights metrics support (#18971) * Alerting: Truncate PagerDuty summary when greater than 1024 characters (#18730) * grafana/toolkit: Add plugin scaffolding (#19207) * Snapshots: store DataFrameDTO instead of MutableDataFrame in snapshot data (#19247) * Revert "Graphite: Changed range expansion from 1m to 1s, #11472" * Graphite: Changed range expansion from 1m to 1s, #11472 * Fix docs issues (#19240) * Docs: Minor edits to the README and several md files (#19238) * LDAP: Show non-matched groups returned from LDAP (#19208) * plugins: expose whole rxjs to plugins (#19226) * SQL: Rewrite statistics query (#19178) * CI: Update frontend ci metrics for strict null checks * grafana/ui: Add disabled prop on LinkButton (#19192) * Cloudwatch: Fix autocomplete for Gamelift dimensions (#19145) (#19146) * Backend: Remove redundant condition of `ROLE_VIEWER` (#19211) * FieldDisplay: Update title variable syntax (#19217) * Docs: Note when using For and No Data in alert rule (#19185) * Docker: Upgrade packages to resolve reported vulnerabilities (#19188) * MSSQL: Revert usage of new connectionstring format (#19203) * Prometheus: datasource config with custom parameters string (#19121) * Contributing: Add guidelines for contributing docs (#19108) * LDAP debug page: deduplicate errors (#19168) * Menu: fix menu button in the mobile view (#19191) * Dashboard: Fixes back button styles in kiosk mode (#19165) * API: adds redirect helper to simplify http redirects (#19180) * docs: image rendering (#19183) * Chore: Update latest.json (#19177) * Chore: Update version to next (#19169) * Docs: What's new in 6.4 update (#19175) * Devenv: create slow_proxy_mac (#19174) * Chore: Changelog for v6.4.0-beta1 (#19171) * Revert "Chore: Update Slate to 0.47.8 (#18412)" (#19167) * Chore: Update Slate to 0.47.8 (#18412) * Changelog: Breaking changes and deprecation notes for v6.4 (#19164) * Docs: What's new 6.4 draft (#19144) * Docs: Add docs around feature toggles config (#19162) * Azure Monitor: Add support for cross resource queries (#19115) * Api: Readonly datasources should not be created via the API (#19006) * Explore: Update live tail buttons (#19143) * LDAP: only show tab if LDAP is enabled (#19156) * TimePicker: Fixes onBlur issue with FireFox on MacOS (#19154) * Feature: Encapsulated dynamic imports with error boundary and suspense (#19128) * Metrics: Adds setting for turning off total stats metrics (#19142) * Add directions for more details provided when not anymore on issue triage (#19116) * grafana/data: Reorganise code (#19136) * Login: fix Footer to be visible (#19147) * Chore: fix prettier error after github suggestions commit (#19150) * Alerts: show a warning/error if transformations are configured (#19027) * Explore: No logs should show an empty graph (#19132) * Ldap: Add LDAP debug page (#18759) * Elasticsearch: allow templating queries to order by doc_count (#18870) * Chore: cross-package security bumps (#19131) * Close the connection only if we establish it. (#18897) * Fix: Fixes crash using back button with zoomed graph (#19122) * Routing: Update routing to require sign in on every route (#19118) * Graph: constant series as override (#19102) * Login: fix login page failing when navigating from reset password views (#19124) * DataFrame: Fixes to dealing with empty results (#19119) * Explore: calculate intervals when building data source request (#19107) * Graph: Adds onHorizontalRegionSelected (#19083) * Loki: Updated cheat sheet with new filter syntax (#18947) * grafana/toolkit: Find module files correctly and add basic error tracing (#19089) * Templating: Clicking Selected should deselect all if 1 or more are already selected (#19104) * NotificationChannels: Add delete button to edit page (#19103) * Dashboard: Fix arrow positioning in button while in panel edit mode (#19084) * Update _index.md (#19045) * CLI: Fix installing plugins on windows (#19061) * LDAP: Allow an user to be synchronised against LDAP (#18976) * Docs: Adds a requirements page (#18917) * DataLinks: enable access to labels & field names (#18918) * Singlestat: fix format messes up on negative values if select duratio??? (#19044) * Explore: Move throttling before processing (#19095) * Prometheus: Fix response states (#19092) * Explore: Fix how log bars in graph are stacking (#19015) * Explore: Add throttling when doing live queries (#19085) * Stackdriver: Add extra alignment period options (#18909) * QueryProcessing: Added missing error event for angular editors (#19059) * Explore: Fixes issue with lastResult being null (#19081) * GraphPanel: don't listen to legacy onDataReceived events (#19054) * QueryProcessing: Fixes showing last result in initial loading state (#19057) * toolkit: fix master build, avoid null check (#19055) * Auth: Allow inviting existing users when login form is disabled (#19048) * MSSQL: Fix memory leak when debug enabled (#19049) * Update CONTRIBUTING.md (#19051) * Update README.md (#19047) * toolkit: pipe execa output to console.stdout (#19052) * QueryProcessing: Observable query interface and RxJS for query & stream processing (#18899) * Fix exit live mode icon: change back to Stop. (#19043) * Loki: Fix vertical alignment issue in label selector (#18943) * Fix: Align buttons and label in ToggleButtonGroup (#19036) * toolkit: run make for backend plugins (#19029) * Explore: Fix auto completion on label values for Loki (#18988) * TimeSeries: Replace fieldName with fieldIndex (#19030) * DataLinksInput - change the way enter key is handled (#18985) * TimeSeries: Add data frame index and field name (#19005) * Packages: update versioning and release process (#18195) * API: Add `updatedAt` to api/users/:id (#19004) * PageContent: fix logic in Page.Contents (#19002) * Calcs: Fixed calc reducer (#18998) * AlphaNotice: replaced big popover tooltip with native tooltip (#18997) * grafana/ui: Add Time of day picker (#18894) * QueryOptions: update maxDataPoints text and show any value that is configured (#18761) * Piechart: fix unit selector when scrolling is required (#18932) * Refactor: Move sql_engine to sub package of tsdb (#18991) * Refactor: move ScopedVars to grafana/data (#18992) * Units: Adding T,P,E,Z,and Y bytes (#18706) * Image rendering: Add deprecation warning when PhantomJS is used for rendering images (#18933) * Singlestat: render lines on the panel when sparklines are enabled (#18984) * Explore: Unify background color for fresh logs (#18973) * Annotations: Add annotations support to Loki (#18949) * TimeSeries: datasources with labels should export tags (not labels) (#18977) * Explore: UX/UI improvements for pausing and resuming of live tailing (#18931) * Annotations: Fix query editor rendering on datasource change (#18945) * Bump lodash-es from 4.17.11 to 4.17.15 (#18963) * Bump fstream from 1.0.11 to 1.0.12 (#18962) * Bump mixin-deep from 1.3.1 to 1.3.2 (#18960) * Bump lodash.template from 4.4.0 to 4.5.0 (#18961) * Alerting: fix response popover prompt when add notification channels (#18967) * Build: Fix potential case-insensitive import collision for github.com/Unknwon/com (#18915) * MixedDataSource: refactor, cleanup, and add tests (#18948) * Bump lodash.mergewith from 4.6.1 to 4.6.2 (#18959) * Units: Add electrical charge - ampere-hour unit * Transformers: configure result transformations after query(alpha) (#18740) * grafana/toolkit: Add default mock for stylesheet imports for Jest (#18955) * grafana/toolkit: Improve readme (#18747) * Docs: Add PR review practices link (#18937) * Build: Allow extending of LDFLAGS in build.go (#18954) * Build: Support SOURCE_DATE_EPOCH for reproducible builds (#18953) * LDAP: Fetch teams in debug view (#18951) * Dashboard: Fixes dashboard overwriting behavior (#18944) * Grafana: Create new playlist/dashboard/channel card is not visible when there are no items in the list (#18890) * Storybook: fix type error (#18934) * Sass: changed color in gradient in template files to lower case (#18921) * Notification is sent when state changes from no_data to ok (#18920) * SASS: Add pointer events none to .disabled class (#18919) * Explore: Adds ability to save a panel's query from Explore (#17982) * Loki: support loki with streaming in dashboards (#18709) * UserProfile: convert user organizations section to react (#18707) * Annotations: Check that timeEnd if defined before comparing to avoid false truthiness (#18903) * Sass: Align generated file with tmpl (#18896) * LDAP: Add API endpoint to query the LDAP server(s) status (#18868) * Add South African Rand (ZAR) to currencies (#18893) * Annotations: check if the name exists before creating a new annotation (#18880) * ErrorHandling: Error boundary for every container (#18845) * Precommit: Fixed precommit task issue (#18883) * Docs: Quick typo fix in readme (#18874) * CI: no longer using grafana-master... package. (#18884) * Styles: fixed gradient in logo so it doesn't go outside the logo and get a defined start and end color, changed brand gradient to be the same as in logo, created new variable for vertical gradient (#18882) * Webpack: Fix accidental double typechecking (#18881) * Explore: elastic small fixes (#18879) * Explore: Add typings for queryTransaction.request (#18847) * LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * PanelQueryState: restore comment * grafana/toolkit: fix common webpack config (#18862) * Explore: Use DataFrame to derive graph/table/logs (#18859) * Updated is time series test * Fixed unit test * alerting: add lock on job to prevent a race condition (#18218) * Reworked ResultProcessor tests * Explore: everything seems to be working again * WIP: Use data frames in explore * Explore: Allow pausing and resuming of live tailing (#18836) * CI: stop deployment to s3 (#18831) * Performance/Webpack: Introduces more aggressive code-splitting and other perf improvements (#18544) * Explore: Introduces PanelData to ExploreItemState (#18804) * Core: Adding DashboardPicker component (#18811) * Git: Precomit hook slimmed down * DataSourceSettings: Fixed issue changing data source name, fixes #18660 (#18826) * Prometheus: Fixed Prometheus query editor error (plus new ErrorBoundaryAlert component) (#18838) * Explore: Style panel containers (#18834) * Snapshot: Fix http api (#18830) * Open new window when exploring panel metrics (#18802) * Release: update latest.json * Docs: Update changelog with v6.3.5 issues (#18827) * Build: Update ua-parser/uap-go (#18788) * Build: Use the latest build container which has go 1.12.9 (#18807) * DataFrame: split DataFrameHelper into MutableDataFrame and FieldCache (#18795) * MixedDatasource: don't filter hidden queries before sending to datasources (#18814) * Enterprise: add dependencies for upcoming features (#18793) * Editor: Fixes issue where only entire lines were being copied (#18806) * Explore: Fixed query status issue (#18791) * DashboardMigrator: Fixed issue migrating incomplete panel link models (#18786) * Explore: Fixes query hint issues (#18803) * Build: Optional skipping of typescript checking in dev bundler (#18772) * Docs: Improve API tutorial intro content and readability (#18762) * Panels: Destroy panel model when recreating repeated panels (#18799) * Singlestat: Various fixes to singlestat and DataFrame (#18783) * Explore: Fixed issue in PanelQuery state arround cancellation (#18771) * Going to Explore from a panel with mixed data sources now works (#18784) * Changelog update (#18780) * Explore: Add memoization and remove unused props (#18775) * Prometheus: Changes brace-insertion behavior to be less annoying (#18698) * Datasource: Support min time interval input in ms (#18719) * Explore: Use PanelQueryState to handle querying (#18694) * Chore: Improve err message for notifications (#18757) * @grafana/toolkit: add package versions to the ci report (#18751) * @grafana/data: Matchers and Transforms (#16756) * Docs: Document LDAP config reload in admin http api (#18739) * center NoDataSourceCallToActionCard in Explore (#18752) * DataLinks: enable data links in Gauge, BarGauge and SingleStat2 panel (#18605) * DashboardDatasource: reuse query results within a dashboard (#16660) * Plugins: show a clear error on the plugin page when it failed to load (#18733) * Chore: Use ruleId instead of alertId as log keyword (#18738) * @grafana/data: improve the CircularVector api (#18716) * QueryEditor: check if optional func toggleEditorMode is provided (#18705) * Emails: remove the yarn.lock (#18724) * OAuth: Support JMES path lookup when retrieving user email (#14683) * Emails: resurrect template notification (#18686) * Email: add reply-to and direct attachment (#18715) * Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards (#18641) * Heatmap: Add Cividis and Turbo color schemes (#18710) * Units: add counts/sec (cps) and counts/min (cpm) in Throughput (#18702) * Dev Docker: Use golang:1.12.9-alpine to prevent glibc mismatch. (#18701) * Docs: Fix broken link for the Grafana on RHEL or Ubuntu tutorial (#18697) * Fixes several usability issues with QueryField component (#18681) * convert teams section of user profile to react (#18633) * Singlestat/Gauge/BarGauge: Improvements to decimals logic and added test dashboard (#18676) * Emails: Change text (#18683) * Streaming: improve JSDocs for DataSourceAPI streaming support (#18672) * TimeSrv: Enable value time windowing in TimeSrv (#18636) * Explore: Fixes so Show context shows results again (#18675) * Graph: Updated y-axis ticks test dashboard (#18677) * Add typings to package.json in packages (#18640) * Plugins: better warning when plugins fail to load (#18671) * SingleStat2: save options to defaults not override (#18666) * Packages: Fix path import from grafana/data (#18667) * SingleStat: use DataFrame results rather than TimeSeries/TableData (#18580) * TestData: attach labels to series results (#18653) * Singlestat: Disable new singlestat gauge usage (#18610) * Explore: Fixes query field layout in splitted view for Safari browsers (#18654) * MSI: new long file names are causing error building MSI (#18646) * Auth: change the error HTTP status codes (#18584) * Refactor: EmptyListCTA (#18516) * Build: Upgrade to go 1.12.9 (#18638) * Chore: Revert React 16.9.0 bump (#18634) * Azure Monitor and Log Analytics converted and separated into components (#18259) * Rewrite user profile edit to react (#17917) * Docs: remove codecov badge (#18623) * Prometheus: Prevents panel editor crash when switching to Prometheus datasource (#18616) * Chore: Rename Popper to Popover (#18543) * SingleStat: add a gauge migration call to action button in the editor (#18604) * Build: update revive dependency (#18585) * LDAP: multildap + ldap integration (#18588) * Docker: switch docker image to alpine base with phantomjs support (#18468) * Backend: Adds support for HTTP/2 (#18358) * Explore: Fixes error when switching from prometheus to loki data sources (#18599) * TimePicker: Set time to to 23:59:59 when setting To time using calendar (#18595) * Prometheus: Return labels in query results (#18535) * Docs: Update changelog and docs for annotation region change (#18593) * Refactor: move KeyValue and deprecation warning to @grafana/data (#18582) * Annotations: use a single row to represent a region (#17673) * Docs: Update upgrading guide (#18547) * Docs: Adds tests requirement to bugs checklist (#18576) * DataFrame: convert from row based to a columnar value format (#18391) * Packages: Temporarily skip canary releases if packages build fail (#18577) * Update latest.json to latest stable version (#18575) * Docs: Update changelog for v6.3.3 (#18569) * Graph: Fixed issue clicking on series line icon (#18563) * grafana/toolkit: Unpublish previous "next" version when releasing a new one (#18552) * Toolkit: write PR report to a folder with the circle build number (#18560) * CI: Fail build if yarn.lock is not up to date (#18555) * Chore: Updates react-dependant packages to address react warnings (#18549) * Prometheus: Fix regression of rerunning query on legend/interval change (#18147) * Explore/Prometheus: More consistently allows for multi-line queries (#18362) * Login: Fixes undefined redirect (#18545) * Plugins: expose react-redux, redux (#18501) * TimeSeries: assume values are all numbers (#18540) * Login: Angular to React (#18116) * InfoTooltip: Info icon with tooltip (#18478) * Annotations: Fix failing annotation query when time series query is cancelled (#18532) * remotecache: support SSL with redis (#18511) * QueryData: Handle that response data must be array (#18504) * React: Rename deprecated UNSAFE_componentWillReceiveProps (#18526) * Explore: Replaces TimeSeries with GraphSeriesXY (#18475) * API: Restrict anonymous user information access (#18422) * Fix: failing build after React bump (#18514) * strictNullChecks: First batch (#18390) * Chore: bump React to 16.9.0 (#18502) * Docs: Adds a new security section (#18508) * Docs: Update issue triage doc with external PRs section (#18464) * Typo: fix typo in processDataFrame.ts comment (#18492) * Explore: Fix loading error for empty queries (#18488) * Fix: Fixes stripping of $d in Explore urls (#18480) * grafana/ui: fix toTimeTicks error (#18448) * Docs: Adds details to Pull Request Checklist (#18471) * DataLinks: respect timezone when displaying datapoint's timestamp in graph context menu (#18461) * Chore: strictNullChecks, ColoringEditor and time_region_manager (#18442) * Backend: Do not set SameSite cookie attribute if cookie_samesite is none (#18462) * DataLinks: Apply scoped variables correctly (#18454) * DataLinks: Use datapoint timestamp correctly when interpolating variables (#18459) * API: Minor fix for team creation endpoint when using API key (#18252) * Login: Adjust space between skip and its icon (#18407) * Docs: Update Auth Proxy documentation (#18444) * Docs: Minor Readme update (#18438) * OAuth: return GitLab groups as a part of user info (enable team sync) (#18388) * Fix: Avoid glob of single-value array variables (#18420) * DataLinks: Enable multiple data links per panel (#18434) * Markdown: Handle undefined/null strings (#18433) * Docs: Update changelog and latest with 6.3.1 and 6.3.2 releases (#18437) * Explore: Fixes Legend overflow in splitted view (#18396) * Docs: changelog for docker 6.3 (#18429) * Panels: Fixed crashing dashboards with panel links (#18430) * DataFrame: remove dateFormat (#18424) * backend: null.Float NaN -> null for json marshal (#18284) * Frontend: adds folder name in home dash choose menu (#18346) * TestData: Query variable support (nested + glob queries) (#18413) * Update latest.json (#18417) * Changelog 6.3.0 (#18414) * PanelLinks: Fix render issue when there is no panel description (#18408) * e2e tests: Make pageObjects mandatory (#18406) * Documentation: document the "Mixed" Data Source (#18398) * Explore: Moves GraphSeriesXY and DisplayValue to grafana/data (#18400) * Explore: Fixes incorrect handling of utc in timeEpic (#18386) * Postgres: Add support for scram sha 256 authentication (#18397) * Update behind_proxy.md with linkback to nginx.com (#18150) * Do not set SameSite for OAuth cookie if cookie_samesite is None (#18392) * Gauge/BarGauge: Rewrite of how migrations are applied (#18375) * MSSQL: Change connectionstring to URL format to fix using passwords with semicolon (#18384) * CloudWatch: Fix alerting for queries with Id (using GetMetricData) (#17899) * Chore: Update strictNullChecks error limit (#18387) * Chore: Fixes some strict errors (#18381) * Graph: Improved graph tick decimals logic arround significant digits (#18370) * CI: Added metric to track strict null erros (#18379) * Auth: Do not search for the user twice (#18366) * grafana/toolkit: improve CI task (#18189) * Alerting: Also include configured AlertRuleTags in Webhooks (#18233) * Loki: Apply start parameter to speed up test query (#18266) * Docs: Changelog 6.3.0 beta4 (#18359) * Select: Fixes issue where ToggleButtonGroup overlapped DataSourcePicker in Firefox (#18361) * SignIn: Update redirect on reroute (#18360) * Gauge/BarGauge: Support decimals for min/max toFloatOrUndefined (#18368) * FieldDisplay: Return field defaults when there are no data (#18357) * Auth: introduce more tests for middleware module (#18365) * Docs: updated latest.json (#18363) * LDAP: nitpicks (#18309) * Docs: mention unsupported versions of PostgreSQL (#18307) * Navigation: Fixed double settings menus (#18349) * Build: allow bash to expand the wildcard (#18354) * Gauges: Fixes error when mappings array was undefined (#18353) * Frontend: Fixes progress tracker close button to use `$link-hover-color` (#18352) * Frontend: Fixes hard-coded font-weight properties to use variables (#18350) * LDAP: Align ldap example with the devenv testdata (#18343) * Auth: consistently return same basic auth errors (#18310) * cli: fix for recognizing when in dev mode. (#18334) * QueryEditors: Fixes flakey text edit mode toggle (#18335) * Refactor: use data rather than series in stream callback(#18126) * Keybindings: Disable on login url (#18331) * Fix failing end to end tests job for release (#18323) * Fix OAuth error due to SameSite cookie policy (#18332) * Chore: noImplictAny no errors left (#18303) * [Shortcuts] Fixes shortcuts for moving time range backwards and forwards (#18305) * TablePanel: Remove scroll option on TablePanel (#18318) * Keyboard Shortcuts: Sign in to enable them (#18271) * GitHub Templates: Pull Request Template update (#18300) * Auth Proxy: Include additional headers as part of the cache key (#18298) * grafana/toolkit: support windows paths (#18306) * Chore: noImplicitAny Sub 500 errors (#18287) * Plugins: return a promise for loadPluginCss (#18273) * Utils: avoid calling console.warn() too often for deprecation warnings (#18269) * CLI: Allow installing custom binary plugins (#17551) * Docs: Update link to example app (#18253) * GettingStarted: Skip Query for getting started (#18268) * v6.3.0-beta2 is latest testing (#18283) * Release: Changelog update with v6.3.0-beta2 (#18281) * Chore: Upgrades typescript to version 3.5 (#18263) * docs: team sync (#18239) * SAML: Only show SAML login button on Enterprise version (#18270) * Permissions: Show plugins in nav for non admin users but hide plugin configuration (#18234) * CI: Change target branch in CI task trigger-docs-update (#18255) * Plugins: Include build number and PR in metadata (#18260) * Run End-to-End tests for release builds (#18211) * DataLinks: Fixed interpolation of series name, fixes #18250 (#18251) * Timerange: Fixes a bug where custom time ranges didn't respect UTC (#18248) * Loki: Remove prefetching of default label values (#18213) * Build: fix use of env vars in parentheses execs (#18249) * TimePicker: Increase max height of quick range dropdown (#18247) * TimePicker: Fixed css issue casued by CSS Optimizer (#18244) * Revert "Timerange: Fixes a bug where custom time ranges didn't respect UTC (#18217)" (#18246) * Timerange: Fixes a bug where custom time ranges didn't respect UTC (#18217) * LDAP: improve POSIX support (#18235) * Instrumentation: Add failed notifications metric (#18089) * Docs: update links to sample plugins (#18240) * Build: Removed webpack from default grunt task, fixes #18232 (#18242) * Packages: update package.json files (#18173) * Replaced ubuntu:latest with ubuntu:18.04; specific image version to make grafana build images consistent (#18224) * Build: correct verify script (#18236) * remote_cache: Fix redis connstr parsing (#18204) * Auth: do not expose disabled user disabled status (#18229) * Build: Introduce shellcheck (#18081) * Docs: Update documentation with new SAML features (#18163) * Typo: fix threshodsWithoutKey (#18228) * alerting: more specific error when missing threshold (#18221) * Graph: fix time label description for datalink suggestions (#18214) * Explore: Reduce default time range to last hour (#18212) * alerting: return err when SetAlertState fails to save to sql (#18216) * PhantomJS: Fixes rendering on Debian Buster (#18162) * Docs: sudo is required on the apt-key add not on wget (#18180) * Build: watch and dev mode webpack improvements (#18153) * Plugin: AzureMonitor - Reapply MetricNamespace support (#17282) * Refactor: move end-to-end test infrastructure to @grafana/toolkit (#18012) * SAML: add auth provider label (#18197) * Plugins: avoid app importDashboards() NPE (#18128) * Plugins: fix previous commit, output "build" property in json * SAML: add metrics (#18194) * Plugins: add build info to plugin metadata (#18164) * datasource: testdata - add predicatable csv wave scenario (#18183) * Docs: SAML idp_metadata_url option (#18181) * Panel: Show error in edit mode (#18175) * E2E: saving a dashboard should wait for success (#18171) * @grafana/toolkit: integrate latest improvements (#18168) * Build: change definition of the vars in makefile (#18151) * noImplicitAny: Down approx 200 errors (#18143) * datasource: testdata - add predictable pulse scenario (#18142) * Minor 6.3.0 beta1 changes (#18048) * Docs: SAML (#18069) * Docs: prioritize use of `make run` to `bra` (#18154) * Fix provision alerts generation script (#18145) * SQLStore: use bool pointer instead of string (#18111) * Registry: add a reusable function registry (#17047) * grafana/toolkit: test improvements and show stats (#18137, #18138) * Metrics: use consistent naming for exported variables (#18134) * Build: copy .browserslistrc to node build container (#18141) * @grafana/toolkit: HtmlWebpackPlugin when in watch mode (#18130) * update yarn.lock (#18125) * grafana/toolkit: prettier and lint fix in dev mode (#18131) * Chore: Fix about 200 noImplicitAny errors (#18067) * Build: allow dynamically change docker image (#18112) * grafana/toolkit: update the way config is being passed to jest cli (#18115) * Build: detect changes to packages based on the git diff (#18118) * Build: Release packages under next tag when changes detected on master (#18062) * SQLStore: allow to look for `is_disabled` flag (#18032) * Metrics: add LDAP active sync summary metric (#18079) * Docs: correct issue_triage.md texts * ValuMapping: start with some values (#18092) * Docs: Simplify download links & instructions and make download link clearer (#18090) * FieldDisplay: move threshold and mapping to Field (#17043) * InfluxDB: Enable interpolation within ad-hoc filter values for InfluxDB data source (#18077) * Docs: Move data links down (#18072) * grafana/toolkit: improve CircleCI integration (#18071) * Build: consistently reference go binary (#18059) * devenv: Fix typo in nginix docker for mac (#18068) * noImplicitAny: 1670 errors (#18035) * Add missing pull requests to Changelog (#18061) * provisioning: escape literal '$' with '$$' to avoid interpolation (#18045) * grafana/toolkit: improve CircleCI stubs (#17995) * Docs: clarify the ttl units (#18039) * Update docs readme for running MySQL/Postgres tests * Auth: Duplicate API Key Name Handle With Useful HTTP Code (#17905) * Chore: upgrade node-sass to 4.12.0 (#18052) * API: Minor fix for nil pointer when trying to log error during creating new dashboard via the API (#18003) * Chore: update lodash (#18055) * Update latest.json (#18043) * Update Changelog (#18042) * Chore: bump master version number to 6.4.0-pre * Explore/Loki: Display live tailed logs in correct order (#18031) * Fix unused variable errors (#18030) * Docs: First draft of whats new in 6.3 (#17962) * Packages: create shared tsconfig.json (#18010) * CLI: Fix encrypt-datasource-passwords fails with sql error (#18014) * LDAP: Adds bind before searching LDAP for non-login cases. (#18023) * Users: show badges for each auth provider (#17869) * Loki: Don't use _ numerical separator (#18016) * grafana-cli: allow installing plugins from a local zip file (#18021) * grafana/toolkit: Copy or extract static files (#18006) * Packages: Use lerna for release orchestration (#17985) * AnnoList: add alpha annotations list plugin (#17187) * grafana/toolkit: Use babel-plugin-angularjs-annotate (#18005) * CSV Export: Timezone based on dashboard setting (#18002) * LDAP: Adds back support for single bind. (#17999) * Reducers: consistent result for first/last reducer shortcut (#17911) * SAML: Show SAML login button even if OAuth is disabled (#17993) * Fix: Break redirect loop if oauth_auto_login = true and OAuth login fails (#17974) * Refactor: fix range util imports (#17988) * Refactor: move dom utils to @grafana/ui (#17976) * Docs: Documents new features available with Loki data source in Explore (#17984) * Prometheus: added time range filter to series labels query (#16851) * Explore: Adds support for new loki 'start' and 'end' params for labels endpoint (#17512) * Chore: Removes custom debounce utility in favor of lodash/debounce (#17977) * Api: Fix auth tokens returning wrong seenAt value (#17980) * Refactor: move more files to @grafana/data (#17972) * @grafana/data: export dateMath and rangeUtil (#17971) * Refactor: move some files to @grafana/data (#17952) * noImplicitAny: Azure Monitor (#17966) * grafana/toolkit: initial CI task and various small improvements (#17914) * First version of prettier checks in toolkit (#17964) * LDAP: finishing touches (#17945) * Graphite: Refactor lexer and parser (#17958) * noImplicitAny: Datasource files, under 2500 (#17959) * Auth: saml enabled check. (#17960) * Auth: SAML login button. (#17932) * grafana/toolkit: Add support for extensions styling (#17938) * Datasource: Refactor Graphite to class (#17942) * SAML: Configuration defaults, examples and dependencies (#17954) * OAuth: deny login for disabled users (#17957) * Build: Adds pre-commit check that fails if node versions are not synced (#17820) * Docs: minor ha-setup edit (#17950) * Docs: Added very basic docs about revoking user sessions (#17931) * Docs: Updates documentation regarding logs integration in Explore (#17896) * noImplicitAnys: Fix InfluxDB type issues #17937) * TimePicker: align position between dashboard and explore (#17940) * AzureMonitor: remove duplicate query logic on the frontend (#17198) * UserProfilePage: Fix team avatar urls #17866 (#17930) * Explore: Introduces storage keys for last used data source on per-orgId basis (#17934) * Docs: added version notice to new ldap feature docs (#17929) * Explore: Restricts query text edit toggle to metrics mode (#17921) * grafana/runtime: Expose SystemJS from @grafana/runtime (#17927) * Templating: Correctly display __text in multi-values variable after refresh (#17918) * grafana/toolkit: bundle plugins with webpack (#17850) * Explore: Adds orgId to URL for sharing purposes (#17895) * grafana/toolkit: copy sass files (#17888) * ChangePassword: Rewrite change password page to react (#17811) * AngularPanels: Fixed loading state indication for angular panels (#17900) * Explore: Adds support for toggling text edit mode in explore (#17870) * LDAP: Divide the requests (#17885) * Build: fixes missing shebang in release tagging script. (#17894) * Teams: show proper label for each auth provider (#17860) * Logging: Login and Logout logging actions (#17760) (#17883) * Loki: Adds comment explaining usage of RFC3339Nano string (#17872) * Explore: Query rows are now reset when changing data sources (#17865) * Codestyle: add guidelines for removing the m alias for models (#17890) * Docs: How to work with themes (#17876) * Docs: Fix developing plugins index page (#17877) * StatsPicker: Fix multiple value input layout etc. (#17827) * Chore: Build grafana-cli when running bra run (#17788) * Build: use golangci-lint as a make command (#17739) * Explore:??Log highlights only update when user stops typing (#17845) * Loki: getHighlighterExpressionsFromQuery Returns null if filter term is not quoted (#17852) * Docs upgrading deps (#17657) * Testing: Include BatchRevoke for all tokens in the fake. (#17728) * Refactor: rename SeriesData to DataFrame (#17854) * devenv: switch OpenTSDB docker block (#17849) * Devenv:LDAP: couple simplifications for LDAP (#17807) * Login: divide login errors by pkg and service (#17835) * Auth Proxy: Respect auto_sign_up setting (#17843) * OAuth: return github teams as a part of user info (enable team sync) (#17797) * noImplicitAny: Sub 3000 errors (#17821) * TimePicker: Style and responsive fixes, restored dashboard settings (#17822) * Templating: Correctly display __text in multi-values variable (#17840) * Elasticsearch: Fix default max concurrent shard requests (#17770) * Explore: Fix filter by series level in logs graph (#17798) * Docs: Add v6.3 version notes and encryption format information (#17825) * Graphite: use POST for /metrics/find requests (#17814) * Dashboard: Force update after dashboard resize (#17808) * Toolkit: moved front end cli scripts to separate package and introduced very early version of plugin tools * Explore: Uses new TimePicker from Grafana/UI (#17793) * Explore: Uses RFC3339Nano string to retrieve LogRow contexts from Loki API (#17813) * noImplicitAny: Lower count to about 3450 (#17799) * Graphite: Fixes issue with seriesByTag & function with variable param (#17795) * noImplicitAny: Reduce errors to 3800-ish (#17781) * Graphite: remove feature that moves alias function last (#17791) * Explore: Adds URL support for select mode (#17755) * TestData: add option to increase the number of test streams (#17789) * Usage Stats: Update known datasource plugins (#17787) * Docs: Adds section on Querying Logs for Elasticsearch (#17730) * Docs: Adds section on Querying Logs for InfluxDB (#17726) * Devenv: makes the grafana users default for saml. (#17782) * Explore: Displays only one Time column as configured in TimeZone settings (#17775) * Markdown: Replace rendering library (#17686) * ApiKeys: Fix check for UTC timezone (#17776) * Prometheus: Minor style fix (#17773) * Docs: fixed notifications table * Auth: Allow expiration of API keys (#17678) * 17278 prometheus step align utc (#17477) * Docs: Update release guide (#17759) * release: update latest.json to v6.2.5 (#17767) * release: 6.2.5 changelog (#17766) * Fix typo s/Applicaiton/Application/ in error messages (#17765) * UserAdmin: UI for disabling users (#17333) * API: get list of users with additional auth info (#17305) * TimePicker: fixed minor issues with new timepicker (#17756) * Explore: Parses and updates TimeSrv in one place in Explore (#17677) * @grafana/ui: release (#17754) * Password: Remove PasswordStrength (#17750) * Devenv:SAML: devenv block with saml test app (#17733) * LDAP:Docs: add information on LDAP sync feature and update LDAP sync default (#17689) * Graph: Add data links feature (click on graph) (#17267) * Explore: Changes LogsContainer from a PureComponent to a Component (#17741) * Chore: Remove tether and tether drop dependency in grafana/ui (#17745) * noImplicitAny: time region manager etc. (#17729) * Panel: Fully escape html in drilldown links (was only sanitized before) (#17731) * Alerting: Improve alert rule testing (#16286) * Elasticsearch: Visualize logs in Explore (#17605) * Grafana-CLI: Wrapper for `grafana-cli` within RPM/DEB packages and config/homepath are now global flags (#17695) * Add guidelines for SQL date comparisons (#17732) * Docs: clarified usage of go get and go mod (#17637) * Project: Issue triage doc improvement (#17709) * Improvement: Grafana release process minor improvements (#17661) * TimePicker: New time picker dropdown & custom range UI (#16811) * RemoteCache: redis connection string parsing test (#17702) * Fix link in pkg/README (#17714) * Dashboard: Use Explore's Prometheus editor in dashboard panel edit (#15364) * Settings: Fix typo in defaults.ini (#17707) * Project: Adds a security policy (#17698) * Project: Adds support resource docs (#17699) * Document issue triage process (#17669) * noImplicitAny: slate (#17681) * config: fix connstr for remote_cache (#17675) * Explore: Improves performance of Logs element by limiting re-rendering (#17685) * Docs: Flag serve_from_sub_path as available in 6.3 (#17674) * @grafana/runtime: expose config and loadPluginCss (#17655) * noImplicitAny: Fix basic errors (#17668) * Docs: Update readme to reference correct repo (#17666) * LDAP: small improvements to various LDAP parts (#17662) * Chore: Fix noImplicitAny issues (#17636) * AddPanel: Fix issue when removing moved add panel widget (#17659) * TablePanel: fix annotations display (#17646) * middleware: fix Strict-Transport-Security header (#17644) * Build: add @grafana/data package (#17436) * Update latest.json for 6.2.4 * Update latest.json for 6.2.3 * Update the changelog with v6.2.4 information * Build: Updates node image for e2e job (#17632) * Explore: Prometheus query errors now show (#17470) * Chore: Lowered implicit anys limit to 4599 (#17631) * noImplicitAny: SingleStat panel (#17616) * Build: Update node image for test-frontend job step (#17628) * grafana-cli: Fix receiving flags via command line (#17617) * Typescript: Removes implicit anys (#17625) * Explore: Removes minus button in adhoc query field (#17573) * Correct 6.2.3 release date (#17624) * codestyle: styleguide and arch for grafanas backend (#17545) * JsonTree: fix jsonTree angular binding (#17608) * HTTPServer: Fix X-XSS-Protection header formatting (#17620) * Changelog: Add known issues for v6.2.3 (#17615) * Update the changelog with v6.2.3 information (#17612) * Refactor buttons (#17611) * Tests: Replaces e2e tests truth screenshot (#17609) * cli: grafana-cli should receive flags from the command line (#17606) * AppPlugin: Fix load legacy plugin app (#17574) * Typescript: A batch of implicit any fixes (#17590) * RefreshPicker: Handle empty intervals (#17585) * Docker: Switch base to ubuntu:latest (#17066) * SQLStore: extend `user.SearchUsers` method (#17514) * Explore: Tag and Values for Influx are filtered by the selected measurement (#17539) * ldap: makes mocks available for testing. (#17576) * Devenv: Add nginx proxy for mac (#17572) * Graph: Added new fill gradient option (#17528) * Typescript: Reduce implicit any errors (#17550) * SinglestatPanel: Manages when getColorForValue() function returns null value. Closes #9747 (#17552) * LDAP: refactoring (#17479) * Elasticsearch: Fix empty query request to send properly (#17488) * SinglestatPanel: fix min/max config in singlestat sparklines (#17543) * AuthProxy: Optimistic lock pattern for remote cache Set (#17485) * Explore: Includes context parameter when invoking getExploreState() from Prometheus datasource (#17569) * Tests: Replaces truth image (#17570) * Fix: Fixes merge conflict (#17568) * Build: Fix failing e2e tests and implicit any check (#17567) * Explore: Fixes implicit any error in AdHocFilterField.test.tsx (#17565) * Fix so that correct cache is provided to di registry (#17566) * Build: Upgrades to golang 1.12.6 (#17542) * Explore: Adds ability to remove filter from key dropdown (#17553) * codestyle: moves cache to infra (#17519) * Docs feedback: installation/debian.md (#17563) * Chore: Lowered implicit anys limit to 5131 (#17562) * Influx: Reset logs query field on clear all and clear row in explore (#17549) * Devenv: Add telegraf with log parsing to influxdb docker block (#17546) * Explore: Runs query when measurement/field and pairs are selected in logs mode for influx (#17523) * Influx: Adds start page for logs in Explore (#17521) * OAuth: Fix for wrong user token updated on OAuth refresh in DS proxy (#17541) * middleware: add security related HTTP(S) response headers (#17522) * Docs: Clarifies from which version the Patch VERB is available (#17532) * Chore: Hugo upgrade (#17494) * Codestyle: Fix some goconst issues (#17530) * Docs: Adds clarification to the provider name for provisioned dashboards (#17524) * Singlestat: Add y min/max config to singlestat sparklines (#17527) * Explore: Clear queries when switching between metrics and logs (#17505) * 16223 user auth token list and revoke (#17434) * Feature: Parse user agent string in user auth token api response (#16??? (#17504) * Tests: Adds better logging to e2e tests (#17511) * Codestyle: Add typecheck and unused linters (#17491) * Docs: Add CircleCI step trigger-docs-update (#17481) * remote_cache: Fix redis (#17483) * auth_proxy: non-negative cache TTL (#17495) * Explore: Adds LogQueryField for InfluxDb (#17450) * sqlstore: clean quota and user_auth_tokens when removing users (#17487) * Prometheus: Preallocate data for Prometheus backend response parsing (#17490) * Docs: Fix a typo in Elasticsearch docs (#17492) * gtime: some code style refactoring (#17369) * Build: make bra a local dependency (#17414) * Add tests for multildap (#17358) * RefreshPicker: SetInterval comments to rxjs code added (#17404) * metrics: expose stats about roles as metrics (#17469) * Explore: Handle newlines in LogRow Highlighter (#17425) * Alerting: Add tags to alert rules (#10989) * Config: Add comment before log_queries in sample ini file (#17462) * CLI: Search perf test data (#17422) * Prometheus: Use overridden panel range as $_range instead of dashboard range (#17352) * Update latest (#17456) * NavModel: Fixed page header ui tabs issues for some admin pages (#17444) * Update changelog for 6.2.2 (#17452) * PluginConfig: Fixed plugin config page navigation when using subpath (#17364) * Tracing: allow propagation with Zipkin headers (#17009) * Perf: Fix slow dashboards ACL query (#17427) * Explore: Fixes crash when parsing date math string with whitespace (#17446) * Cloudwatch: Add AWS DocDB metrics (#17241) * Provisioning: Support folder that doesn't exist yet in dashboard provisioning (#17407) * Codestyle: Fix govet issues (#17178) * @grafana/runtime: expose location update (#17428) * Fix: Adds context to list of keys that are not part of query (#17423) * Prometheus: Correctly escape '|' literals in interpolated PromQL variables (#16932) * Explore: Makes it possible to use a different query field per mode (#17395) * DataSourceApi: remove ExploreDataSourceApi (#17424) * Fix: change angular loader paths (#17421) * Build: specify build flag for `docker-compose up` (#17411) * Add a @grafana/runtime package with backendSrv interface (#16533) * Database: Initialize xorm with an empty schema for postgres (#17357) * docs: configuring custom headers in the dataproxy (#17367) * Explore: Queries the datasource once per run query and uses DataStreamObserver (#17263) * Feature: Adds redux action logging toggle from url params (#17368) * Build: Adds e2e tests back to master workflow with better error messages and with artifacts (#17374) * Explore: Handle datasources with long names better in ds picker (#17393) * Annotations: Improve annotation option tooltips (#17384) * InfluxDB: Fixes single quotes are not escaped (#17398) * Chore: Bump axios to 0.19.0 (#17403) * Alerting: golint fixes for alerting (#17246) * Batch disable users (#17254) * Chore: Remove unused properties in explore (#17359) * MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros (#13086) * Security: Prevent csv formula injection attack (#17363) * LDAP: remove unused function (#17351) * Enterprise: remove gofakeit dep (#17344) * Explore: Update time range before running queries (#17349) * Build(package.json): improve npm commands (#17022) * Chore: upgrade webpack analyser (#17340) * NewDataSourcePage: Add Grafana Cloud link (#17324) * CloudWatch: Avoid exception while accessing results (#17283) * Build: ignore absence of docker-compose (#17331) * Build(makefile): improve error handling (#17281) * adds auth example for the cli cherrypick task (#17307) * docs: remove my email from docs examples (#17325) * 16365 change clashing variable names (#17140) * Frontend/SeriesData: Fix for convert SeriesData to Table format (#17314) * Frontend/utils: Import has only from lodash (#17311) * Frontend/utils: Add missing type (#17312) * update v6.2-beta1 changelog with missing pr (#17308) * explore: don't parse log levels if provided by field or label (#17180) * HTTP Server: Serve Grafana with a custom URL path prefix (#17048) * update latest.json to latest stable version (#17306) * release: v6.2.1 changelog update (#17303) * Build: Removes e2e-tests from Grafana master workflow (#17301) * Build(devenv): correct the context issue (#17291) * Build: Enables end-to-end tests in build-master workflow (#17268) * Gauge/BarGauge: font size improvements (#17292) * Chore: Update jquery to 3.4.1 in grafana ui (#17295) * CLI: Add command to migrate all datasources to use encrypted password fields (#17118) * Auth Proxy: Log any error in middleware (#17275) * devenv: metricbeat and kibana for elasticsearch 7 block (#17262) * LDAP: reduce API and allow its extension (#17209) * database: retry transaction if sqlite returns database is locked error (#17276) * Tech: Update jQuery to 3.4.1 (#17290) * fix typo in basic_concepts.md (#17285) * Feature: do dev environment via makefile (#17136) * devenv: adds auth proxy load test (#17271) * Table: various minor fixes (alpha panel) (#17258) * Singlestat: fixes issue with value placement and line wraps (#17249) * Devenv: Update Graphite port in dev datasources (#17255) * Chore: bump grafana-ui version (#17256) * Release: Updated latest.json * Auth: Logout disabled user (#17166) * docs: fixes typo in provisioning docs (#17248) * CloudWatch: Made region visible for AWS Cloudwatch Expressions (#17243) * Panel: Pass transparency prop down to React panels. (#17235) * Build: Fix filter for building msi during release (#17236) * DataSourcePlugin: Avoid anuglar injector if only one parameter (#17239) * Alerting: Support for configuring content field for Discord alert notifier (#17017) * Explore: Update the way Loki retrieve log context (#17204) * Docs: Fix grammar in docs (#17233) * LDAP: consistently name the LDAP entities (#17203) * Panels: Show Drilldown links in top-left corner of custom React panels (#17142) * Build: Fix final prompt for @grafana/ui npm publish confirmation * Docs: Updated versions selector * Docs: Example for multiple LDAP servers (#17216) * Release: Updated changelog * Release: updated changelog with v6.2 entries (#17201) * Search: removed old not working search shortcuts (#17226) * azuremonitor: revert to clearing chained dropdowns (#17212) * Search: changed how search filter on current folder works (#17219) * AzureMonitor: docs for multiple subscriptions (#17194) * Defer closing of files (#17213) * Docs: Add guidelines for PR/commit messages (#17190) * Users: Disable users removed from LDAP (#16820) * docs: what's new in v6.2 fixes (#17193) * DataSourceMeta: add an option to get hidden queries (#17124) * Panel: Apply option defaults on panel init and on save model retrieval (#17174) * BarGauge: Fix for negative min values (#17192) * Azuremonitor: multiple subscription support for alerting (#17195) * AppPlugin: add types for jsonData (#17177) * MSI: Generate sha256sum during MSI build process in circleci (#17120) * explore: fix null checks (#17191) * Fix: Fixes so new data is pushed during live tailing (#17189) * testdata: logs scenario (#17182) * testdata: scenarios returned are now sorted in a consistent way (#17181) * TablePanel: Check for table using keys (#17185) * Fix gosimple issues (#17179) * AppPlugin: add an init function (#17150) * Fix: Changes WebSocket protocol to wss:// for https (#17173) * alerting: golint fixes for alert notifiers. (#17167) * LDAP: add tests for initialBind (#17132) * Explore: Adds Live option for supported datasources (#17062) * alerting: fix a bunch of lint issues. (#17128) * chore: mocks plugin loader for DataSourceSettingsPage tests (#17157) * Release: Improved cherry pick task (#17087) * Explore: Fix selection/copy of log lines (#17121) * Explore: Fix empty space in toolbar on smaller devices (#17110) * Explore: display log line context (#17097) * Plugins: expose rxjs matching 6.4.0 (#17148) * Chore: fix codespell issue with build (#17144) * Feature: LDAP refactoring (#16950) * explore: fix issues when loading and both graph/table are collapsed (#17113) * explore: make sure datasource is added to target (#17116) * Fix: tighten revive exit code & make it happy (#17127) * GraphPanel: Don't sort series when legend table & sort column is not visible (#17095) * Chore: Update grafana-ui version to 6.2.0-alpha.0 (#17109) * add support for periodically reloading mysql client certs (#14892) * Chore: Deduplicate sqlstore transaction code (#17069) * Alertmanager: Replace illegal chars with underscore in label names (#17002) * Adjusted documentation for gcs to reflect the code (#16947) * fix: Initial url update in Explore should replace existing url history #17030 (#17061) * Explore: Allow switching between metrics and logs (#16959) * Chore: explore possibilities of using makefile (#17039) * Chore: Bump jest to 24.8.0 (#17094) * Chore: Bump ts-node to 8.1.0 (#17093) * Release: Updated changelog * backend: replace /pkg/errors with errutil (#17065) * Explore: Fixes filtering in Prometheus queries when clicking in Table (#17083) * Remotecache: Avoid race condition in Set causing error on insert. (#17082) * Build: Support publishing MSI to grafana.com (#17073) * InputDataSource: better empty value support (#17075) * Panels: Fixed alert icon position in panel header (#17070) * GraphPanel: use SeriesData directly (skip legacy transformation) (#17037) * Streaming: support streaming in MetricsPanelCtrl (#17034) * Gauge: Fix switching orientation issue when switching from BarGauge to Gauge (#17064) * serverlock: run tests async should be more linear time wise (#17059) * InfoPopover: Fixes transclude undefined error (#17063) * Dashboard: Fixes lazy loading & expanding collapsed rows on mobile (#17055) * fix: Azure Monitor adds missing closing div tag to query editor (#17057) * Chore: Use executable dir instead of pwd in CLI for isDev check (#16974) * Search: Set element height to 100% to avoid Chrome 74's overflow (#17054) * Docs: adds note about removing session storage (#17003) * Chore: remove use of `== false` (#17036) * Explore: use @grafana/ui legend (#17027) * tech: avoid alias for importing models in alerting (#17041) * DataSourcePlugin: support custom tabs (#16859) * Dashboard: Fixes scrolling issues for Edge browser (#17033) * SeriesData: remove color from Field (#17044) * chore: remove x character in explore * Dashboard: show refresh button in kiosk mode (#17032) * Devenv: Updated gauge test dashboard * Chore: reintroduce gosec (#17021) * Gauge: tweaks to background color and height usage (#17019) * Feature: provide multildap server configuration (#16914) * (feat/explore): Support for new LogQL filtering syntax (#16674) * fix(explore): Prevent double querying for Prometheus and Loki (#17004) * Chore: No implict any fixes (#17020) * move log package to /infra (#17023) * Chore: Lowered implicit anys limit to 5386 * Chore: Updated snapshot * Select: Fixed isOpen issue * Chore: Typescript no-implicit any fixes progress (#17018) * GraphPanel: show results for all SeriesData (#16966) * Fix: Wrap value of multi variable in array when coming from URL (#16992) * GettingStarted: add key and remove ng-class (#17007) * explore: add some extra time for angular query editors to update query (#16955) * Explore: Align Explore with Dashboards and Panels (#16823) * Explore: Fix empty result from datasource should render logs container (#16999) * Explore: Fixes zoom exception in Loki/Graph (#16991) * PanelEditor: Fix queries tab now showing, wrong skipDataQuery logic (#16994) * DataSourceApi: convert interface to abstract class (#16979) * Panels: Fixed error panel tooltip (#16993) * Docker: Prevent a permission denied error when writing files to the default provisioning directory (#16831) * Notification: attempt to send notifications to all given email addresses (#16881) * GettingStarted: convert to react panel plugin (#16985) * Plugins: Remove dataFormats key and add skipDataQuery (#16984) * AlertList: removed icon * MetricsPanelCtrl: use shared queryRunner to support query execution (#16659) * TableData: support name (#16983) * Changelog: Typo guage -> gauge (#16982) * TestData: stream via fetch (#16963) * plugins: fix how datemath utils are exposed to plugins (#16976) * NewDataSource: Updated page header title * fix(prometheus): issue with click label to filter for recording rules in Explore * Explore: Removes Promise.All from runQueries thunk (#16957) * Chore: Add prometheus basic auth proxy (#16882) * Snapshot: use given key and deleteKey (#16876) * DataSourcePlugins: more generics improvements (#16965) * AddDataSource: Updated page design & categories (#16971) * Templating: Support selecting all filtered values of multi-value variable (#16873) * Chore: Add Input stories (#16897) * FieldDisplay: Don't use group ui elements in field editors (#16953) * GettingStarted: Fixes layout issues, fixes #16926 (#16941) * PanelModel: Fix crash after window resize, fixes #16933 (#16942) * Singlestat: fixed centering issue for very small panels (#16944) * Tests: Adds end-to-end tests skeleton and basic smoke test scenario (#16901) * Chore: Replaces moment with Grafanas DateTime (#16919) * InfluxDB: Fix HTTP method should default to GET (#16949) * Chore: Skip unnecessary checks on pre commit (#16946) * http: remove dualstack since its deprecated (#16940) * devenv: add slow reverse proxy (#16943) * AppPlugin: Menu Edit Url Fix (#16934) * DataSource Plugins: consistent generics order (#16936) * Plugins: update beta notice style (#16928) * Chore: update version number for 6.3 (#16927) * Plugins: Support templated urls in routes (#16599) * changelog: add 5.4.4 release * docs: add download link to what's new in v6.2 * update changelog * Update changelog for 6.2.0-beta1 * AzureMonitor: adds support for multiple subscriptions per datasource (#16922) * docs: what's new in v6.2 (#16909) * Chore: ban importing from @grafana/ui in grafana ui files (#16920) * BarGauge: New multi series enabled gauge like panel with horizontal and vertical layouts and 3 display modes (#16918) * alerting: no notification when going from nodata -> pending (#16905) * rpm: start grafana after mysqld process (#16917) * Build: fix failing grafana/ui build (#16913) * BarGauge: Updated test dashboards and threshold fix (#16911) * PanelModel: Clear queryRunner on destroy (#16906) * Panels: No title will no longer make panel header take up space (#16884) * Elasticsearch: Fix pre-v7.0 and alerting error (#16904) * Gauge: Better handling of gauge repeat title (#16886) * Refactor: move datemath to grafana/ui (#16890) * PanelQueryState: check for existing running query (#16894) * devenv: add alert list panel (#16896) * Security: Add new setting allow_embedding (#16853) * build: fix integer overflow in pkg/tsdb tests on 32bit platforms (#16818) * Security: Responses from backend should not be cached (#16848) * Alert: Support variables in Alert List filters (#12583) (#16892) * Chore: Lowered implicit anys limit to 5617 * FieldDisplay: shared options model for singlestat panels (#16703) * Refactor: rename statsCalculator to fieldReducer (#16867) * PanelModel: expose isInView property to PanelModel (#16877) * CSV: escape quotes in toCSV (#16874) * Dashboard: Lazy load out of view panels (#15554) * LDAP: Added reload endpoint for LDAP config (#15470) * PluginsList: Removed icons and updated snapshots (#16872) * Panels: Fixed issue with panel type change and data updates (#16871) * Chore: fix modes for non-executable files (#16864) * DataSourceSettings: Minor fix for uncontrolled input (#16863) * Chore: Lowered implicit anys limit to 5623 * TestData: Add dashboards to testdata (#16855) * Input Datasource: convert from angular config to react ConfigEditor (#16856) * DataSources: minor typescript cleanups and comments (#16860) * TestDataDatasource: Add config editor (#16861) * App Plugins: support react pages and tabs (#16586) * Add Windows MSI generation to build process (#16502) * Datasources: add support for POST HTTP verb for InfluxDB (#16690) * Add pattern validation in configs (#16837) * Search: Enable filtering dashboards in search by current folder (#16790) * FormLabel: allow any rather than just a string for tooltip (#16841) * prometheus: fix regression after adding support for tracing headers (#16829) * area/circleci: Speed up circleci build process for branches and pr (#16778) * DataProxy: Restore Set-Cookie header after proxy request (#16838) * docs: clarify page parameter version support for folder/dashboard search (#16836) * Chore: revise some of the gosec rules (#16713) * Refactor: consistant plugin/meta usage (#16834) * Explore: Use SeriesData format for loki/logs (#16793) * Refactor: move NavModel to @grafana/ui (#16813) * Auth: Enable retries and transaction for some db calls for auth tokens (#16785) * Provisioning: Show file path of provisioning file in save/delete dialogs (#16706) * Add tracing headers for prometheus datasource (#16724) * Config: Fixes bug where timeouts for alerting was not parsed correctly (#16784) * build: removes gopkg files from dev docker file (#16817) * Provisioning: Trying to fix failing test (#16800) * Table: React table fix rotate support in storybook (#16816) * TestData: add log level in dummy message (#16815) * removes gopkg.lock from root folder * Explore: Support user timezone (#16469) * Plugins: rename vizPlugin to panelPlugin (#16802) * Plugins: move app/feature/plugin properties into PluginMeta (#16809) * Plugins: move PanelPluginMeta to grafana/ui (#16804) * Plugins: move datasource specific meta out of the main meta type (#16803) * updates changelog for 6.1.6 * Fix: Fetch histogram series from other api route (#16768) * phantomjs: set web-security to true * Chore: Lowered implicit anys limit to 5668 * build: restore postgres integration tests (#16801) * docs: explain correct access control model of GCS buckets (#16792) * Chore: Fixed no implicit any Typescript errors (#16799) * Feature: introduce LdapActiveSyncEnabled setting (#16787) * Plugins: ReactPanelPlugin to VizPanelPlugin (#16779) * UX: Improve Grafana usage for smaller screens (#16783) * ThresholdEditor: Minor style fix for smaller screens (#16791) * Build: Use isolated modules for ts-jest (#16786) * LDAP Refactoring to support syncronizing more than one user at a time. (#16705) * build: removes unused vendored files * (fix/explore): remove vertical-align looks better for long logs (#16736) * Chore: bump jQuery to 3.4.0 in grafana/ui (#16781) * Devenv: Updated home dashboard and added new influxdb test dashboard * Chore: Lowered implicit anys limit to 5946 * RefreshPicker: minor design update (#16774) * Streaming: support streaming and a javascript test datasource (#16729) * GraphLegendEditor: use stats picker rather than switches (#16759) * Feature: add cron setting for the ldap settings (#16673) * Build: Disables gosec until identified performance problems (#16764) * Chore: bump jQuery to 3.4.0 including prototype pollution vulnerability fix (#16761) * elasticsearch: add 7.x version support (#16646) * Provisioning: Add API endpoint to reload provisioning configs (#16579) * Config: Show user-friendly error message instead of stack trace (#16564) * Chore: Lowered implicit anys limit to 5954 * Feature: Enable React based options editors for Datasource plugins (#16748) * sqlstore: use column name in order by (#16583) * user friendly guide (#16743) * Provisioning: Interpolate env vars in provisioning files (#16499) * admin: add more stats about roles (#16667) * Feature: Migrate Legend components to grafana/ui (#16468) * playlist: fix loading dashboards by tag (#16727) * CloudWatch: Use default alias if there is no alias for metrics (#16732) * Provisioning: Support FolderUid in Dashboard Provisioning Config (#16559) * Refactor: Make SelectOptionItem a generic type to enable select value typing (#16718) * docs: fix upgrade instructions * Chore: Small improvements to grafana-cli (#16670) * Chore: Use x/xerrors instead of pkg/errors (#16668) * Chore: a bit of spring cleaning (#16710) * Fixes #15863 (#16684) * Docs: Update notification services (#16657) * PanelQueryRunner: add datasource name to queries (#16712) * Chore: remove session storage references (#16445) * Dashboard: Minor settings UI Update (#16669) * Templating: Do not copy hide option (#16696) * Docs: Fix advanced variable formatting examples (#16691) * QueryEditors: pass PanelData and filtered PanelData to each editor (#16692) * Chore: remove extra logging (#16688) * DashboardSrv: export getDashboardSrv to react (#16687) * Refactor: split PanelQueryRunner into runner and state (#16685) * Docs: Googlechat provisioning config example (#16682) * TestDataDatasource: add the query refId to each result * AppPlugin: avoid app plugin navigation slowness (#16675) * Refactor: improvements to PanelQueryRunner (#16678) * Refactor: move getQueryRunner() to PanelModel (#16679) * Docs: initial backend plugins development guide (#16631) * build: remove dep config files since they are not used anymore * Fix typo in PULL_REQUEST_TEMPLATE.md * refactor: move timeInfo to DataRequestInfo (#16664) * QueryRunner: Move queryRunner to panelModel (#16656) * PanelQueryRunner: move error handling to QueryRunnerOptions (#16654) * refactor: Merge PanelChrome and DataPanel, do query execution in PanelQueryRunner (#16632) * Search: Fixed search issue introduced in recent PR (#16652) * Cloudwatch: fix for flaky tests (#16649) * UI: Remove old icons (#16335) * Search: Fixes search limits and adds a page parameter (#16458) * Chore: Upgrade lodash to v4.17.11 (#16645) * Chore: Lock dependencies (#16644) * tech: replace bmizerany/assert with stretchr/testify (#16625) * Chore: update yarn.lock (#16637) * Panel Plugins: pass query request/response to react panel plugins (#16577) * Explore: Adds logs highlighting in Explore on keypress (#16596) * Build: adding dependency used by extensions (#16622) * TimePicker: Re-add apply button in time picker (#16619) * Chore: refactor auth proxy (#16504) * Docs: updated help for changelog cli task (#16615) * replace dep with go modules (#16017) * Docs: Updated changelog for 6.1.4 * Heatmap: Fixed auto decimals when bucket name is not number but contains dots, fixes #13019 (#16609) * build: partially replace gometalinter with golangci-lint (#16610) * Explore & Dashboard: New Refresh picker (#16505) * Build: Fix missing icon typing (#16601) * Plugins: added missing prop to type * CloudWatch: GetMetricData refactoring & fix label handling (#16383) * Chore: prepare our SQL for cockroach db (#16471) * AppPlugins: fix app support and add an alpha example (#16528) * Switch: made minor styling tweaks to switch to align to 4px grid (#16593) * Docs: minor docs update for old urls * Chore: Add more explicit typing (#16594) * Chore: Lowered implicit anys limit to 5977 * Chore: Adds typings to lodash (#16590) * PanelEditor: Change Queries heading to Query (#16536) * Security: Store datasource passwords encrypted in secureJsonData (#16175) * More development dashboards (#16550) * build: upgrades to golang 1.12.4 (#16545) * Use package libfontconfig1, instead of libfontconfig (#16548) * Adjust Send on all alerts to default label (#16554) * Chore: Lower limit of implicit anys to 6676 * DirectInput: new alpha datasource that lets you enter data via CSV * Plugins: expose getBackendSrv() to plugins (#15268) * DataPanel: Added built-in interval variables to scopedVars (#16556) * TestData: Add minInterval query option * Chore: Remove implicit anys for DashboardModel and tests (#16553) * Pushover alert, support for different sound for OK (#16525) * Chore: Lowered implicit anys limit to 6816 * CloudWatch: Fix template variable expand bug (#16405) * CloudWatch: fix color order (#16408) * Plugins: Unifying alpha state & options for all plugins (#16530) * Revert "Build: Upgrades to go 1.12.3 (#16491)" (#16544) * Annotations: Annotation list style improvements (#16541) * QueryInspector: Now shows error responses (#16514) * Build: Upgrades to go 1.12.3 (#16491) * Build: Update master version number (#16532) * Elasticsearch: Format elasticsearch test dashboard json (#16537) * Update jwt regexp to include = (#16521) * Chore: docs fixes underscore formatting (#16516) * Fix: Pass missing maxDataPoints to query in Explore (#16513) * Fix: Recalculate intervals in Explore on run queries (#16510) * devenv: add elasticsearch v6 filebeat integration (#16493) * devenv: add worldmap panel panels for elasticsearch (#16313) * Plugins: Optionally preload some plugins during frontend app boot (#15266) * Panels: Add types for DataList and range (#16500) * Chore: Lowered implicit anys limit to 6818 * PanelData: Rename ColumnStats type to FieldStats (#16494) * DataSourceApi: add getCollapsedText(query) to DataSourceApi (#16482) * Graph: Add some typescript types for data (#16484) * Build: Updates goconvey to work on go1.12 (#16483) * Provisioning: Do not allow deletion of provisioned dashboards (#16211) * Chore: lower limit for implicit anys to 6829 * Singlestat-v2/Gauge: Show title when repeating (#16477) * Docs: fix grammar in query hint, tests, and documentation (#16444) * Heatmap: Fix empty graph if panel is too narrow (#16460) * Release: updated latest.json * Docs: Updated changelog * docs: fixes and update current version * Docs: Updated changelog for v6.1.3 * Graph: fixed png rendering with legend to the right (#16463) * Fix: Disables auto open datasource picker on focus (#16398) * add some mock/stub guidelines to testing guideline (#16466) * Feat: Suggestion list in Explore is virtualized (#16342) * Docs: Updated roadmap issue to link to the pinned roadmap issues * Graph: Fixed auto decimals in legend values (#16455) * Styling: Aligned heading (#16456) * add PromQL keyword for adhoc filter (#16426) * Singlestat: Use decimal override when manually specified (#16451) * Graph: follow-up graph decimals fix, #16414 (#16450) * Chore: use remote cache instead of session storage (#16114) * Docs: Minor changelog tweak * Docs: Updated changelog with v6.1.2 release issues * datasource: fix disable query when using mixed datasource (#16409) * Graph: Fixed series legend color for hidden series (#16438) * Templating: Fixed loading React variable query editor (#16439) * Styles: Fixed left menu highlight (#16431) * Fix: remove test artefact (#16411) * Theme: Reworking button styling (#16362) * Graph: Fixed tooltip highlight on white theme (#16429) * BarGauge: Round sizing to avoid float widths * Graph: Allow override decimals to fully override (#16414) * Units: Correctly use the override decimals (#16413) * Docs: Remove broken youtube link in timerange reference (#16415) * BarGauge: Fixed minor margin issue (#16419) * Docs: Updated GitHub PR Template * Bar Gauge: Show tile (series name) & refactorings & tests (#16397) * Fix: align panel padding between sass & js theme (#16404) * Fix: playlist now preserve the correct url query params (#16403) * Fix: Graphite query rendering fix (#16390) * Fix: Query editor toggle edit mode fix (#16394) * Refactor: Plugin exports & data source / panel types (#16364) * Chore: Update lockfile (#16380) * Alerting: Notification channel http api fixes (#16379) * Chore: Add task to find FocusConvey tests (#16381) * CloudWatch: Update AWS/IoT metric and dimensions (#16337) * Fix: Table Panel fix to re-render panel when options are updated (#16376) * Docs: Fix typo in Prometheus documentation (#16369) * build: Fixed incorrect permissions for repo folders in ci-deploy. (#16360) * Docs: remove embedd info about samesite cookie from app, docs only is better * Chore: Lowered error count limit * build: fixes bug in verification script. * Tech: Bump typescript and jest (#16354) * Automation: Updates to yarn cli cherrypick & changelog tasks (#16357) * Feat: Improve embed panel info text (#16344) * Fix: Cloudwatch fix for dimension value (#16356) * build: Script to check that our repos work and what the latest package version is (#16350) * Fix: Autoprefixer is now working (#16351) * Chore: docs updates to what's new for 6.1 (#16346) * build: Fix for renamed package for armv6. * Chore: bump storybook and add build script (#16340) * Refactor: React Panels to only use SeriesData[] (#16306) * Docs: Suggest add-apt-repository to install APT repos (#16333) * Units: Add angle units, Arc Minutes and Seconds (#16271) * Chore: Lowered implicit any limit to 6850 * Feat: Adds reconnect for failing datasource in Explore (#16226) * docs: improve alert notification channel provisioning (#16262) * Build: Moved the failing appveyor file so we can get green builds in master * Fix: Build report the correct directives before failing (#16312) * Fix: input elements autofill background (#16295) * Fix: Bring back styles on Switch components when checked * Chore: breaks build if certain FrontEnd limits are exceeded (#16301) * Fix: Graphite query ast to string fix (#16297) * Fix: Template query editor this bind exception fix (#16299) * Fix: Alerting Notification channel http api fixes (#16288) * Refactor: Move LogLevel and Labels utils to @grafana/ui (#16285) * Refactor: Rename Tags to Labels in SeriesData (simple) (#16284) * Elasticsearch: Fix view percentiles metric in table without date histogram (#15686) * Configuration: Improve session_lifetime comments (#16238) * Alerting: Makes timeouts and retries configurable (#16259) * Fix: Correct SnapshotData typing (#16279) * Feat: Angular panels & SeriesData to Table/TimeSeries (#16266) * Fix: React Graph & Show message on no data (#16278) * Feature: added actionable message in Explore when no datasource configured (#16252) * Feature: Case insensitive Loki search (#15948) * Feat: Singlestat panel react progress & refactorings (#16039) * Chore: Implement gosec (#16261) * Fix: Updated snapshot unit test that was failing * Refactor: Theme & Removed the last rems (#16245) * Refactor: Theme input padding variables (#16048) * Feat: More robust csv support (#16170) * Docs: Fix rpm dependencies example (#16272) * Fix: HTML meta tags fix for iOS (#16269) * Feature: Introduced CallToActionCard to @grafana/ui (#16237) * Refactor: Rename TimeSeriesVM to GraphSeriesXY (#16216) * Chore: Implement revive (#16200) * InfluxDB: Fix tag names with periods in alerting (#16255) * Fix: Table Panel and string values & numeric formatting (#16249) * Tech: Patch lib updates, update yarn.lock (#16250) * Chore: docs whats new article for the 6.1 release (#16251) * Chore: Storybook improvements (#16239) * Feat: Introduce Button and LinkButton components to @grafana/ui (#16228) * Chore: changelog adds note for #16234 * Fix: Prometheus regex ad-hoc filters w/ wildcards (#16234) * Chore: changelog notes for #13825,#15205,#14877,#16227 * Fix: Alert email variable name typo fixed (#16232) * Fix: scripts changelog cli per page set to 100 * Fix: Dashboard history diff & white theme fix (#16231) * Merge pull request #16241 from grafana/hugoh/no-implicit-any * Chore: Theme consistency, rems => pixels or variables (#16235) * Chore: Theme consistency, rems => pixels (#16145) * changelog: adds notes for #16229 and #16227 * Fix: Elasticsearch fix template variables in the alias field (#16629) * Fix: TablePanel column color style now works even after removeing styles, fixes #16162 (#16227) * Docs: Updated changelog for 6.1 release (#16224) * Alerting: Notification channel http api enhancements (#16219) * Upgrades: Patch updates to yarn lock (#16215) * Fix: DatasourceApi query response typing fix (#16214) * chore(influx): no point of reading response when bad status (#16212) * docs: loki provisioning * docs(dev): Update docs about devenv dir (#16208) * fix(dashboard): time regions spanning across midnight (#16201) * fix(InfluxDB): Reads body and close request body even for error status codes (#16207) * chore: more TableData to SeriesData renaming (#16206) * fix(panels/graph): Default option name for spaceLength was accidentally changed (#16205) * fix(explore): only show split close button when split is active (#16203) * fix(react2angular): Fixed react to angular wrapper watching function expressions causing infinte digest loop, fixes #16194 (#16196) * fix(Alerting): Fixed alert rules with eval in day units, fixes #16174 (#16182) * fix(panel/table): Fix for white text on white background when value is null * refactor(grafana/ui): Replace with Input component from grafana/ui (#16085) * fix(loki): Hide empty labels column * build: fixes publishing version. * refactor(data models): Renamed TableData to SeriesData (#16185) * chore(core/utils): Add typings to datemath.ts (#16195) * only call onPanelMigration when the version actually changes (#16186) * feat(explore): make it possible to close left pane of split view (#16155) * feat(Explore): make sure Loki labels are up to date (#16131) * build: makes sure grafana.version is available when deploying. * fix: added missing event to function signature Fixes: #16055 * build: refactoring * build: updated build container with support for rpi1. * build: support for publishing armv6. * build: builds armv6 with rpi1 compat gcc. * fix: added target and datasource as isMetric property Fixes: #15862 * chore: Removed implicit anys in react container and test helpers * Pamels: Options are always there * Panels: Support angular -> react migration via PanelMigrationHandler * Panels: Added more tests for change panel plugin * Panels: Refactoring how panel plugins sets hooks and components, #16166 * clarify notifications API docs * remove processTimeSeries * merge master * don't use process timeseries * rename stat to show in UI * use display value in pie chart * keep plugin versions * remove panel plugin setters * renamed float to flot * prevOptions should be optional * moved migration hook to its own function * Minor refactoring of stats picker / shared singlestat code * Makes it possible to navigate back/forward with browser buttons in Explore (#16150) * Moved DisplayValueOptions type back, #16134 * adding check for decimals * add one more test * Graphite: fixed variable quoting when variable value is nummeric, fixes #2078 * Minor refactoring of #16127 * Update provisioning.md * Graphite: Fixed issue with using series ref and series by tag, fixes #15237 * move typings to types, * Link license corrections * remove logging * add stat picker to single stat * removed option to not check strings * drop one level of nesting * cleanup and guess all columns * Small license correction * update cloudwatch metrics/dimensions list * Enable sass theme change in Storybook * replaced rems with pixels or variables * adding test * updating usages in singlestat * Sorting imports * adding function * Use grafana's logger implementation * another change that didn't come with earlier commit * change that didn't come with in last commit * reversed dashboard-padding * Update CloudWatch metrics/dimension list (#16102) * brought back dashboard-padding and panel-padding variables, made dashboard-padding more specific * replaced rem with pixels or variables * fix(prometheus): Change aligment of range queries (#16110) * fix, assign by event.time * Minor refactoring of testdata query order PR #16122 * simplify * deduplicate same value annotation * cleaner version * maintain query order * Remove sleeps in test code by overriding time.Now() * Update PLUGIN_DEV.md * Abstract encrypt/encode and decode/decrypt into their own functions * Rename dispatched commands to make them easy to grok * show all colums in graph * Use structured logging instead of printf * Make all http auth setting labels the same width * Merge with master, and updated logo and name * Rewrote creation of images tag * Added missing commas * Don't include non-existing image in MS Teams alert * cast to column * update table data model * show all columns in singlestats * fix(graphite): nonNegativeDerivative argument hidden if 0, fixes #12488 * Correct table names of sql storage for remotecache * more fixes to snapshot * more fixes to snapshot * Fixed gofmt issue in PR #16093 * removed empty space in snapshot * fix: Update snapshot related to new jest version * fixed snapshot for test * Regenerate lockfile due to the amount of merge conflicts. * removed dashboard variables, removed headings-font-family variable, created theme variables for links and z-index, removed unused class in _panel_editor and _dashboard * Remove commented code * flot pairs * add more functions and tests * Update org_user.go * Minor progress on fixing no-implicit any issues * refactor: merged types and updated references * Remove leftover from first iteration * Only keep certain query params when going to next playlist * Snapshot update * fix: ts issue on SelectOption test * chore: Bump react and react-dom to 16.8.4 * Update latest.json * Update templating.md * chore: cleaning up noimplicit anys in search_srv and tests progress: #14714 * Fix threshold editor color picker not working for custom colors * Updated comments * Updated threshold editor test * Re-render gauge / singlestat panels when changing options * fix: refactored so members are loaded by TeamPages and use hideFromTabs instead of filtering out children in navModel * teams: explains the external property of a team membership. * fix: fixed snapshots and permission select not beeing able to click * fix: new team link goes nowhere for viewers * teams: refactor so that you can only delete teams if you are team admin * permissions: removes global access to bus from MakeUserAdmin. * teams: local access to bus, moving away from dep on global. * teams: better names for api permissions. * teams: refactor. * permissions: refactor. * teams: refactor. * teams: hide tabs settings and groupsync for non team admins * teams: refactored db code. * teams: disable new team button if user is viewer * refactor: moved test from TeamMembers to TeamMemberRow * refactor: splitted TeamMembers to TeamMemberRow * teams: comment explaining input validation * teams: cleanup. * teams: cleanup. * dashboards: simplified code. * teams: disable buttons for team members * teams: moved logic for searchteams to backend * teams: viewers and editors can view teams * teams: editor/viewer team admin cant remove the last admin. * teams: changed permission to permission type instead of int * teams: defaulting invalid permission level to member permission level * team: uses PermissionType instead of int64 for permissions. * teams: editors can't remove the last admin from a team. * teams: tests use the new message for modifying team members. * team: renames teams.CanUpdate teamguardian.CanAdmin * teams: remov permission select for non admin users * docs: First take on describing feature toggle * config: updated feature toggle name * teams: cleanup. * dashboard: only admin permission added to dashboard in folder. * dashboards: better error handling * teams: team listing shows only your teams (editors). * teams: teams guard on all teams update methods. * teams: added delete team guard * teams: removed feature toggle as it is already in middleware * teams: added feature toggle and refactor tests * teams: cleanup. * teams: test refactorings. * teams: bugfix, user pointer. * teams: start of team update guardian for editors * teams: team update test * teams: change back to permissionlevel for Member to 0 * teams: make sure we use TeamPermissionLevel enum * teams: update only the selected user * teams: only write error message if error * teams: enabled so that user can update permission for team members * teams: feature toggle component * teams: test for update team member. * teams: can update team members permission. * teams: basic ui for permission in team members view * teams: editor added as admin for created teams. * teams: editors can work with teams. * teams: show teams and plugins for editors that can own * teams: make test cases pass again * folder: uses service to make user admin of created folder. * permissions: broken out func for making creator admin. * folders: admin for created folders * dashboards: user automatically becomes admin for created dashboards * fix(ci): frontend tests was accidentially commented out * Use SecretFormField in MSSql and Postgres datasources * Add SecretFormField component * Add possibility to pass custom input component to FormField * Allow angular react bridge to use kebab case attribute names * adding story and fixing tests * build: migrates the build container into the main repo. * build: updated deploy container with crcmod. * build: crcmod speedups rsync to gcp for deploy. * Update style_guides/backend.md * remove the error collector * Copied from new timepicker and unified component branch * docs: renamed file and added redux framework file * docs: moved examples to frontend.md * docs: intial draft for frontend review doc * Use ora#fail instead of console.log * reorder imports * test * rename to char * sorting imports * moving * Remove .only function * Add more patterns to no-only-test task * chore: Cleaning up implicit anys in DashboardExporter and tests progress: #14714 * rename reducer to statsCalculator * Great progress on bar gauge look * Explore: Fix log stats for long labels * calculate the column width * disable react table cell measure * dont test exists in the test... it will fail if not found * add random_walk_table scenario * adds backend code style guide * add test file * add startAt to random walk scenario * get values from base options * use singlestat base where appropriate * feature(explore/table): Add tooltips to explore table (#16007) * Update changelog * Bar gauge gradient mode * Bar gauge auto lcd cell count * Add check for Env before log * Update index.md * chore: Cleaning up implicit anys in manage_dashboard.ts and manage_dashboard.test.ts progress: #14714 * chore: Cleaning up implicit anys in app.ts progress: #14714 * panels: fix loading panels with non-array targets (add tests) * changelog: adds note about closing #15836 * set correct return type * panels: fix loading panels with non-array targets (refactor) * Bar gauge styling tweaks * panels: fix loading panels with non-array targets * changelog: adds note about closing #6359 and #15931 * add partial * no inheratance * improve single stat display * revert most options sharing * Refactoring the bar gauge and the orientation modes * add migration tests * renaming function * using refId from panel model * Tooltip: show percent instead of value * Add check so that header is not sent for anonymous users * Update config docs * Add custom header with grafana user and a config switch for it * changelog: adds note about closing #10816 * Right tooltip position * Add "No data points" message * use constants for cache type * makes variables template prettier complient * Make recently used auth_module test more robust by adding another 'log in' * changelog: adds note about #15744 * updates old distcache names * dont allow inifinite expiration * chore: Upgrade all babel related packages that is lagging behind * return error if cache type is invalid * Add more info to victorOps alert notifications * fix: papaparse must have gone missing during rebase * chore: Bump jest to 24 * fix: describe() should not be async * fix: Use proper syntax for plugin-syntax-dynamic-import * fix: Downgrade ts-node to 8.0.2 due to broken theme generation * chore: Bump ora * chore: Bump tslint (again) * chore: Bump axios * chore: Bump npm * chore: Bump glob * fix: Invalid css * chore: Bump clean-webpack-plugin, html-webpack-harddisk-plugin, postcss-reporter * chore: Bump file-loader and css optimizer webpack plugin * chore: Bump css-loader and remove minimize option since its removed in css-loader * chore: Bump npm packages and lock down some versions * chore: Bump mini-css-extract-plugin * chore: Lock down versions of expose-loader and html-loader * chore: Bump fork-ts-checker-webpack-plugin * chore: Prod builds should not cache * chore: Replace Uglify with Terser * chore: Bump webpack, webpack-bundle-analyzer, webpack-cli and webpack-dev-server to latest * reuse more gauge settings in bargauge * set the unit on time data * add error when not found * Added metric math docs * check types better * check types better * docs: Change type of 'tags' in annotationQuery result example to list * single hook * Change import path for social in the tests * Change import path for social since it has moved * generic repeater * generic repeater * Remove todo about index on user_id in user_auth because it exists * Add function in ds_proxy to handle oauthPassThru headers * Remove auth_module settings from oauthPassThru ui * Remove auth module from ds_proxy oauth test * Get most recent oauth token from db, rather than lookup by auth_module * Improve tooltip look * explore/logs: Hide empty duplicates column * merge master * fix for firefox checkboxes not appearing properly, added appearance as none * Always return most recently used auth_module from GetAuthInfo * used regex instead of string replacing * Fixed issue with alert links in alert list panel causing panel not found errors, fixes #15680 * Add comments * Add simple test for the ColorPicker * Use render props pattern in color picker * Move ColorPicker trigger to separate component and cleanup css * Improved error handling when rendering dashboard panels, fixes #15913 * fix return type * Only send ci metrics to hosted metrics instance * adding types * Added back branch guard * moved delete button from sidebar to general tab and renamed it * Refactoring the ci metrics a bit more making it easier to re-use * removed unused and very specific variables, also variables with same value as general variable * reduce loglevel to debug * Updated bar gauge snapshot * added some comments about state of components things * better comments * comment cleanup * force circleci to try again * format * touch * touch * make sure the validator is called before setState * API to fix/update properties before load * more tests * more options in storybook * adding simple widget to pick the reducer * heatmap: fix for negative values * Fixed more typescript no implicit any issues * Also push to ci metrics to new shared HM instance * move sort to table processing * Fixed type issues introduced by adding angular types * Typescript noAny fixes, start of a long journey * Updated code stats collection * Updated path to new script * POC on collecting metrics in ci process * changelog: add notes about heatmap issues #15683 #14019 * added two new variables in default theme for panel padding, replaced panelhorizontalpadding and variables.panelverticalpadding with new variables * renamed default variables: s -> sm, m -> md, l -> lg * removed gf-form-margin variable and replaced with space- variables where it was used * add table reducer * heatmap: able to hide buckets with zero value #12080 * s -> sm, m -> md, l -> lg * heatmap: fix prometheus buckets sorting, closes #15637 * s -> sm, m -> md, l -> lg * removed headings-margin-bottom variable * rename to displayValues * remove kbn test * more tests * use new settings * fix tests * make value processing reusable * Call ora instead of instantiating it * Added scopedVars argument in datasourceSrv.get in DataPanel * MutableColumn * cleanup after review * rename handleXXX to onXX events * torkel feedback * onCellClick * heatmap: able to reverse Y buckets order, #15683 * fix(explore/logs) not collapsing whitespace (#15737) * Refactoring of multi-value datasource PR #15812 * fixed minor misstake with dashboard padding * removed -margin, replaced with new general variables * Move oauth token migrations in user_auth_mig * heatmap: fix middle bucket bound for prometheus * Refactoring / fixing password hint PR #15868 * chore: Move sidemenu out of context service and use the logic we have in the router already for hiding the sidemenu * Fix deduplication results displaying wrong data (#15755) * added new space variables to margins in AddPanelWidget, add_data_source, dashboard_settings and sidemenu * use `Get` instead of `Find` * avoid exposing cache client directly * add docs about remote cache settings * renames distcache -> remotecache * renames key to cache_key * build steps for cache servers * code layouts and comments * rename put -> set * reverts package.json I made during the flight >.> * `memcache` -> `memcached` * removes memory as distcache option * test redis and memcached during integration tests * adds config to default settings * avoid exporting test helpers * uses set instead of add for memcache * adds memory as dist storage alt * extract tests into seperate files * avoid exposing internal structs and functions * heatmap: don't display cut cards * heatmap: fix error when series empty * heatmap: middle bucket bound option, #15683 * rotate! * added new variables for spacing, set margins in _cards with new variables * better css * Revert "Fix Datasource Update to no User/Password" * rotate! * fix imageurl in notification test * add comment * attach themes to table story * reuse deprecationWarning * move to string.ts * move stringToJsRegex * get field mapping to actually work * add variable size storybook * cell builder cleanup * minor storybook cleanup * fix typos * autofill space rather than force with/height values * return table directly, not the debug info * Minor fix in values to histogram conversion * Fix histogram x-axis min/max * moved utillities to util * Change xaxis min and max form input types to number * Fix histogram xaxis min/max tests * Optionally set histogram x-axis min/max * table using MultiGrid * cleanup * cleanup * adding toolbar * adding stub table input CSV * docs: Fix indentation level for OAuth2 config * docs: update CONTRIBUTING.md * merge master * docs: update slack alert notification settings * docs: update admin and user http api documentation * feat(api): support list/revoke auth token in admin/current user api * support get user tokens/revoke all user tokens in UserTokenService * @grafana/ui - release docs v1 (#15835) * Minor refactoring of copy tags when saving feature, #15446 * Simple implementation for preserve tags, closes #11627 * Updated prettierignore * Refactoring of PR #14772 * Simple storybook * fix typo in pr template * add nil/length check when delete old login attempts * Minor refactoring of new react text panel * Improve rendering * fix allow anonymous server bind for ldap search * changed all rems to pixels in defaults and template, changed back root font size * piechart -> pieChart * Rename: Piechart -> PieChart * Import only what is used from d3 * less nesting and add test * remove type field and add helper functions to check if data isTableData * add storybook * fixes typo in redis devenv * add support for memcached * add support for redis storage * add garbage collector for database cache * test at interface level instead impl * cache: initial version of db cache * don't include stuff from app/... * fix scss * rename to Table * rename to Table * fix type errors * move to grafana/ui * better sort function * use TableData, not interface * Make password hint configurable from settings/defaults.ini * move toTableData to grafana/ui * don't require x & y columns for timeSeries * use TableData for timeseries in react * Update README.md * heatmap: reduce number of legend segments to reasonable value and round x values to prevent gaps * heatmap: fix legend padding * heatmap: fix legend for small values, #14019 #15683 * status: alpha * changed root font to 100%(default 16px), changed font-size from px to rem, updated rem sizes in template and default.ts files, removed display classes and variables since not used, removed lead class and variables since not usedremoved serif font since not used and probably never should be used * Update core:start cli command to watch theme changes again (#15856) * Updated pull request template * Updated pull request rtemplate * Removed title case from issue template title * Updated issue template titles * Updated issue templates * Updated templates * fix: Update error message and replace npm with yarn #15851 * fix: Make sure we dont add &autofitpanels to the url if it already exists #15849 * fix: Update test snapshot * fix: Logo goes Home instead of toggling side menu #15482 * Update upgrading.md for wrong spell * remove _ * cleanup * use pure component * return the same panelData unless it changes * sortable class * Map dataSourceTypeSearchQuery state from redux to search input. * move rendering to its own file * try virtualized * Initial tooltip * Minor refactoring of PR #15770 * Revert "Fix for leaving playlist mode" * Alternative fix to detecting when to stop a playlist, fixes #15701 and #15702 * fix discord notifier so it doesn't crash when there are no image generated * fix: Consistency in unit labels #15709 * Update latest.json * Run prettier * position from add panel, dimensions from copied panel * Fix donut rendering * Run prettier * Fix pieType change * changelog: add notes about closing #14509 #15179 * Render svg instead of canvas * fix: Add class for input fields with help icon to avoid icon hiding the text #15771 * restore to current folder when restoring old dashboard version * fix(renderer): Vendor ansicolor as typescript * log phantomjs output even if it timeout and include orgId when render alert * keep size from copied panel and not from add panel widget * Added basic cherry pick helping task * Prevent search in VizPicker from stealing focus (#15802) * fix only users that can edit a dashboard should be able to update panel json * Updated changelog task * Fixed image rendering issue for dashboards with auto refresh, casued by missing reloadOnSearch flag on route, fixes #15631 * use props.replaceVariables rather than templateSrv * Updated to add PR author, skip PR issue references * Added first iteration/poc of changelog task * Enable @grafana/ui version bump based on package.json contents * Fixed styling of gicon's in dropdown menus * cleanup plugin versions * use explore icon * fix comments * typescript functions on replace * remove console.log * add ScopedVars to replace function * Make datasource variables multiselect and dashboard repeatable * set height * add test file (ignored) * fix variable name * use typescrit in angular table * use react-table * add a basic alpha react table * Ensure clean master only when publishing package to npm * Remove log * Ensuring master branch when performing release * upgrade xorm packages to latest versions * Expose onQueryChange to angular plugins * docker: update prometheus2 block to version 2.7.2 * use replaceVariables * Add a keybinding that toggles all legends in a dashboard * fix allow anonymous initial bind for ldap search * changelog: adds note for #8253 * prettier * Aftermerge fixes * use default min interval of 1m for sql datasources * changelog: adds note about closing #15608 * Fixed scrollbar not visible due to content being added a bit after mount, fixes #15711 * Added comment to Docker file * moving * style: add gicon-shield to sidemenu class Closes #15591 * remove `UseBool` since we use `AllCols` * fix: Move chunk splitting from prod to common so we get the same files in dev as prod * fix: update datasource in componentDidUpdate Closes #15751 * changelog: add notes about closing #15739 * Moved Server Admin and children to separate menu item on Side Menu (#15592) * update version to 6.1.0-pre * Viewers with viewers_can_edit should be able to access /explore (#15787) * Fixed scrolling issue that caused scroll to be locked to the bottom of a long dashboard, fixes #15712 * reordered import * Wrapperd playlist controls in clickoutsidewrapper * Turn off verbose output from tar extraction when building docker files, fixes #15528 * Hide time info switch when no time options are specified * Made sure that DataSourceOption displays value and fires onChange/onBlur events (#15757) * Updated react select fork to 2.4.1 * utils: show string errors. Fixes #15782 * Update frontend.md * Update frontend.md * Minor refactor of cli tasks (core start, gui publishing) * Fixed url of back button in datasource edit page, when root_url configured (#15759) * use onOptionsChange * use replaceVariables rather than onInterpolate * use updateOptions rather than onChange * changelog: add notes about closing #15650 * changelog: add notes about closing #15765 * fix: Kiosk mode should have &kiosk appended to the url #15765 * changelog: add notes about closing #15077 * org admins should only be able to access org admin pages * only editor/admin should have access to alert list/notifications pages * Added MaximumUsedTransactionIDs metric to list of AWS RDS metrics. * fix: When in tv-mode, autofitpanel should not take space from the navbar #15650 * devenv: fixes incorrect influxdb config. * Fixes #15739 * Don't mutate seriesList parameter in mergeSeriesByTime (#15619) * new stable docs version * Fix: #14706 Incorrect index pattern padding in alerting queries * fix * changelog: adds note about closing #14239 * fix: prevent datasource json data stored as nil (#15508) * changelog: adds note about closing #10506 * changelog: adds note about closing #15651 * Return 404 on user not found (#15606) * Catch bad regex exception at controller level * Prettier fix * Add PiechartOptionsBox * docs: missing field added to example * 11780: invalid reg value can cause unexpected behaviour * Fixed right side scrollbar margin on dashboard page * fix: Return url when query dashboards by tag * Fix prettier * Initial rendering * Add PiechartType enum * Install d3 * Remove extra props * Removed commented code * Fixed alias in Cloudwatch Expressions * Explore: Enable click on name label * Bumping grafana ui version (#15669) * Style and grammar fixes * big text option * Need this to be available for plugins * service: fix for disabled internal metrics. * docs: 6.0 whats new * Toggle stack should trigger a render, not a refresh * Updated latest.json with 6.0 * docs: grafana 6.0 has been released. * moves social package to /login * moves tracing packge into /infra * changelog: adds notes for #14509 and #15179 * graph: fixes click after scroll in series override menu * moves metric package to /infra * Explore: Make sure line graphs get different colors * stackdriver: change reducer mapping for distribution metrics * stackdriver: fix for float64 bounds for distribution metrics * update * style tweaks * Refactoring orientation stuff * Refactoring bar gauge * Refactoring bar gauge * Added missing file * refactoring repeater and code in gauge and bar gauge to reuse more code * docs: link to azure monitor from what's new in v6.0 * Fixed value dropdown not updating when it's current value updates, fixes #15566 * docs: tweaks to AzureMonitor docs * Added feature toggle to defaults.ini and sample.ini after PR comments * Moved variable to config struct after PR comments * Added feature toggle editors_can_own * updates all cols except created so user and password of the database can be chaned to no user and password * Fixed bug with getting teams for user * Improve Loki logs render with ANSI colors (#15558) * grafana/ui 6.0.0-alpha.0 release version bump * removed color in color variables names * changelog: add notes about closing #15303 * changelog: add notes about closing #1441 * update changelog * grafana/ui 1.0.0-alpha.0 release * Update grafana/ui readme * docs: landing page update * Bring back plugins page styles * docs: layout fixes * prettier fix * Make published package public by default * docs: fix link * docs: fix order of datasources in menu/index and update alert support * Fixed prettier issue in color picker * Update docs to match current npm scripts * Added keywords and description go grafana/ui package * Fixed failing tests because of circular dependency * Fix version and name in grafana/ui package.json * Imports updates * Implemented scripts for building and releasing grafana/ui * changed some more color variables to use variables * fixed tests * panel: defensive coding that fixes #15563 * Minor fix/polish to gauge panel and threshold editor * copying options between visualizations * fixed issue in dark sass template * Updated body & page variables to use variables from code theme * updated building from source docs * fixed snapshots failing in master * Synced variable template files * fix: mysql query using __interval_ms variable throws error * Fixed scrollbar issue introduced in theme changes * Fix build * minor touch ups * Fix heading levels in generic-oauth.md * updated colors in light, dark and theme files, in template file basic colors uses variables from dark/light files, also changed to -basic in some files * ValueOptions -> PiechartValueEditor * Make it build * fixes * added orientation option * export PiechartDataPoint from @grafana/ui * change valueOptions * get label and color from series * prettier fix * PieChartDataPoint -> PiechartDataPoint * Rename PieChartPanelEditor to PiechartPanelEditor * docs: adds Azure Monitor docs * Fix blue in dark theme * Readme update * Minor fixes * Review fixes * Fixes after merging #15468 * Pass dashboardModel to PanelCtrl class. Fixes #15541 * Add piechart to builtInPlugins * logo: svg -> png * Remove old overwritten sass vars * first draft of repeater component * docs: howto for recreating our debian repositories. * fix: Filter out values not supported by Explore yet #15281 * Bump Prettier version (#15532) * updated theme variables to master * updated theme template files variables to master * add new issue templates * Fixes #15506 * chore: graph2 panel plugin should use the new ReactPanelPlugin from @grafana/ui * fix: Have the tab param removed from the url when leaving edit mode #15485 * reduce loglevel to debug * Fixes #15505 * fix native annotation filtered by template variable with pipe * Fixed navbar backbutton padding * Updated explore icon and style tweaks Lowered icon size and improved paddings, tried to align placement between dashboard and explore * Display graphite function name editor in a tooltip * Fixing array direction, adding simple render test, fixes #15478 Fixed unit test and updated gauge Added migration for threshold order * changelog: adds note for #15500 * fixed page-header-bg * cli: chmod 755 for backend plugin binaries * reversed most of grays in dark theme * Fixes #15477 * Changed how react panels store their options (#15468) * Remove maxDataPoints and interval props from props to remember in panel model * Fix typo in view mode cykle button * Variables regenerated * Make clear that variable scss files are generated from templates * Fixed spelling issue in templating docs * Removed primary class from Add Query button, and changed name of Panel Options tab o General Options * improved formatting of variable docs * Datasource docs for Loki * Replace require with import in start task * Added enable_gzip documentation (#15322) * Add Lux to units * Fixed issue with PanelHeader and grid-drag-handle class still being applied in fullscreen, fixes #15480 * Began work on handling panel type switching and keep setting * Fixed unit tests * Fixed gauge issue that will require migration later and also value options editor did not handle null decimals or 0 decimals * Added missing Gauge props * Bar gauge icon updated * Added bar gauge icon * Began work on adding options * Added basic tests * bar-gauge storybook * Began experimenting with a bar gauge * Also remove nested options prop that was there due to bug * Moved gauge value options into a sub oject and made editor more generic, will be moved out of gauge pane later and shared between singlestat, gauge, bargauge, honecomb * Added a ReactPanelPlugin as the interface that react panels export, this way react panels have clearer api, and gives us hooks to handle migrations and a way for panel to handle panel changes in the future * Changed how react panels store their options * Fixed prettier issue (#15471) * Initial commit * Added bar gauge icon * Began work on adding options * Added basic tests * run db tests in all packages * bar-gauge storybook * new dark-3 became new dark-2, created new lighter dark-3, changed panel-bg, empty-cta etc to dark-2 * Began experimenting with a bar gauge * docs: suggested changes * docs: fix header * fixed handling of alert urls with true flags, fixes #15454 * Fixed dashboard navbar buttons being visible in fullscreen, fixes #15450 * Added missing strict type checking options to grafana/ui and fixed type errors * Extracted common code for diff calculation * fix spelling error * whats new: rename security section * Fix percent_diff calculation when points are nulls * Restored loading spinner to DataPanel * rearrange bullet points in PR template * added another error message scenario * link to contributing guidelines in pr template * Fixes to error handling and clearing, also publishing of legacy events so old query editors work with react panels fully * contributing: adds link to help wanted label * contributing: adds link to our CLA * removes testing instruction from contributing doc * docs: move alerting above session * docs: mention samesite setting * increased blue in dark-1-5, dark-3 and dark-4 * docs: adds note about new login cookie name * changed color for blue light in light theme + small changes in naming etc * Add missing nodemon dependency * make bug/feature titles more verbose * mentioned closes/fixes for new features * docs: improve removal of session storage for what's new in v6.0 * docs: add upgrade notes for v6.0 * docs: add note regarding auth proxy and user session requirement * docs: fix typo * removed more unused variables, restyled scrollbar * allow 90 percent of alertTimeout for rendering to complete vs 50 percent * Fixed issue with sass variables used from typescript, the prettier lowercases export variables * using error callback from datapanel instead * docs: add availability note regarding non-compliant providers * Fixed sass vars template files * Added deprecation warning to npm watch script - use start script instead * added new dark variable to dark theme(the color used for page-bg), changed some backgroud colors that doesn't use variables to use variables, made some slight tweaks to dark variables, fixed so item hover is the same as card hover * Simple CLI for running grafana in dev env * Added common theme variabless generation, created GrafanaThemeCommons interface * contributing: improve guide for bug fixes * Changed devenv default data source to testdata * added support for influxdb non_negative_difference function in tsdb * added support for influxdb non_negative_difference function in tsdb for alerting * Remove precommit from npm scrips * More files that has fixed with prettier * Added prettierignore and check script * devenv: use grafana:dev image in ha test per default * devenv: send nginx logs to loki in ha test * devenv: proper fluentd conf for grafana and loki * devenv: use grafana/fluent-plugin-loki * devenv: trying to make fluentd with inoffical fluent-plugin-loki work * fixed issue with updatePopperPosition * Prettier had not been running as a precommit hook for some time so had to run in on all files again * removed _plugins.scss and _settings_permissions.scc, removed unused classes in _login.scss, reduced dark variabels in light theme and alignied light theme a bit with dark theme, turned blue-gray, dark-3 and panel-bg variables into one variable and removed gray-7 in dark theme * feat: Add EmptySearchResult ui component and use it in VizTypePicker * Revert "feat: Add css-support for invalid form input elements" * Revert "feat: Highlight vizpicker input when there are no panels matching the search query" * Regenerating variabless sas on theme edit v1 * Fixed a minor plugin json lingering issue * Removed some icons in action button Trying to align some title case issues * implement show error in panelcorner * Forgot about the snapshots * Renamed to FilterInput and added label and search icon * feat: Highlight vizpicker input when there are no panels matching the search query * Updated a few plugin json files with dataFormats * feat: Add css-support for invalid form input elements * remove comments * bubble error from datapanel to panelchrome * Changed noQueries to a dataFormats array that will allow a panel to define supported formats and prefered (first in array) * use authtoken for session quota restrictions * Fixed issues with double page body and husky pre-commit hook * fix: No need to have edit permissions to be able to "Save as" a dashboard * Revert "chore: wip: Replace brace with ace-builds to get latest version of ace" * chore: wip: Replace brace with ace-builds to get latest version of ace * fix: Error tooltip should have white text on red background. Not red text on red background * Move explore selectors to a separate file * removes unused session code * chore: Rename renderPanel to renderPanelBody * chore: Rename renderDataPanel to renderPanel * chore: Rename renderHelper > renderDataPanel and move logic to smaller functions * chore: PR feedback, shorten boolean check * chore: Rename isDataPanel to noQueries * chore: Only show Queries tab for panel plugins with isDataPanel set to true * feat: Only use the DataPanel component when panel plugin has isDataPanel set to true in plugin.json. And fix PanelData when using snapshots * feat: Add util to convert snapshotData to PanelData * feat: Introduce IsDataPanel attribute to plugin.json * fix: Add missing typing * Fixes #15372 with number input and parseFloat * Revert "hard move" * chore: PR feedback, shorten boolean check * chore: Rename isDataPanel to noQueries * Merge with master * Found another input that was tied to a regexp * Fixes bug #12972 with a new type of input that escapes and unescapes special regexp characters * enable testing provsioned datasources * Fixed elastic5 docker compose block * Added one more test case for color resolving helper * Fix error caused by named colors that are not part of named colors palette * Fixed issue with gauge requests being cancelled * Update package.json * changelog: adds note for #15363 * Move deduplication calculation from Logs component to redux selector * style tweak to alert * Removed plus icons * hard move * restoring green CTA * Removed double page container * chore: Only show Queries tab for panel plugins with isDataPanel set to true * Removing default thresholds values. * adds edition to build_info metric * Updated lint-staged * changelog: adds note for #14623 * Fixed double page class on api keys and org details page * Color tweaks * azuremonitor: don't use make for maps and array * changed back to old green in light theme * changelog: add notes about closing #15258 * changelog: add notes about closing #15223 * changelog: add notes about closing #15222 * changelog: add notes about closing #15122 * changelog: add notes about closing #15219 * changelog: add notes about closing #14432 * update changelog * changelog: adds note for #15131 * changelog: add notes about closing #15284 * Fixed issue with light theme introduced by #15333 * devenv test dashboard * minor style update * revert ds_proxy timeout and implement dataproxy timeout correctly * changelog: adds note about closing #15295 * azuremonitor: fix auto interval calculation on backend * Minor style fixes * Remove not related code * make sure opentsdb takes dashboard timezone into consideration * make sure influx takes dashboard timezone into consideration * Do not read store state from toggle panelaction creator * make sure graphite takes dashboard timezone into consideration * Review changes * return series label if selected stat is name * Fix plugin loading failure message not being displayed * fixes invalid folder check * extract notifiers folder creation to new if statement * interval: make the FormatDuration function public * Fixed missing time axis on graph due to width not being passed * make sure notifiers dir exists for provisioning in docker * should be able to navigate to folder with only uid * renames usage state name for auth token * Clear visualization picker search on picker close * Update README.md * changelog: adds note about closing #15288 * v1 * removed extra semi-colon * Commented out the Loki dashboard query editor * added old green to dark-theme * Fixed issue with logs graph not showing level names * set secondary to new blue * removed unused directive * Fixed issue where double clicking on back button closes sidemenu * changelog: add notes about closing #8570 * update changelog * changelog: add notes about closing #14233 * changelog: add notes about closing #15189 * changelog: add notes about closing #13324 * azuremonitor: small refactoring * azuremonitor: handles timegrain set to auto on backend * Navbar back button, no title edit this time * provide time range to angular query controllers * azuremonitor: add test for dimension filter * azuremonitor: refactor azure monitor api code into own file * azuremonitor: handle multi-dimensions on backend * use timeSrv in metricFindQuery as timeRange * remove unnecessary spy * azuremonitor: add support for aggregations on backend * Fix formatting * Add aws ec2 api metrics for cloudwatch * Improve usability showing disabled lines in forms * Fixed issues with plus button in threshold and panel option header, and current state in viz picker, fixes #15329 * support three letter hex color strings * azuremonitor: simple alerting for Azure Monitor API * use unique datasource id when registering mysql tls config * azuremonitor: builds a query and sends it to Azure on the backend * mark packages as Apache license * Minor refactoring around theme access * Use TS instead of JS to store theme variables at next * Do not use js theme variables in sass (poor dev experience for now) * Update config mock in metrics panel controller test * ldap: refactoring. * ldap: fixes #14432. Fix for IPA v4.6.4 * ldap: adds docker block for freeipa * feat: Only use the DataPanel component when panel plugin has isDataPanel set to true in plugin.json. And fix PanelData when using snapshots * feat: Add util to convert snapshotData to PanelData * feat: Introduce IsDataPanel attribute to plugin.json * fix: Add missing typing * slight tweaks * fixed explore width-0 issue, fixes #15304 * Persis deduplication strategy in url * Support ANSI colors codes in Loki logs * adds usage stats for sessions * Panel edit navbar poc * make sure to create provisioning/notifiers directory for deb and rpm packages * log root cause error when reading from provisioning directories * moves usage stats sender to new package * changelog: add notes about closing #15291 * Removed unnecessary code from ColorPicker and extended theme type * Selecting theme variable variant helper function * added reducers tests * update docs * added way to test action called from react component * Added annother initDashboard test * removes cleanup setting from docs * make hourly cleanup the default behavior * fix single gauge * removed direction and series mode options, cleaned up the code somewhat * Simplified condition * support json format templating * support /api/v1/labels * devenv: update ha test and load test * run token cleanup job when grafana starts, then each hour * Added another error object message detection * Fixed some remaining issues * Improved dashboard page test * Improved dashboard page test * Big refactoring for dashboard init redux actions * Fix SemVersion.isGtOrEq * making changes suggested in review and improving typings * fix * show timeseries label under gauge * Minor cleanup * Added test for SASS variable retrieval function from JS definition * Updated stories to use new theming * move authtoken package into auth package * vertical and horizontal, removed mode option * move UserToken and UserTokenService to models package * Add failing test * Rename version_test to version.test * change UserToken from interface to struct * replaced some hex values with variables * some changes i forgot to save in first push in variables.dark * removed trailing whitespace * removed unused theme variables, removed empty sections, aligned the order of sections in the files * combine mode with avg value * Fix issue with graph legend color picker disapearing on color selection * changelog: add notes about closing #12546 * Added a basic test for initDashboard thunk * docs: update annotaions http api * azuremonitor: improve autocomplete UX * Added DashboardPage tests that tests view mode transition logic * azuremonitor: fix autocomplete menu height * Revert "chore: Replace sizeMe with AutoSizer in DashboardGrid" * Revert "chore: Remove react-sizeme" * fix spelling * wip: tests * middleware fix * enhanced expiration logic for lookup token * changelog: add notes about closing #15265 * Address review comments * auth token clean up job now runs on schedule and deletes all expired tokens * changes needed for api/middleware due to configuration settings * change configuration settings in auth package * document login, short-lived tokens and secure cookie configurations * refactor login/auth token configuration settings * remove unused code * Added ServerlessDatabaseCapacity metric to list of AWS RDS metrics. * changelog: add notes about closing #8207 * Minor code simplification * Delete template.html * cloudwatch: Add tests for resource_arn template query * cloudwatch: Add resource_arns template query function Implements feature request #8207 * update to aws-sdk-go v1.16.15 * Updated add panel related flows * Update types and themes usage in components * Implemented theme context and renamed/moved theme related types * refactor panel * changelog: adds note for #15182 * Breaking init dashboard up in to fetch & init * stackdriver: fixes #15182 * Closing timepicker when clicking outside the picker * Optimized so we only do checks when dropdown is opened * stackdriver: add some more typings * Fixed so that we close angular TimePicker when user clicks outside the dropdown * Moved remove panel logic to dashboard srv * first working draft * Removed unused controllers and services * Improved error handling * fix: Update snapshot * chore: Explore: Remove inner AutoSizer, spread the size-object to width/height, change height type to number * chore: Remove react-sizeme * fix: Calculation issue with AutoSizer in explore * chore: Replace withSize with AutoSizer in explore/Graph.tsx * chore: Replace sizeMe with AutoSizer in DashboardGrid * Prevent viewers from going into edit mode * Expand rows for panels in collapsed rows * Basic loading state for slow dashboards * Fixes #15223 by handling onPaste event because of bug in Slate * Fixed add panel should scroll to top * minor layout change, simple render test * azuremonitor: improve autocomplete experence * docs: fixes #14940 * Added custom scrollbar and remember scroll pos to jump back to same scroll pos when going back to dashboard from edit mode * created new color variables, changed primary to blue, changed success-btns to primary-btns. * azuremonitor: more autocomplete suggestions for built-in functions * Updated playlist test * added missing typing to explore props * added comment to initDashboard * improve the stackdriver logo * Fixed so onBlur event trigger an QueryChange and QueryExecute if values differ * Renamed initialQueries to queries * Added PATCH verb end point for annotation op * move auth token middleware/hooks to middleware package * auth package refactoring * render after leaving fullscreen * added flags to vizpicker from query param * Added playlist controls to new react DashNav * Fixed lots of loading flow issues and updated solo route page * Set page title on dashboard load * now /api/login/ping returns Response * Added handling of kiosk mode * WIP Enable js defined theme to be used in SASS * fix: Explore: Query wrapping on long queries #15222 * azuremonitor: fix where suggestions * prepping go to visualization * azuremonitor: use kusto editor for App Insights * basic layout * fixed unit test * Made dashboard view state srv panel view state obsolete * fix: Set ace editor min height to avoid problem with scrollbar overlapping ace content #15122 * Missed to save * fix: Data source picker in panel queries options should overlap content below, including ace scrollbar #15122 * Fixed handling of orgId * Fixed template variable value changed handling * Fixed bug with removing a QueryRow thats not part of nextQueries * Now handles all dashbord routes * Replaced intialQueris with queryKeys * fix util for splitting host and port * azuremonitor: where clause autocomplete * azuremonitor: don't go back to dashboard if escape pressed in the editor * azuremonitor: suggest tables initially * azuremonitor: add more builtin functions and operators * Reverted redux-logger * Added more typings * added submenu, made sure submenu visibility is always up to date * changelog: add notes about closing #14231 * Removed modifiedQueries from state * fixing logging action * devenv: switching back using loki master plus various fixes * Fix save provisioned dashboard modal * Merge with master * Refactor of action, actionTypes and reducer * More types and some refactoring * Alignment of interfaces and components * Removed the on every key change event * Add AWS/Neptune to metricsMap and dimensionsMap * added time picker * refactorings and cleanup * mssql: pass timerange for template variable queries * improving dash nav react comp * fixed panel removal * Added more buttons in dashboard nav * wip: progress * Url state -> dashboard model state sync starting to work * Dashboard settings starting to work * wip: dashboard in react starting to work * wip: minor progress * wip: dashboard react * base64 encode encrypted oauth token fields * Add string quote func * Remove option used to control within browser * Remove length from text columns * Add oauth pass-thru option for datasources * did not add file, removing centerered * Legend toggle should only trigger a re-render, not a refresh * first stuff * updated snapshot * Adding pointer to colorpicker * Minor post review changes * More style tweaks to panel option group add button * Made some style tweaks * setting margin on label * Make runQueries action independent from datasource loading * fixing test * add button in header * minor fix * Made really good progress on loki support in dashboards * Temporarily run queries independently from UI state of explore panels * Remove extra newline * Clearify the Run from master instructions * Use slate-plugins from app/features/explore * Remove newline && runner plugins * Move prism to app/features/explore * Restoring explore panels state from URL * Remove version.ts * introduce samesite setting for login cookie * sending paneldata to component, gauge can handle table data * always delete session cookie even if db delete fails * New solo panel route working in all scenarios I can test * Removed unused factory and fixed index based mapper lookup * Fixed dashboard row title not updating when variable changed, fixes #15133 * Removed comment from panel editor * signout user if /api/login/ping returns 401 unauthorized * must return json response from /api/login/ping * adds more tests signing out session * changes some info logging to debug * wip * tailing grafana logs and temporaily using an older build * add missing ngInject annotation * renames signout function * delete auth token on signout * typing data * changelog: adds note about closing #10780 * Do not render time region line or fill if colors not provided * Fixed row options html template location, fixes #15157 * creating table data type * wip: New react container route for solo panels that supports both angular and react panels * build: enterprise release co project. * Fixed another type of fluent reducerFactory * Moved dashboard state components to state folder * Moved time_srv to services folder, this should not belong to dashboard feature but it is too dependant on dashboard to move it out now, needs a bigger refactoring to isolate from dashboard * Moved a few things around * Removed then clauses, no need to test the test within the test * Updated what's new article * Added reducerTester, reducer tests and tests * Removed ActionTypes and fixed a noPayloadActionCreatorFactory * Replace usages of kbn.valueFormats with ui/getValueFormat * Refactored Datasources as POC * Fix anchor * Added download links to docs * Updated docs * Updated version again * Updated version and made some changes to changelog and what's new article * docs: Added version notice for time range variables * Added loki video * spell fixes * chore: Add typings for react-grid-layout and react-virtualized * fix: Don't open panel menu when dragging (react-)panel in dashboard #14946 * chore: Add missing typings in PanelResizer * chore: Fix typings and remove bindings for arrow functions in DashboardGrid * Updated explore section again * Updated explore section * fixe merge issue * updated what's new article * adjusting types to match * Add storybook script to run it from root dir * Minor change to Action interfaces * Simplified inteface for reducerFactory * Fixed a small bug and added case sensitivity * docs: whats new tweaks * Added reducerFactory and tests * Minor updates to text and image placements * docs: add video link to what's new * whats new: note about session storage * first implementation * Added actionCreatorFactory and tests * whats new: provisioning for alert notifiers * Rename SetInitialQueries action to QueriesImported * Add missing code * changelog: adds note for #15129 * docs: update to what's new * docs: wip - what's new for 6.0 * Minor style fix to button group * Fixed failing unit test * Added basic docs * Minor refactoring and adding some typing * changelog: add notes about closing #14709 * fixed sqlite issue introduced by #14709 * Change primaryAggregation to crossSeriesReducer in Stackdriver * update changelog * changelog: add notes about closing #12764 * fix: Remove legacy title-prop and update document.title when navModel is changed #15108 * Explore: query field should not propagate non-text change * Wait for queries to be imported before proceeding with datasource change * removing alpha * Remove commented code * Tweaked panel option group styles * Import queries before datasource is changed * fixed prettier on switch component * adding from and to built in variables * azuremonitor: adds macros to slate intellisense * Fixed issue with explore changeTime redux action not being hooked up, fixes #15115 * Fixed explore query editor styling issues * azuremonitor: remove wrong completions * azuremonitor: autocomplete on enter * Progress on tooltip style update * azuremonitor: fix tests * devenv: loki provisioned datasource * azuremonitor: revert "memory for webpack build" * Azure Monitor: replace monaco by slate with initial Kusto syntax * docker: block for loki * Make language provider cancelable in Loki and Prometheus QueryField, to avoid setting state on unmounted component * Add util for handling promise cancelation to avoid setting state on unmounted components * stackdriver: remove beta notice from config page * increasing font size on longer strings * magic number solution * Propagate event to onChange prop in Switch component * two minor bug fixes introduced in recent refactorings * Minor progress on react query editor support, solving updating query persisted state * did some styling changes * Updated Explore query styles to align them to other query editor to make them fit in better * chore: Fix typings and add Page-component to FolderPermissions #14762 * chore: Fix typings and add Page-component to ServerStats #14762 * chore: Fix typings and add Page-component to AlertRuleList #14762 * chore: Fix typings and add Page-component to DataSourceDashboards #14762 * fix: Add plugins to StoreState interface * chore: Fix typings and add Page-component to NewDataSourcePage #14762 * chore: Fix typings and add Page-component to DataSourceSettingsPage #14762 * chore: Fix typings and add Page-component to FolderSettingsPage #14762 * test: Updated snapshot * chore: Fix typings and add Page-component to TeamPages #14762 * fix: Add pageName default to avoid "Loading undefined..." * changelog: adds note about closing #10487 * pkg/util/{filepath.go,shortid_generator.go}: Fix golint issues * pkg/util/{ip.go,url.go}: Fix some golint issues * pkg/util/*: Add missing function comments. * docs: updates docs to refer to using uid * azuremonitor: increase memory for webpack build * gofmt issue * moves test files into testdata folder * renames alert_notifications -> notifiers * changelog: add notes about closing #14711 * update inline documentation * extract parsing of datasource tls config to method * extract tls auth settings directive from datasource http settings directive * changelog: add notes about closing #13711 * changelog: add notes about closing #5699 * Fix for annotations not clearing when switching dashboards, fixes #15063 * Import fix * build: ignore latest * Spelling/grammar fixes in top level markdown files * build: publishes armv6 to grafana.com. * Removed the initial data source as I could not see it being used anywhere * Initialize named colors palete lazily * Fix thresholds default colors not being applied * removes unnessecary db request * Making sure we do not pass a long invalid queries and save to state * single import for types from @grafana/ui * tab/spaces formatting * Revert "Updated home dashboard, removed home dashboard header" * Fixed wrong line in test * Made sure we only resetTypeahead if mounted * Delayed explore query loading indicator and implemented minor ux improvements to it * fixing test * support both uid and id for showing/removing notifiers * Revert "Use the same panel loading indicator in explore as on dashboard's panel" * Firing off an action instead of listening to location changes * Handle undefined graph and table results * enable explore by default * Use the same panel loading indicator in explore as on dashboard's panel * Prevents query result cleaning when new query trransaction starts * Changes after PR Comments * Made ExplorerToolbar connected and refactored away responsabilities from Explore * Removed some split complexity * Fixed some more styling * Fixed close split look and feel * Fixed position of Closesplit * Fixed small issue with TimePicker dropdown position * Simplified some styles and dom elements * Fixed some more with the sidemenu open and smaller screens * Fixed so heading looks good with closed sidemenu * Restructure of component and styling * Refactored out ExploreToolbar from Explore * updating state if no panel * updated the color palette * Fixed reinitialise of Explore * changelog: add notes about closing #13929 * changelog: add notes about closing #14558 * changelog: add notes about closing #14484 * changelog: add notes about closing #13765 * changelog: add notes about closing #11503 * changelog: add notes about closing #4075 * changelog: add notes about closing #14722 * update changelog * changelog: add notes about closing #10322 * changelog: add notes about closing #12991 * update changelog * Update datasource before the loading has started * Add cursor pointer to color swatches * Fixed import path * changelog: adds note about closing #14701 * upgrade golang to 1.11.5 * moves timeout tests to an integration test * Moving a few things from dashboard folder * Correct formatting of sqlstore_test.go * pkg/services/dashboards/dashboard_service.go: simplify return * Updated url query param encoding to exctly match angular encoding * Updated snapshot * Added missing props not being passed to scrollbar component, fixes #15058 * Parse database host correctly when using IPv6 * Document /api/health * some working solution, needs refactor * changelog: adds note for #15062 * Do not update color picker popover position on tab change * change default rotate_token_minutes to 10 minutes * Rename deprecation warning helper * Implemented tests for ColorPickerPopover and NamedColorsPalette * fix * load test/ha fixes * set low login cookie rotate time in ha mode * Fix light theme issues with named colors disabled * Stories cleanup * fix multiple piechart instances bug * scripts/build/*: Fix some golint issues * scripts/build/*: Fix golint issues Url => URL * build: fixes building grafana completely within docker. * dont specify domain for auth cookies * monaco-kusto: fix imports * use @alexanderzobnin/monaco-kusto package for kusto syntax highlight * New snapshot reflecting changes * Makes the clickable side menu header look great in light theme again * org id fix for load test * user auth token load tests using k6.io * add global datasource proxy timeout setting * moves cookie https setting to [security] * Azure Monitor: build monaco with webpack WIP * Use Switch to control y-axis in series color picker * Move Switch component to grafana-ui * improves readability of loginping handler * Bug Fix #14961 * minor styling changes to gaps, font-size and width * makes sure rotation is always higher than urgent rotation * use defer to make sure we always release session data * Enable custom picers on color color picker popovers (for y-axis support in legend picker) * feat: Use CustomScrollbar in explore #14752 * chore: Better comment * chore: Remove comment and unneeded export * fix: Enable -webkit-scrollbar related css when there's no overlay scrollbar #14807 * fixes broken test * Make series overrides color picker display correctly * removes unused/commented code * removes old cookie auth configuration * makes auth token rotation time configurable * Update story for NamedColorsPalette * Update imports of NamedColorsPalette * Restore missing styles * Fixed issue with color name retrieval not being aware of current theme * Fixed dashboard import issue after move * Moved add panel panel and renamed it to add panel widget * Fixed react key warning for loki start page * Moved row options to it's own component folder * Removed old query inspector (that was opened by clickin error in panel title) think the new query insector from Queries tab can replace this old one. * Moving files to better locations * Disable query should trigger refresh * added docs entry for check_for_updates config flag, fixes ##14940 * Loki query editor is starting to work, had to make changes to explore query field in order to update query from the outside without unmount between * store oauth login error messages in an encrypted cookie * Removed sass import of spectrum.scss * replaced palette colors with current palette adjusted for dark and light theme * Remove spectrum.js vendor dependency from grafana/ui * changed light-theme tool-tip to be a bit lighter, trying different paddings * Fix hide timeout for color picker * Rename colorsPalette util to namedColorsPalette * Make small swatches react to theme changes * redirect logged in users from /login to home * Explore: Fix scanning for logs * Update styles of selected named color swatch * restrict session usage to auth_proxy * Implement pointer component for spectrum palette sliders * minor updates * Make default color picker close on trigger mouse leave * Moved ad hoc filters and upload directive * Added deprecation warning to old color picker API props. Moved named color support handling to color popovers * changed color for label tooltips from blue/red-yellow gradient to black/white * Moved dashboard srv and snapshot ctrl * Moved share modal * Moved dashboard save modals to components folder * Moved unsaved changes service and modal * Removed unused alertingSrv * Moved view state srv to services * Moved timepicker to components * Moved submenu into components dir * Moved dashboard settings to components * Moved dashboard permissions into components dir * Moved history component, added start draft of frontend code style guide * fix: Use custom whitelist for XSS sanitizer to allow class and style attributes * Reduce padding in color picker popover * Began work on improving structure and organization of components under features/dashboard, #14062 * Fix a typo in changelog * Implemented new spectrum palette * Update ROADMAP.md * use resetfolder instead so it shows current folder * Updated home dashboard, removed home dashboard header * fixes nil ref in tests * add setting for how to long we should keep expired tokens * stores hashed state code in cookie * creates new config section for login settings * based on encodeURIComponent() using strict RFC 3986 sub-delims * fix: Dispatch the correct action (#14985) * passing middleware tests * Stories update for color picker * Make named colors optional in color picker, enable named colors in graph legend series picker * Storybook - add actions addon * fixes:#14282 - Do not change folder for persisted dashboards * extract auth token interface and remove auth token from context * Fixed issues with the sanitizie input in text panels, added docs, renamed config option * build: removes arm32v6 docker image. * Updated version in package.json to 6.0.0-pre1 * build: armv6 docker image. * build: skips building rpm for armv6. * build: builds for armv6. * CustomScrollbar - expose underlying's react-custom-scrollbars API to allow scroll tracks config. * Explore: mini styling fix for angular query editors * Removed unused props & state in PromQueryField * chore: Remove logging and use the updated config param * chore: Reverse sanitize variable so it defaults to false * feat: wip: Sanitize user input on text panel * fix: Text panel should re-render when panel mode is changed #14922 * Minor rename of LogsProps and LogsState * Splitted up LogLabels into LogLabelStats and LogLabel * Make popover hide delay configurable to enable better UX * Stories - fix import * Enable new color picker in Gauge and Thresholds editor, use ThemeProvider instead of ContextSrv * Updated table tests to new behavior for colors (values are always rendered as hex/rgb) * Make named colors usable in angular code pt 1 * Story updates * Update grafana/ui exports * Refactor color picker to remove code duplicartion (introduced colorPickerFactory). Allow popver position update on content change * Fix lint * Updated stories * Rendering arrows for color picker, applying color changes to time series * Fix TS errors * Stories updates * Unified color picker API, allowed for color specified for theme selection, updated code to changes in PopperController API * Get rid of unused renderContent prop on PopperController * Enabled knobs for storybook and implemented some stories * Lint fix * Render series color picker with correct theme * Added config provider to be able to access config easily from react components * Migrating color pickers to Popper from drop.js pt1 * Updates to Popper to be positions correctly within window * Move tooltip themes to Tooltip component making Popper/PopperController theme agnostic * WIP Basics of named color picker * Refactored out LogRow to a separate file * Removed strange edit * Added link to side menu header and fixed styling * Moved ValueMapping logic and tests to separate files * more auth token tests * Fixed data source selection in explore * Added refId to missing queries on panel model init * adds cleanup job for old session tokens * Fixed loading of default query editor * Changed null logic for range value mappings after PR comments * fix tests after renaming now * Added check for null value in ValueMappings and added tests * s/print/log * avoid calling now() multiple times * passing auth token tests * fixed trailing whitespace * handle expired tokens * fixed circleci script run path for gometalinter * Fixed circleci name for gometalinter exec step * moved script and added exit_if_fail * Moved gometalinter to a script instead of seperate commands in circleci file, removed megacheck and added staticcheck * set userToken on request when logging in * moves initWithToken to auth package * set cookie name from configuration * Added function hasAccessToExplore in ContextSrv and refactored tests * change rotate time * mixor fixes * dead code * fix ip address parsing of loopback address * removes commented code * moves rotation into auth since both happens before c.Next() * fix: Viewers can edit means that viewers have acces to Explore #14281 * Add loop counter for full refresh in playlist * decreased panel height in edit mode * toggle collapse when clicking on collapse state text * Query editor row style update & sass cleanup * Delete .all.ts at neomake_22624_74.ts * Further refinements of typings * more typings work around data query and data source * wip: progress on adding query types * wip: more typings * wip: typings * Revert "Specify expected encoding for access/secret key" * Moved add query button to the right * Updated removing notification channel by uid * Check that alert notification with id already exists in notification settings * change enabled to true * Fixed scrollbar issue where it jumped to the top * Added test case dashboard * fix: Hack for getting the same height in splitted view, view could use refactor IMHO #14853 * Minor refactoring and name changes * Fixed issue with explore angular query editor support introduced by recent angular query editor changes * Redid logic for fontcolor and thresholds in Gauge and added tests * Make sure we do not change -Infinity * Passed the theme to Gauge * Added tests for formatted value * Small refactor of Gauge and tests * Added typings and refactored valuemappings code * Moved Gauge to ui/components * Preparing move to ui/viz * Fixed getFontColor, added tests and fixed thresholds logic * Removed baseColor * add timeout test for alert handling. * remove maxage from session token * fix broken code * fix cannot set cookie when response is written * began work on react query editor props and integration * Added data source type to explore state * updated snapshot * renaming DataSource type to DataSourceSettings and moved to grafana ui * Fixed issue with team and user picker, fixes #14935 * Moved data source and data query types * Moved plugin types to @grafana/ui * log fix * inital code for rotate * wip: moved plugin exports * build: usage instruction for repo test. * build: comments * Minor fix scrollpos when duplicating * build: updates ci deploy. * build: fixes the path for gsutil and gcloud. * build: fixes permissions issue. * removed unused props from angular query component interface * Additional query editor row tweaks * Query editor row in react is working * shortening callback functions * Explore: Fix datasource selector being empty with single datasource * Scroll to top when visualization picker is opened * Made scrollbar have scrollTop and setScrollTop props so we can control scroll position * build: only build amd64 for enterprise. * azuremonitor: guard for when switching from monaco editor * azuremonitor: move files into grafana * Query editor row react progress, buttons working * build: test script for rpm repo. * chore: Replace the deprecated SFC with FC * chore: Wrap footer with React's memo hoc * chore: Reduce code duplication by letting the page component adding the header and taking care of the page title * mini stylefix to select component * cloudwatch.md - quick typo fix * removing Label and going with FormLabel * Use light theme in storybook * Toggle edit mode works * login users based on token cookie * test: Update snapshots and mocks * build: deb repo update test usage instructions. * fix: Use Page component on "Api Keys" and "Preferences" under Configuration * build: uploads binaries before metadata in deb repo. * feat: Generate page titles from navModel * test: Updated snapshots * chore: Better way of getting the body node * chore: Reactify footer * fix: Add Pages component to Plugins and TeamList * fix: Configuration: Users should also use the Page component * feat: Possibility to change document title on pages using the Page component * fix: Add CustomScroller on DataSources page * fix: Proper types for linter * test: Snapshot update * fix: Fix import path after Scrollbar move to @grafana/ui * POC of page layout component * Added uid to AlertNotification json * Converted notification id to uid via fmt for old alert notification settings * Returned id for alert notifications which were created without uid * Formatted errors to err * Using func InitNotifier for verifying notification settings * Added uid for alert notifications * Renamed validation funcs for alert notification * Commented alert_notifications sample config * Instantiating notifiers from config before using * Added parameter org_name of alert notification to documentation * Added orgName parameter for alert_notifications * Added alert_notification configuration * redoing input props * another minor style change * More style tweaks to thresholds * fix: Manually trigger a change-event when autofill is used in webkit-browsers #12133 * move styling * renaming after pr feedback * minor style change * wip: testing new query editor row design * Removed snapshot * Refactored ValueMappings * Moved ValueMappings to grafana/ui/component and renamed it ValueMappingsEditor * Moved Label to grafana/ui/components * build: repo update testable and more robus. * Experimenting with generating doc for ui component * Move action properties to payload * Fixed small bug with entries outside the min max values * Fixed NaN issue when parsing * Remove BasicGaugeColor from state * Fixed so that we can not change base threshold * Fixed so added threshold colors are always unique * Fixed issue with changing value not changing index * Fixed styling for small screens * Reordered the input row * Fixed the circle * Fixed styling * Refactored logic in ThresholdEditor * File organization, action naming, comments * Fix reducer issues * Connect Explore child components to store * Update comments * Move types to types/explore * Save state in URL and fix tests * Allow multiple Explore items for split * WIP Explore redux migration * Fixed a bug with prefix and suffix not showing when using value mappings * fixing imports, minor fix on mapping row * test and minor fix on mapping row * updated snapshot * Added suffix interpolation * Scrollbar select fix * Remove duplicated import * Initial commit * changelog: adds note for #14795 * Move ColorPicker leftovers to @grafana/ui * inject login/logout hooks * begin user auth token implementation * utils * fix: It should be possible to scroll in the unit picker before selecting a value #14871 * fix go fmt * [Feature request] MySQL SSL CA in datasource connector https://github.com/grafana/grafana/issues/8570 * removes debug2 logging * removes error2 logger * WIP: good progress on react query editor support * Updates to latest checking. * 5.4.3 changelog * changelog: adds ntoe about closing #12864 * fix that alert context and result handle context do not use the same derived context. * docs: add a title to the Explore docs * stackdriver: converts some variables from any to types * FormGroup component and implements * Restored http settings directive that was hidden in an unused angular controller page * stackdriver: small fixes after reactifying * changelog * stackdriver: add help text for bucket alias * Prometheus: Fix annotation step calculation * stackdriver: fixes space before caret icon in query editor * Fixed Syntax for folder permission's JSON * avoid infinite loop in the dashboard provisioner * build: fixes release problems. * changelog: add notes about closing #5968 * wip: another wip commit * Moved panel editing components to it's own folder * removed old unused angular stuff, rename * wip: react query editors * Move panel width/height calculation to PanelChrome * Updated singlestat to use new value format function syntax and capitalized unit categories, fixes #12871 * build: build specific enterprise version when releasing. * Fixed Gauge being cropped when resizing panel * units: adds back velocity units. Fixes #14851 * Fix bug tls renegociation problem in Notification channel (webhook) #14800 * Fix Error 500 on unexisting /api/alert-notification/ * updated snapshot * Minor renames and other fixes * pushover: add support for attaching images (closes #10780) * panel option section moved to grafana-ui and new panel option grid component * Simplified folder structure in grafana-ui lib * Addedd assertions about raw time range when panel time overriden * Panel time override tests * add feedback to what interval is being used (calculated in the backend) * use typings for ds and template srv * value formats: another rename and updates code to use new valueFormats func * value formats: renamed folder * Reverted move of defaults for GaugePanelOptions * refactoring alias by * Move Select styles to grafana/ui * Moved defaultProps to ui/components * Moved the rest of Threshold dependencies to ui/components * Renamed Threshold files * Renamed Thresholds to ThresholdsEditor * Moved Thresholds and styles to grafana/ui/components * Removed default export for colors * Fixed typings * Small change in SeriesColorPickerPopoverProps * Moved colorpicker to ui/components * Fixing test and small refactor * Moving to grafana ui, fix issue with TestRuleResult * Fix panel time overrides not being applied fully * access scope directly from this. update tests * build: makes sure all builds use the latest container. * changelog: docker images for arm. * Renamed Select related components: Picker* to Select*, Option* to SelectOption* * build: removes curl install from build. * build: tags arm as well as amd64 as latest. * Docker image for ARM * Fixing TS and updating snapshot * make sure frequency cannot be zero * refactoring. fix broken test * Migrate Select components to @grafana/ui * provide angular directive scope props correctly * docker: enable flux in influxdb docker block * Moved Thresholds and styles to grafana/ui/components * Update README.md * 11503: escape measurement filter regex value * 4075: Interpolate tempvar on alias * rename * fixing unitpicker * removing tests * React graph panel options component rename * Minor refactor of Gauge panel * Revert "Docker image for ARM" * Revert "build: fixes docker push." * build: fixes docker push. * feat: Add brand as tooltip theme and use it on panel edit tabs #14271 * Docker image for ARM * fix broken test * chore: Remove ScrollBar component, superseded by CustomScrollbar * Update storybook static files option to load statics correctly * unregister event listener correctly * Changes after PR comments * Removed unused refClassNameprops from Propper * Fixed a small bug when toggling items in toolbar * build: deploys enterprise to its own repo. * build: inline docs * build: publishes beta releases to separate repos. * refactoring * build: makes repo update enterprise compatible. * build: uses official deployment image. * build: adds aptly and createrepo to deploy tools. * build: handles unexpected cases. * build: only adds the correct packages to the repo. * build: rpm repo deploy. * build: repo update input error. * build: release of debs to our debian repo. * Added tests for TestRuleButton * Removed Test Rule button from Angular and view * Added TestRuleButton * Hint for user on when the repeat is applied * Removes unnecessary warnings from webpack output about missing exports * Use factors for max repeated panels per row * Fixing TS errors and updating snapshot * Move Portal to @grafana/ui * chore: Move sass code related to custom scrollbar into @grafana/ui #14759 * Post merge updates * chore: Move CustomScrollbar to @grafana/ui #14759 * changed light theme page background gradient * WIP * Max number of repeated panels per row * wip * Make tooltips persistent when hovered * docs: rpm/deb beta repo. * update snapshot * add form grow * fix: Clean up per PR feedback. Thanks @dprokop * removing duplicated things * minor code refactor * splitting into more files * Moved AlertTab and StateHistory to app/features/alerting * fix: When loki is default data source, datasource is passed as undefined to QueryOptions #14667 * remove redundant max-width. it's already declared in gf-form-select-box__menu-list * add typing for metric descriptor * Removed unused Popover component * Update components to fit updated PopperController API * make templateSrv a prop * Refactored withPoper HOC to PopperController using render prop * use correct event handler name convention. register directive on startup * fix: Remove the onRenderError prop and add an ErrorBoundary component * replace fragment with empty jsx tags * refactoring tests * ugly fix. will be removed later on * adds note for #13914 and #14581 * moved all units * fix: GraphPanel should be a PureComponent * fix more broken tests * feat: Display error when plot fail to render * wip: fix broken tests * adding more units and functions * Remove the jump effect on run query button * ugly temporary fix for scope issue. will be removed later on * refactoring * fix filter bug * fix: Light theme corner bg color update * set max width on the whole menu list instead * bind array instead of function * feat: Add "theme" to Tooltip * Notify user on query error * Revert "Revert "add max width to group header description"" * Revert "add max width to group header description" * remove not used property * fix broken tests * use correct type for select option * set issearchable default value to true * make variable type more slim * remove group name from select component. let the parent set group name instead * move component to components dir. also move directive registration out from datasource * add template variable type * rename template variables prop * rename selected prop * rename searchable prop * improve component performance * add max width to group header description * remove debug logging * rollback test state to before template variables were added * cleanup * move template variable logic to component * remove extra arrow div * fix condition that expands group if it has a selected child. also make it possible to pass expanded as a prop * align input widths * remove console log * rename directive * remove linebreak * remove old group heading * use new generic picker * remove on metric type change * fix remove filter bug * use same color for label as in explore dropdown * cleanup query filter * update failing tests * remove redundant default value * use new option group in aggregation directive * remove redundant default value * wip: add option group component * wip: add basic option header * Wrap react select component in angular directive * updated scrollbar snapshot * remove not used files * Fixed new gometalinter issues * fix JSON in responses for Admin API documentation * 14722 - removing unnecessary arn check that breaks assume role feature in other AWS partitions * Fixed issue with cut legend in firefox & mobile devices, fixes #14744 and #14489 * Some cleanup * EqualFold() * forgot go fmt * pull connection string args from url instead * Add mean on distribution as well * docs: updated debian and centos repo. * Fix stackdriver aggregation series merge * first stuff * Updated documentation for new macros * Minor refactoring of EditorTabBody * Fixed timepicker css issue introduced by PR #14700 and remove hotfix from 297241c * AlertTab style fixes * Updated alert tab layout & markup * Changed datasource list page default layout mode * Fixed timepicker css issue introduced by PR #14700 * Added macros to mysql * FIxed syntaxis mistake unixEpochNanoFrom and unixEpochNanoTo * Added previous macros to mssql * Added unixEpochNanoTo and unixEpochNanoFrom macros to postgresql * Renamed unixEpochFilterNano to unixEpochNanoFilter * cleanup * add aggregation tests * add tests * Fix issue with value disappearing when selecting stat * Fixing issue with value color being wrong * initial design for way to build value formats lazily and a backward compatability layer via Proxy * fix template variable bug * Don't cut off subsecond precision for postgres macros * Nanosecond timestamp support postgresql * remove not used file * Fixed new gotmetalinter warning * add support for defining additonal database connection string args via extra_connection_string_args * clear history * cleanup. remove comments, not used files etc * state history tab * fix broken tests * use correct type for select option * set issearchable default value to true * make variable type more slim * remove group name from select component. let the parent set group name instead * move component to components dir. also move directive registration out from datasource * add template variable type * rename template variables prop * rename selected prop * rename searchable prop * improve component performance * add max width to group header description * remove debug logging * rollback test state to before template variables were added * cleanup * move template variable logic to component * remove extra arrow div * fix condition that expands group if it has a selected child. also make it possible to pass expanded as a prop * align input widths * remove console log * rename directive * remove linebreak * remove old group heading * use new generic picker * remove on metric type change * fix remove filter bug * use same color for label as in explore dropdown * cleanup query filter * update failing tests * remove redundant default value * use new option group in aggregation directive * remove redundant default value * wip: add option group component * wip: add basic option header * Wrap react select component in angular directive * s/initialDatasourceId/initialDatasource/ * add alert in react instead of angular * Fixed issues with panel size in edit mode, fixes #14703 * hide protip if not defined * fix filter bug * add help text component * Tweak datetime picker layout for mobile * Explore: Remember last use datasource * Update yarn.lock * Logs data model: add more log levels * Review feedback * Explore: fix loading indicator z-index on panel container * Loki: change query row to be single field again * Explore: logging UI style fixes * Loki: query limit configurable in datasource * Removed rxjs compat * ldap: adds extra debug logging * reactify annotation query editor * adds orgId to user dto for provisioned dashboards * Update rxjs * closes the body properly on successful webhooks * makes cache mode configurable * Fix general tab typos * added node-sass as dev dependency, needed after I removed grunt-sass * Husky and sasslint fixes, fixes #14638 * Added a form component to @grafana/ui * created visualizations folder * Fixed JQuery typing issues * Typings issues * wip: moving react graph component to grafana/ui * Don't do a full frontend release build in test-frontend job, added typescheck (tsc noEmit) instead, fixes #14639 * Moved sass for component to @grafana/ui lib * Moving a couple of types to @grafana/ui * Testing moving out one type to grafana/ui * Increased margin between controls in logs panel, fixes #14637 * Fixed dashboard links not updating after variable or time range change, fixes #14493 * Fixed group button tooltip placement from auto to bottom, fixes #14634 * Removing erroneous backtick in docs * Updating docs for auth_proxy whitelist CIDR support * Add timestamp back to log entry type * Update public/app/plugins/datasource/loki/result_transformer.ts * Loki: fix timestamp field * Fixed panel height & scroll issue with flexbox in firefox, fixes #14620 * remove segment srv prop * use ds template srv reference * remove not used stuff * add event handler * add help component * Add support for InfluxDB's time zone clause (backend) * note to future me * delete works * grunt test task update * Add support for InfluxDB's time zone clause * @grafana/ui lib now contains one components, seperate lint & tsc steps * changelog: add notes about closing #14519 * Grafana ui lib is starting to work * typings and renamings * breaking up grafana into multiple packages poc * add project and help component * add alias by component * add alignment periods component * cleanup aggregation picker * move alignment population code to parent component. make alignment a stateless component instead. * flatten target obj * Grafana ui library poc * elasticsearch: support bucket script pipeline aggregations * Add units for blood sugar concentration ???? * on deselect when reducer is set to none * add alignment component * Fixes undefined issue with angular panels and editorTabs * changelog: adds note about closing #14562 * refactor aggregation picker * use render props pattern * Update field name * Add documentation * use template variable prop * cleanup * Rename the setting and add description * export init notifier func * render editor toolbar buttons * Increase recent and starred limit in search and home dashboard, closes #13950 * changelog: adds note about closing #14486 * Panel help view fixes * rewrite angular view * Add min/max height when resizing and replace debounce with throttle * changelog: adds note about closing #14546 * Adding tests for auth proxy CIDR support * fix only add column if not exists for mysql * changelog: adds note about closing #14109 * fix handling of indices with multiple columns (mysql) * fix only create/drop database indices if not exists/exists * fix signed in user for orgId=0 result should return active org id * Another take on resizing the panel, now using react-draggable * only update session in mysql database when required * Raise datasources number to 5000 * improve component performance * add max width to group header description * copy props to state to make it visible in the view * remove debug logging * rollback test state to before template variables were added * cleanup * move template variable logic to component * remove extra arrow div * refactor to not crash when no links * updating snaps * renaming component * panel help working * snapshots: Close response body after error check * fix condition that expands group if it has a selected child. also make it possible to pass expanded as a prop * align input widths * Update sample and default configs * Add OAuth provider flag to indicate if it's broken * Register BrokenAuthHeaderProviders if needed * Add units for Floating Point Operations per Second * remove console log * rename directive * remove linebreak * remove old group heading * use new generic picker * remove on metric type change * fix remove filter bug * use same color for label as in explore dropdown * cleanup query filter * update failing tests * remove redundant default value * use new option group in aggregation directive * remove redundant default value * wip: add option group component * wip: add basic option header * Wrap react select component in angular directive * Minor update * Make sure panel id is unique since some datasources (Graphite) will cancel ongoing requests with the same panel id * changelog: adds note about closing #14548 * Adding CIDR capability to auth_proxy whitelist * Minor cleanup now that angular panel edit is no longer * Gauge option form markup fixes * toolbaritems viztab * filter out table responses that don't have columns and rows * enable goto explore from query panel editor for all datasources * started with component for generic panel help * moves migrations to /sqlstore/migrations * adds integration tests to ci build * renames main lock function * clean up integration tests * change from db_text to nvarchar * adds server lock package * initial verison of server lock * Minor react graph panel refactorings and fixes * sorting tests for change value * Fixes issues with user and team picker * fixing coloring * upgrade to golang 1.11.4 * remove printed index * updating test * adding threshold * Refactoring react graph * updated dropdown typeahead to place down instead of up, works better when inside scrollable area * minor style tweak * propagate initial state back to explore query runner * Update gitlab.md * Update github.md * minor style fixes * Updated snapshot * Switched to react-select fork * ldap: upgrades go-ldap to v3 * table: fixes #14484. Renders epoch string if date column style * changelog: adds note for #14483 * Fix for no metrics panels, now goes to viz tab and does not show queries tab * minor style fix * minor change to table panel edit options * minor tweaks to text panel * Fixes and cleanup * Show predefined time ranges as first in timepicker on small screens * code cleanup in add panel, and switched off grid css transforms to fix z-index issuse * minor tweaks to alert tab * fixed name of alert tab * removed unnessary test * updated add panel a bit * minor style fix * updated snapshot * fixes to unit picker * updates on thresholds component * remove check on axis.used in flot #13765 * Added custom scrollbar to select component * removed a test that isn't neccessery any more * replaced content in addpanelpanel with three buttons that can create new panel, paste copied panel, and add a new row, to paste panel one must copy one first, code is still quite rough * fixed cloudwatch issue * select refactor fixes * gauge working without thresholds * changin colors * explore using data source picker * fixing issue with copy invite link * getting closer with no thresholds * renamed folder to select * User picker using common select componnet * wip: unifying select components * fixing input unit test failure * fixed issue with switching panels * refactored panel-option-section into react component * removed console log * updated styles * starting with threshold refactor * wip: convert angular directives to react components * wip: style change progress * Update latest.json * wip: styles are starting to come together * wip: styles * wip: testing new styles * wip: style changes * fixed ordering changing panel types, fixes issues with loading panel options * moving min/max to gauge options * log error when resolvePath * wip: minor style changes * wip: changes * break out metric picker and filter * migration: renames logging ds to loki ds in data_source table * loki: updates the logo * fixing tests * mixing color when * wip * wip * remove on metric type change * things are working * fix remove filter bug * use same color for label as in explore dropdown * cleanup query filter * changelog: add notes about closing #8843 #11175 * fixed unit tests * update failing tests * remove redundant default value * wip * wip * redone state * display value map or range map * add oauth_auto_login setting to defaults file * use new option group in aggregation directive * wip * remove redundant default value * Adding mixed query * Check with lowercase * wip metrics tab changes * changelog: adds note about closing #13754 * wip: making things work again * React-select refactorings * wip: add option group component * wip: add basic option header * wip: react select css refactoring * docs: fix broken link on explore page * wip * changing type and started on Gauge * fix threshold test * Adding label * styling on dropdowns * Using drop down instead * Filter tags select box on text input #14437 * fixed id bug * Using an id to identify mappings * Change KeyboardNavigation from hoc to render prop component * Clean up hoc and extend component props automatically * Let VizTypePicker use the keyboard navigation hoc * Moved more metrics tab to react * Wrap react select component in angular directive * Don't show heading for first tab * snapshots: Add support for deleting external snapshots * docs: explore * snapshots: Move external snapshot creation to backend * snapshots: Add external_delete_url column * Add keyboard navigation to datasource picker via a hoc. * Use react's onKeyDown event on the input instead of event listener on document * Explore: Improved line parsing for logging * fixed typings and remove * updated publish script * Unmount component when fading out to reset its state, such as search.. * Variable rename. Did not make sense at all. * Fix styling for vizPicker keyboard nav and change so only arrow up/down is OK to use * fixed styling * Start adding keyboard navigation to VizPicker * use links instead of bridge network * fix time regions bugs * fixed issue with colorpicker position above window, fixes #14412 * fixed issue with singlestat and repeated scopedVars, was only working for time series data sources, and only if there was any series, now scoped vars is always set, fixes #14367 * fix search tag issues, fixes #14391 * Clear query models when changing data source type, fixes #14394 * fixed issue with grid responsive mode * fixed max height issue not being respected by react select dropdown * removed side menu for column styles, added small header to column styles with a border * Use correct variable name in fail text * Fix search field styles * Enable search also after editing * Explore: Split logging query into selector and search * Fix logs panel meta wrap * Explore: dont pass all rows to all rows, fixes profiler * Explore: Logging dedup tooltips * Explore: Hide scanning again after result was found * Explore: Fix timepicker inputs for absolute dates * Switch to global match for full browser support of escaped custom vars * Allow backslash escaping in custom variables * Fixed issue with logs graph and stacking * align yellow collor with graph in logs table * minor style change * Add the AWS/SES Cloudwatch metrics of BounceRate and ComplaintRate. Pull request #14399 * logs style polish * allow sidemenu sections without children still have a hover menu/header * explore logs options styling * transparent toggle style and new button group style * Toggle buttons * render a value mapping row * removed side menu from display options, kept overrides in display options, moved thresholds and time regions to its own section in visualization * changelog: adds note about closing #11221 * removes unused code * fixes merge error * remove result format. might add this later * filter out build in datasources. add unit test * click on dashboard title moves you back to dashboard instead of search * graphInterval needs to update after query execution, fixes #14364 * Explore: Parse initial dates * Aligned styling of stats popover/box with rest of grafana & minor css refactoring * Remove Explore > "New tab" from sidebar * initialize empty variables array in constructor so that datasources can use the array in explore * Prometheus: Make result transformer more robust for empty responses * add table support flag in influx config * add scoped vars to query options * Rebase fixes * Explore: Logging line parsing and field stats * fixed unit tests * made unknown color theme aware and sync with graph color, some minor cleanup * initial stuff * Explore: improve error handling * use render props instead of cloneElement * sort of a hacky way to figure if the small variation should be used for the label * add basic button group component, using the the same label style as is * Restore PluginEditCtrl accidently removed * explore logs styling * wip: alternative level styling & hover effect * wip: explore logs styling * more detailed error message for loki * If user login equals user email, only show the email once #14341 * UserPicker and TeamPicker should use min-width instead of fixed widths to avoid overflowing form buttons. #14341 * wip: explore logs styling * restoring monospace & making sure width are correct when hiding columns * fixed logs to time series calculation issue, increased bucket size, fixes #14248 * Always open panel links in new window if user asked for it #14333 * Changing from PureComponent to Component to re-render on link updates made in Angular #14333 * minor tweaks, now table renders faster and changes less on second stage rendering * explore logs css refactoring, step1 * explore logs styling poc, WIP * Fix transparent option #14333 * Add prop key to panelPropsString to avoid a bug when changing another value and the render doesnt trigger * loki: adds proper error handling for config page * renames Grafana Logging ds to Loki * Pass some panel props down as strings to trigger render #14333 * Trigger panel.render on title, description, links change #14333 * Put issue number to test code * Fix bug what updating user quota doesn't work * Fix bug what updating org quota doesn't work * public/app/plugins/*: Fix some misspell issues * public/sass/*: Fix misspell issue * public/app/features/*: Fix some misspell issues * public/app/core/*: Fix some misspell issues * README.md: Fix small typo * fix snapshots * Added isDefault switch on settings * fix to switch component * Rename BodyPortal to Portal and accept prop "root" which is where the portal should be placed * Create a portal and use it with our popper component (tooltip and popover) to avoid potential overflow-/zindex-bugs * add icon * explore data source selector fix * Update css to use the border-radius variable and add a new variable for the popper's distance to its ref * Update README.md * fix for panel-initialized event not being called * refactored and added tests for panel model remember properties * redact value for plugin proxy routes * pkg/*: Fix misspell issues * fix for panel embedding. Solo panel height was not correctly set. Made panel--solo into panel-solo class. in develop branch we have remove the need for the panel class * added support for influxdb cumulative_sum function in tsdb * Use buildTableConstraint instead of buildSchemaConstraint to find the datatype of a column if using a table from a different database schema * Readme: We should write Node.js the same way in all places in the readme * Small tooltip css-adjustments and add css for position "bottom-start" used by the panel header corner * Explore: Display duplicate row count as number * Adapt styles * Explore: Logging query live preview of matches * added max-widths to explore start pages boxes * Alert tab fails when datasource method targetContainsTemplate doesnt exist #14274 * improve comments * fixed promql and loggging syntax so all punctuation chars are treated the same, remove hover move * remove all query empty related code. root cause of the problem was to fix hasNonEmptyQuery * Let the cached props from previous visualization be the masters, unless specified in keepLatestProps const * POC on how to save away settings from a viztype and restore when switching back to it #14274 * remove redudant spread * Set query empty condition in render function. Also clear query transactions when no valid query is present * Remove query empty from model * fixed logging start page * Use popover styles for stats popover * Fine tune stats styles * Tests for label stats calculation * Explore: Logging label stats * stop scanning when clear all button is clicked * build: update latest when pushing docker. * Use origin meta * only display scan button if there is at least one existing selector that returned an empty result * minor refactoring * Explore: return to grid layout for logs table * Add VizPicker search #14274 * changelog: add notes about closing #11067 * fixed grabage in markup * fix: align input backgrounds for code editors * fixedUnit for Flow:l/min and mL/min * feat: #11067 prevent removing last grafana admin permissions * another style fix for broken dark theme word highlight * fix time regions using zero hours * Misc styling fixes to explore: start page, slate code editor colors, text highlight in auto completeter suggestion * Revert commit * only make it possible to scan for older logs if there is at least one non failing selector * update package.json to next version * Stick to .tsx? for babel file test * changelog: add notes about closing #13815 * changelog: add notes about closing #14246 * arrow function * changelog: add notes about closing #12653 * fix for add/remove labels * Hid "Forgot your password" link from login menu when reset is disabled * Prevent password reset when login form is disabled or either LDAP or Auth Proxy is enabled * fix for initial options * minor css fixes * update changelog * update latest.json to latest stable version * new stable docs version * minor css fix * redid props for gauge options * dataproxy: Override incoming Authorization header * changelog: add notes about closing #14228 * Explore: Show logging errors from backend * change obj order when merging so that correct format is being used * Explore: Fix logging query parser for regex with quantifiers * Update README.md * Fixed typo in function name * Explore: Fix label and history suggestions * tidy import * let each sql datasource handle timeFrom and timeTo macros * style changes for panel placeholder (move and resize) effect * never load fallback query field. remove commented code * add an error alert component that will be displayed when there was an error loading ds in explore * fix: minor style changes, removed hover scale increase * react-panel: Add nullcheck to prevent error on datasources without meta options * react-panel: Options button should always be enabled now when Time Range-options are there * react-panel: Move time range options to its own component and render it under the options button instead * created color enum * make sure target obj is not destructured so that angular copy of objected can be mutated * Review feedback * react-panel: Add test for Input with validation on blur * react-panel: Input validation should be optional * react-panel: Clean up input validation and increase code readability * react-panel: Time range options moved to "Queries" tab * react-panel: Remove mock response button for now * react-panel: Remove comments and improve readability in render() * react-panel: Use correct type for children prop to avoid the use of fragments <> * react-panel: Remove json-formatter-js since we will continue with the "patched" version * react-panel: Move all query inspector logic into QueryInspector component and start with the "Mock response" * react-panel: Toggle Expand/Collapse json nodes in Query Inspector * react-panel: Add CopyToClipboard-component and separate QueryInspector to its own component from QueriesTab * react-panel: Trigger panel refresh when opening inspector. Add loading-message * react-panel: Replace JSONFormatter npm package with the current monkey patched JsonExplorer * react-panel: Clean up the JSONFormatter and make sure it updates both on mount and when props update * react-panel: Get real datasource query for query inspector * react-panel: Create component for JSON formatting and use it on query inspector * changelog: add notes about closing #14167 * make getAll return array instead of object * remove obsolete test * Update README.md * Add AWS/CodeBuild namespace for CloudWatch datasource * Fixed styling issues with new checkbox style * Fix other misspell issues * docs/*: Fix misspell issues * CHANGELOG.md: Fix misspell issues * Explore: Logging render performance * remove log * min and max value * update gauge on remove threshold * user added thresholds state * console logs and code layout * pass data correctly to event handler * revert Label change * update color on gauge when changing * remove explore check - make it possible to load all datasources * add table support flag for stackdriver * add table support flag for prometheus * add table support flag for postgres * add table support flag for opentsdb * add table support flag for mysql * add table support flag for mssql * add table support flag for logging * add table support flag for graphite * added google_tag_manager_id from defaults.ini * removed extra whitespace * Update export_import.md * added new icons, fixed so different icons in different themes, added animation to hover on icons, styled choose visualization and datasource for both themes, made som styling adjustments to whole panel editor * sorting tests * remove border * color indicator * add new flag in order to be able to indicate whether the datasource has native support for tables * prevent explore from crashing when table is not present in response * Explore: Logging label filtering * Logging: fix query parsing for selectors with multiple labels * using percentage to not hide search when smaller screen * build: explaining the linux build. * check for null with toLocalString (#14208) * Fix elastic ng-inject (build issue) (#14195) * add current editor to panel targets * Added stop scan button * Explore: Scan for older logs * color picker * remove time srv initialization * restructure imports * get intervals from explore function * unregister all query editor event listeners * remove comments * temp remove until stackdriver implements explore * sort on value * use default range from time picker * Requested Backend changes, removed link in popover description for the offset field * Remove confusing <> from variable intro * includes ranges correctly in the options object * docker: Upgrades base packages in the images. * small fixes * logic for adding rows, styling * chore: correct pause-all-alerts auth in docs * Requested Backend changes, added details to popover description for the offset field * Explore: Fix JS error when switching between 2 prometheus datasources * color touches * Add support for Offset in elasticsearch datasource, date_histogram aggregation, fixes grafana #12653 * Fix tests to account for sortText * build: always test publisher. * build: packages linked to dl.grafana.com. * Fix tests to account for loglevel long names * Explore: Filter logs by log level * styling * created test for some functions * update changelog * mock interval data * fix handle of elasticsearch 6.0+ version * rename variable * hide row specific buttons when query editor is rendered from explore * add support for explore events * minor style fix * minor fixes * docs: various fixes of what's new in v5.4 * use plugin_loader directly instead of using the wrapper * docs: fix old ldap url redirect * fixed issue with babel plugin proposal class properties that initiated properties to void 0. This breaks angularjs preAssignBinding which applies bindings to this before constructor is called. Fixed by using fork of babel plugin. * Explore: make query field suggestions more robust * Fix abbreviations of Litre/min and milliLitre/min (#14114) * Sort Prometheus range suggestions by length * docs: what's new in v5.4 * Explore: swtiching to logging should keep prometheus labels in case of error * tweaks to gf-inline-form style PR #14154 change * adding back button * styling tweaks * initial commit * docs: signout_redirect_url description in auth overview * minor style changes * Sticky footer for all pages * edit mode styling * edit mode styling * edit mode styling * Added comments * style tweaks * render and sort * return actual error if failing to update alert data * Fix issue with deleting a query (empty string not updating) * Fix history rendering for DataQuery * margin when listing multiple gf-form should be right * styling progress * Fix a typo * panel edit ux experiments * changelog: add notes about closing #14150 * temporary fix for starting grafana not running systemd * cloudwatch: handle invalid time ranges * cloudwatch: recover/handle panics when executing queries * Combine query functions * Renamed targets to queries * added icons for panel-edit side menu * updates time range options for alert queries * format: remove and align tabs * updating state * Explore: Introduce DataQuery interface for query handling * Fix set utilities for explore section * typos in docs/sources/alerting/rules.md * typos in docs/sources/alerting/rules.md * fixed failing graph tests * gfdev: fixes unparseable for duration * fixed issue with new legend not checking if panel.legend.show * gfdev: adds alert always in pending state * docs: adds example timeline for alerting for * build: docker build for ge. * react-panel: Avoid duplicate keys * added alert tab to new react panel editor * update path to alerting for image * started on thresholds * react-panel: Add data source "options". Needs UX, WIP. * update release publish script links * fixes to view mode for panels, can now go back as before * Add visibility toggle for explore graph series * what's new in v5.4 placeholder * fix label and default threshold * react-panel: Add data source "help" * fix for issue with error view in production builds * changelog: adds note for #13561 * update changelog * stackdriver: remove not used variable * fixed menu to go to panel view mode * stackdriver: use angular dropdown so that we can restrict user input * stackdriver: make sure object type queries are also checked for vtemplate variables * minor style update * changelog: adds note about closing #13577 * adds basic auth configuration to default.ini * added header section to legacy tabs * stackdriver: reset defaults.ini * changelog: add notes about closing #14120 * changelog: add notes about closing #14129 * switch slider changes * linters. * build: correct filters for ge build artifacts. * build: releaser supports releasing only some artifacts. * Revert "docs: building Grafana on arm." * Add doc for api "GET /api/users/:id/teams" * Re-organize packages and add basic auth test * Revert "Update google analytics code to submit full URL not just path" * Add Cloudwatch/CloudHSM Metrics and dimensionMaps * remove react warning * added chekbox and other tweaks * refactor options, show labels and markers * docs: building Grafana on arm. * stackdriver: add query keyword to service, metric and project since these were the only fields in the editor that was missing it in the whole editor * Explore: POC dedup logging rows * stackdriver: add query keyword style to query fields * stackdriver: fix failing test * stackdriver: reimplementing service variable query type * Revert "typo fix" * typo fix * prefix and suffix * decimals * update snapshot * stackdriver: fix failing tests * changelog: add notes about closing #13352 * changelog: add notes about closing #13810 * changelog: add notes about closing #13605 * changelog: add notes about closing #13876 * changelog: add notes about closing #13946 * changelog: add notes about closing #13555 * changelog: add notes about closing #13425 * changelog: add notes about closing #13655 * stackdriver: update docs * stackdriver: add support for template variables * react-panel: Finish the data source search on query tab and start moving switch-data-source-logic from angular * linter. * fixed issue switching back from mixed data source, introduced by react panels changes * build: minor refactor. * build: fixes a bug where nightly rpm builds would be handled as stable. * some touch ups on unit * go meta lint errors * update changelog * builds: introduces enum for relase type. * fix group sync cta link * picker and functionaliy * fixed issue with panel size when going into edit mode * stackdriver: join resource and metric labels. split them in values and keys * changelog: add notes about closing #13924 * build: table-driven tests for publisher. * fix id returned from google is a string * changelog: adds note about closing #7886 & #6202 * changelog: adds note about closing #11893 * Fix param * Add GET /api/users/:id/teams for orgAdmin * Tooltip should be able to take up space when used on an absolute positioned element * minor fixes * panel-header: Move the corner information in the panel header to its own component * changelog: add notes about closing #12550 * fix selected home dashboard should show as selected even though its not starred * panel-header: Move the panel description/links/error container outside of panel header to not interfere with the react-grid stuff * reload browser after preferences been updated * panel-header: Unmount popper when not needed. * fix snapshot tests * panel-header: Updated snapshots for popper * panel-header: Add fade in transition to tooltip * Trying to reduce the amount of duplication with preferences * panel-header: Make it possible to style the reference element and fix so panel description looks good * filter out alpha plugins in api call, fixes #14030 * panel-header: Simplify condition * panel-header: Avoid undefined classNames and use the real panel description * panel-header: Updates for the new react-popper api and make it possible to hover the tooltip popper without it closing * panel-header: Bump @types/react, @types/react-dom, react, react-dom, react-popper to latest versions * panel-header: Display description in modal * update changelog * changelog: add notes about closing #11977 * changelog: add notes about closing #6367 * docs: team http api update * [elasticsearch] Do not set a placeholder to index name, if it's already specified. * changelog: adds note about closing #14043 * fixed issue with save. * fixed mutability issue in dashboard dropdowns * Explore: Fix table pagination styles * team preferences ui * feat: team preferences * Explore: Dont set datasource in state if navigated away * fix switching from es raw document metric breaks query editor * alerting: reduce the length of range queries * Mitigate XSS vulnerabilities in Singlestat panel * Retain decimal precision when exporting CSV * Added Id to BasicUserInfo returns * Added google oauth account id * switch style tweaks * Explore: collapsible result panels * removing test page * format value * default value * created classes for new checkbox and variables * Prometheus: fix rules expansion * handle default value * various fixes to angular loading * Explore: POC for datasource query importers * build: enabled darwin build. * expand groups when searching * build: darwin compatible build env. * maxHeight and style overrides * moved slider into label to make it clickable, styled slider in dark and light theme, created variables for slider * fix: dont setViewMode when nothing has changed * fix redirect issue, caused by timing of events between angular location change and redux state changes * fix datasource testing * panel options now load even when changing type * fixed issues when changing type, need to remove event listeners and cleanup props * build: refactoring. * React edit mode for angular panels progress * minor fixes * fixed order of time range tab * Update ReadMe. * Update google analytics code to submit full URL not just path * devenv: elasticsearch datasources and dashboards * fix pipeline aggregations on doc count * changelog: add notes about closing #5930 * fixed alert tab order and fixed some console logging issues * Add tooltip * some progress on groups and options * changed time region color modes * panel-header: Move the corner information in the panel header to its own component * changelog: add notes about closing #12550 * fix pending alert annotation tooltip icon * alert rule have to be pending before alerting is for is specified * fix selected home dashboard should show as selected even though its not starred * build: internal metrics for packaging. * panel-header: Move the panel description/links/error container outside of panel header to not interfere with the react-grid stuff * alerting: improve annotations for pending state * reload browser after preferences been updated * panel-header: Unmount popper when not needed. * fix snapshot tests * panel-header: Updated snapshots for popper * panel-header: Add fade in transition to tooltip * Trying to reduce the amount of duplication with preferences * stackdriver: revert project test stuff * stackdriver: revert test code * panel-header: Make it possible to style the reference element and fix so panel description looks good * adds pending filter for alert list page * adds pending state to alert list panel * alertmanager: adds tests for should notify * Extracted language provider variables for readibility * devenv: graph time regions test dashboard * fix time regions mutable bug * set default color mode * filter out alpha plugins in api call, fixes #14030 * alerting: support `for` on execution errors and notdata * poc: handling panel edit mode in react even for angular panels poc * panel-header: Simplify condition * wip: minor update * minor fix * css update to switch slider * tests for supporting for with all alerting scenarios * should not notify when going from unknown to pending * Fix formatting and remove enabled toggle * panel-header: Avoid undefined classNames and use the real panel description * wip: switch slider test * panel-header: Updates for the new react-popper api and make it possible to hover the tooltip popper without it closing * panel-header: Bump @types/react, @types/react-dom, react, react-dom, react-popper to latest versions * Add basic authentication support to metrics endpoint * panel-header: Display description in modal * minor panel options type fix * docs: description about graph panel time regions feature * update changelog * changelog: add notes about closing #11977 * changelog: add notes about closing #6367 * docs: team http api update * wip: adding general tab for react panel edit mode * [elasticsearch] Do not set a placeholder to index name, if it's already specified. * devenv: graph time regions test dashboard * create time regions solely based on utc time * started on options and groups * fix: added events to MetricsTabCtrl to closer mimic MetricsPanelCtrl * minor css change * Moved query manipulations from metrics controller to metrics tab so they are more easily shared between angular and react panels * fixed panel focus for react panels * minor changes to react panels * changed how size is calcualted and propagated and added proper interval calc to DataPanel * changelog: adds note about closing #14043 * first stuff * pkg/cmd/grafana-server/server.go: Check sendSystemdNotification return value. * pkg/cmd/grafana-server/server.go: check serviceGraph.Provide() errors * pkg/cmd/grafana-server/main.go: Fix error value not checked * wip panel size handling * fixed issue with save. * fixed mutability issue in dashboard dropdowns * adced clickoutside wrapper * fixed singlestat guage ceneterd dot rendering issue * refactoring back the interval calculation, needs to be different for react panels * fix case where timeshift and time override is used * wip: refactoring interval and time override handling * updates latest to 5.3.4 * changelod: add release date for 5.3.3 and 5.3.4 * devenv: graph time regions test dashboard * graph: Time region support * Explore: Fix table pagination styles * devenv: update alerting with testdata dashboard * stackdriver: use arrow functions * stackdriver: use new naming convention for query editor all over * adds redis devenv block * restore user profile preferences * changelog: add notes about closing #13328 #13949 * updates macaron session package * minor react panels refafactor * removed console.log * some cleanup of unused stuff and type fixes * completed work on panel not found view * Clarify wording of playlist protip * team preferences ui * feat: team preferences * Explore: Dont set datasource in state if navigated away * Explore: Don't suggest term items when text follows * wip: panel plugin not found * fixed scrollbar autohide prop * wip: panel-header: On panel refresh, get new timeRange from timeSrv, not the old one from the state * wip: panel-header: Avoid null returning to get better code readability. High five @ peterholmberg * wip: panel-header: Remove the TimeData type * wip: panel-header: Add proper typings to maxDataPoints and interval + remove code in comment * wip: panel-header: Move getResolution and calculateInterval into utils-functions and use the same code from react and angular * wip: panel-header: Start implementing the applyPanelTimeOverrides in the react panels by moving it to a util, make it pure and call it from angular and react. * import changes * updated text styling when switching views * Add `gofmt -s` to CircleCI * minor fixes based on code review * Fix gofmt issues * Add pic into actionCard message * minor style fixes & polish * minor update * disable custom webkit scrollbar styles * refactoring & cleaning up css * Minor progress on edit mode * improve dropdown pane connetion to tab toolbar * Add megacheck to gometalinter CircleCI target * pkg/tsdb/influxdb/influxdb.go: Fix surrounding loop is unconditionally terminated. * scripts/build/release_publisher/publisher_test.go: Fix trivial megacheck warning. * draw gauge * data source picker demo state * stackdriver: remove service query tyhpe * stackdriver: correct aligner name * fix in to not render multiple labels * stackdriver: typescriptifying props * stackdriver: remove redundant try catch * Update stackdriver.md * Adjust UI depth of query statistics * stackdriver: rename query function * stackdriver: rename query variable * stackdriver: remove debug log * stackdriver: add documentation for the template query editor * stackdriver: test saved variable * stackdriver: fix failing tests * stackdriver: remove services query type * stackdriver: update tests * stackdriver: add tests for render snapshop and default query type * stackdriver: remove lodash since object assign will do the trick * stackdriver: make sure we don't crash when selected service doesnt have a value * stackdriver: add simple render test * stackdriver: rename params * stackdriver: remove not used prop * stackdriver: persist template variable definition * stackdriver: add default value for query type * stackdriver: pass query definition from react, making it possible to use another definition than the query string only * stackdriver: make it possible to use alignment period template variable * stackdriver: make it possible to use aligner template variable * stackdriver: make it possible to use aggregation template variable * stackdriver: make it possible to use aggregation template variable * stackdriver: make it possible to use metric type template variable * stackdriver: set currentdatasource when editview is enabled * stackdriver: return correct value * stackdriver: reset query value on datasource changed * stackdriver: fix default value bug * stackdriver: extend label width * stackdriver: revert refactoring * stackdriver: extract variables for pickers * stackdriver: cleanup * stackriver: rename interface * stackriver: use type for state * stackdriver: rename state vars * stackdriver: extract common function * stackdriver: streamline the way labels are refreshed when a new value is picked in the dropdowns above * stackdriver: handle default state * stackdriver: refactor dropdown component * stackdriver: replace components with basic stateless select * stackdriver: remove not used func. wrap query in exception * stackdriver: reload all child dropdown and update selected accordingly * stackdriver: improve default state handling * stackdriver: use standard naming convention for selects * stackdriver: streamline label change * stackdriver: refactor TemplateQueryComponent * stackdriver: use enum for query type * stackdriver: add aggregation query * stackdriver: add alignment periods * stackdriver: add aligner query * stackdriver: add resource types query * stackdriver: add support for resource label queries * stackdriver: return friendly display name * stackdriver: add metric labels query * stackdriver: move response parsing to datasource file * stackdriver: return values for services and metric types * stackdriver: rename default component * stackdriver: more renaming * stackdriver: refactoring - rename react components and file structure changes * stackdriver: remove not used code * stackdriver: add selector components for service and metric type * stackdriver: refactor stackdriver query ctrl * stackdriver: make sure default template query editor state is propagted to parent angular scope * stackdriver: conditional template component rendering * stackdriver: add react component for template query editor * stackdriver: make it possible to load react plugin components from template query page * stackdriver: add basic directive for loading react plugin components * Preserve suffix text when applying function suggestion * wip: progress on edit mode ux with tabs * can render something * don't drop the value when it equals to None * changelog: adds note about closing #13993 * Remove Origin and Referer headers while proxying requests * Refactored log stream merging, added types, tests, comments * docs: improve helper test for `For` * alerting: adds docs about the for setting * panel-edit-ux-tabs on top alternative * Add new option to set where to open the message url * added loading state * Fixes #13993 - adds more options for Slack notifications * fix switching from es raw document metric breaks query editor * add auth.proxy headers to sample.ini * add auth.proxy headers to default.ini * refactored how testing state was handled, using redux for this felt way to require way to much code * adds debounce duration for alert dashboards in ha_test * fixed issue with reducer sharing url query instance with angular router * fixed exporter bug missing adding requires for datasources only used via data source variable, fixes #13891 * minor text change in export modal * build: removes unused. * clear test box if success * Fixed issues introduced by changing to PureComponent * Added testing state in reducer * further refactoring of #13984 * minor fix * refactorings and some clean-up / removal of things not used * Update docs/sources/permissions/dashboard_folder_permissions.md * Fix typo in docs/sources/reference/scripting.md * experimental option boxes * ux: changed panel selection ux * move enterprise down in menu * wip: panel-header: Fix shareModal compatibility with react and angular * wip: panel-header: Remove custom menu items from panels completely * wip: panel-header: Reverted a lot of code to pause the "custom menu options" for now * wip: panel-header: More merge conflicts during cherry pick * wip: panel-header: More merge conflicts during cherry pick * Update docs/sources/permissions/datasource_permissions.md * Update docs/sources/permissions/datasource_permissions.md * Update docs/sources/permissions/dashboard_folder_permissions.md * Update docs/sources/http_api/datasource_permissions.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * minor change * wip: panel-header: More merge conflicts * Fix loglevel tests for Explore loggging * wip: panel-header: Merge conflicts * wip: panel-header: Fragment not needed anymore * wip: panel-header: Add possibility to add custom actions to the menu by passing them in as props * wip: panel-header: Separate all panel actions to its own file so we decouple them from react * wip: panel-header: Start implementing the Toggle legend, but its not taken all the way * wip: panel-header: Change DashboardPanel to a PureComponent to avoid unwanted rerenders * wip: panel-header: Refactor so "Share" use the same code in angular+react * wip: panel-header: Add "Edit JSON" functionality + make sure everyone using the json editor pass in the model property instead of the scope property when triggering the json modal * wip: panel-header: Add "Copy" functionality * wip: panel-header: Add "Duplicate" * wip: Add "Share" to the react panels * wip: panel-header: Move code existing in both angular+react to utility functions * wip: panel-header: Remove panel * Mobx is now Redux * wip: Initial commit for PanelHeaderMenu * changelog: add notes about closing #13903 * changelog: add notes about closing #13932 * unify log level colors between rows and graph * Graph log entries by log level * fix selecting datasource using enter key * Adaptive bar widths for log graph * changelog: add notes about closing #13970 * build: fixes * build: publisher handles nightly builds. * rename and mark functions as private * drag handle css * moved drag handle * fixed options * Time selection via graph * minor code style change * basic panel options working * Adding Cloudwatch AWS/Connect metrics and dimensions * wip: react panel options architecture * export: provide more help regarding export format * build: minor publisher fixes. * extract store from configurestore * added actions * build: publishes grafana enterprise to grafana.com * changelog: adds note about closing #13322 * build: publisher uses local time. * build: publisher supports both local and remote. * build: publisher can find artifacts from local sources. * build: refactor releaser. * build: prepares release tool for finding local releases. * build: improved release publisher dry-run. * build: use build workflow id instead of build number. (#13965) * alerting: delete alerts when parent folder is deleted * refactor dashboard alert extractor * for: use 0m as default for existing alerts and 5m for new * panel options wip * Exposing digest from angular component * adds tests for extracting for property * minor fix * changelog: add notes about closing #13606 * devenv: table panel links * renames `debouceduration` to `for` * introduce state `unknown` for rules that have not been evaluated yet * fixes go meta lint issue * wire up debounce setting in the ui * adds db migration for debounce_duration * introduces hard coded deboucing for alerting * always execute the user teams query * handle error before populating cache * build: fixes gcp push path. * alerting: adds tests for the median reducer * add minimal permission * typo fix for "has" * Gitlab -> GitLab * changelog: adds note about closing #13945 * Add tests covering alternate syntax for aggregation contexts * Handle suggestions for alternate syntax aggregation contexts * fix terms agg order deprecation warning on es 6+ * fix failing tests * removed file I added accidentally * fixed to template PR issues, #13938 * alerting: increase default duration for queries * Explore: Logging graph overview and view options * Load hash based styles in error.html, too * Add [hash] to filename of grafana.{light,dark}.css * minor tweak to back to dashboard buttons * Fix minor JSON typo in HTTP API docs * remove replaced components * reverting babel change * remove this * removed these unused components * reverting script change * updated snap * tests * minor doc tweaks * updated enterprise page * Added new backend setting for license file * updating state and save * make permission sub items in sidemenu cleaner * changelog: add notes about closing #13925 * Explore: fix metric selector for additional rows * fix for responsive rule for footer * Updated login page logo & wordmark and responsive behavior * added new workmarks * fixed react whitespace warning on teams page * renamed org files to match new naming guide * moved profile pages to it's own feature folder * moved new teams page * reload page after preferences update * Add delta window function to postgres query builder * Increase Telegram captions length limit. * docs: enhanced ldap * Explore: async starts of language provider * listen for changes in angular land and propagate that back to react * docs: fix datasource permissions keywords * build: grafana enterprise docker image. * added caching of signed in user DB calls * added actions * IE11 fix for legend tables below graph * cleaned up render * renders angular component * updated api keys snapshot * restored transition * removed logging call * add table column date format * fixed memory leaks and minor refactoring * build: gpc credentials added to deploy. * changelog: add notes about closing #13762 * update changelog * build: deploys to gcp. * build: deploys to gcp. (#13911) * datasource permission http api * restructure administration/permissions page into a section with sub pages * Fix TimePicker test by enforcing UTC on date string * updated view to use angular loader * Explore: repair logging after code restructuring * docs: schema -> database * build: deployment ci container. (#13902) * docs: mysql * minor progress * Make Explore plugin exports explicit * add functionality to override service in registry * moved state * register datasource cache service with proper name * revert application lifecycle event support * changelog: adds note about closing #13876 * Add new build info metrics that contains more info (#13876) * JS tooling: run TS grunt tasks only when files changed * revert file name change * remove unused code * log error on datasource access denied * include teams on signed in user * application lifecycle event support * refactor datasource caching * Fix cell coloring * Fix bug with background color in table cell with link * add dashnav responsive rule to hide tv button on smaller screens * Implement oauth_auto_login setting * Explore: fix copy/paste on table cells * rename type * using label component * Pluggable components from datasource plugins * fixed type * removed angular code * test and some refactoring * build: adds branch info to binary build * now that css is loaded sync again I can remove some styles from index html body css * WIP babel 7 * Revert to sync loading of css, sometimes js loaded before css which caused issues * Update grafana_stats.json * Makefile: dependency-driven target to build node_modules * removes old invalid release guide * added missing alpha state prop to graph2 panel * minor update * added switch form component * updated graph tests dashboard * fixed width of panel edit mode * Fix query hint tests after refactor * Fixing issue 13855 * Add tests to cover PlaceholdersBuffer and sum hint * Add sum aggregation query suggestion * fixes to angular panel edit mode * Reduce re-renderings when changing view modes * updated singlestat logo * more ux progress * Add tests to cover aggregation context cases * Fix label suggestions for multi-line aggregation queries * panel edit mode changes * Update snapshots. * Use jest.fn instead of string. * Explore: error handling and time fixes * ux experiments * build: builds grafana docker for enterprise at release. * Add code to flot that plots any datapoints which to not have neighbors as 0.5 radius points - fixes https://github.com/grafana/grafana/issues/13605 * adding default value and update actions * build: ge build fix. * build: grafana enterprise docker. (#13839) * moved state to redux, renamed entities * testing panel edit ux idea * changelog: add notes about closing #13769 * add test * cache region result * use default region to call DescribeRegions * fix: updated backend srv to use appEvents and removed parts of alertsSrv * simple select * build: correctly adds enterprise to the filename. (#13831) * docs: improve ES provisioning examples * changelog: adds note about closing #13723 * stackdriver: don't set project name in query response since default project is now loaded in its own query * Optimize the Dingding match values format * Add Dingding message type to support mass text notification * graph legend: fix table padding * Moved prom language features to datasource language provider * Split text template into variable * Add match values into Dingding notification message * graph legend: fix phantomjs rendering when legend is on the right * fix for annotation promise clearing, bug introduced last week when merging react panels step1 * fix panel solo size * mysql: fix timeFilter macro should respect local time zone * load preferences * support template variable in stat field * only look in current database in findMetricTable * graph legend: fix table alignment * fix dingding doc error * fixed routes and page * graph legend: minor refactor * Added types to query rows * update latest.json to latest stable version * changelog: update * cleaned up the flow * changelog: add notes about closing #13280 * delete provisioning meta data when deleting folder * Update the regex-matching in templateSrv to work with the new variable-syntax and be more flexible to regex-changes #13804 * changelog: add notes about closing #13600 * changelog: update * Move the variable regex to constants to make sure we use the same reg??? (#13801) * docs: fix tutorials index page. Fixes #13799 * graph panel: fix legend alignment * Explore: fix graph resize on window resize * changelog: adds note for #13691 * docs: fix tutorials index page. Fixes #13799 * Resource type filter (#13784) * Fix race condition on add/remove query row * moving things * typing changes * changelog: add notes about closing #13764 * pkg/tsdb/stackdriver/stackdriver.go: Fix regular expression does not contain any meta characters. * pkg/tsdb/graphite/graphite.go: Fix regular expression does not contain any meta characters. * pkg/login/ldap.go: Fix warning comparison to bool constant * Added margin and correct border radius * Fix rebase, fix empty field still issuing query problem * Changelog: Adds curl to docker image in 5.3.2 * fix: another fix for #13764 , #13793 * Submit query when enabling result viewer * Get query hints per query transaction * docker: adds curl back into the docker image for utility. (#13794) * Explore: query transactions * connected to store, self remove logic * fix: kiosk url fix, fixes #13764 * changelog: add notes about closing #13633 * changelog: add notes about closing #13666 * fix: Text box variables with empty values should not be considered fa??? (#13791) * renaming things * graph legend: review fixes * add debug logging of folder/dashbord permission checks * sync mysql query editor template with postgres * add char as datatype for metric and group columns * build: indentation mistake. * build: fixes filename issues. * fix injecting dependencies to graph legend directive * changelog: adds note for #13669 * docs: update debian installation instructions * stackdriver: some tweaks to the text on the config page and in docs * stackdriver: refactoring request builder * stackdriver: remove not used struct * stackdriver: remove not needed scope * stackdriver: add provisioning example for gce authentication * stackdriver: add documentation for gce default account authentication * stackdriver: change name of authentication type * stackdriver: improve config page info box documentation * stackdriver: prevent backend query from being made when there are not yet any defined targets * stackdriver: fix failing tests * stackdriver: improve error handling * graph legend: fix legend when series are having the same alias * stackdriver: remove not used query file * stackdriver: remove test datasource query. use ensuredefaultproject instead * stackdriver: remove debug comments * stackdriver: improve error handling in the datasource * stackdriver: fix typo * stackdriver: add debug logging * stackdriver: fix broken braces * stackdriver: fix broken condition after rebase * stackdriver: use constant instead of variable * stackdriver: remove debug log * stackdriver: fix failing test * stackdriver: use gce variable * stackdriver: add variable for gce authentication type * stackdriver: get default project from backend. also ensure default project could be retrieved when authentication type is gce * stackdriver: only load default project from backend if it's not available on the target. this might happen when using gce authentication and provisioning * stackdriver: display error message if project name is not present in jwt file * stackdriver: only load project name if it's not already stored in the ds info json * stackdriver: add default value for authentication type * stackdriver: wip - remove debug code * stackdriver: improve ui for toggling authentication type * stackdriver: only get default token from metadata server when applying route * stackdriver: only get default token from metadata server when applying route * stackdriver: make backend query a pure test datasource function * stackdriver: add status code * stackdriver: wip - return metric descriptors in the format of tablew * stackdriver: wip - get metric descriptors in the backend * stackdriver: wip - add logic for retrieving token from gce metadata server in the auth provider * stackdriver: wip - add very basic checkbox for gce auto authentication * stackdriver: break out project name resolving into its own function in the stackdriver.go file * stackdriver: wip - temp remove jwt token auth * stackdriver: wip - always use gce default account for stackdriver * stackdriver: wip - add scope and remove debug code * stackdriver: WIP - test retrieving project id from gce metadata * skip jwt token auth if privateKey is empty * fetch token from GCE metadata server * Revert "for development" * for development * graph legend: fix quotes displaying * graph legend: minor refactor * Enterprise crosscompilation (#13783) * component working * graph legend: fix rendering after legend changes * graph legend: refactor, fix another review issues * fix: DataPanel isFirstLoad state fix * Fix click-based selection of typeahead suggestion * ux: remove duplicate placeholder attribute * initial work to add shortcut to toggle legend - generic * scripts/build/publish.go: Fix warning on err variable. * pkg/services/alerting/reader.go: Fix should use for range instead of for { select {} }. * pkg/middleware/middleware.go: Fix empty branch warning. * pkg/plugins/plugins.go: remove ineffective break statement. * fix order for mysql, remove postgres specific code * using react component * Explore: reuse table merge from table panel * graph legend: refactor, move behaviour logic into component * stackdriver: add default project to provisioning documentation * adjust meta data queries for mysql * fix references to postgres datatypes * graph legend: review fixes * changelog: add notes about closing #13667 * changelog: add notes about closing #13718 * fixed gofmt issue after go update * fix cannot receive dingding alert bug * fix: fixed variable srv tests * stackdriver: only add unit to resonse obj if it has a value * make interpolateVariable arrow function * fix: another set of fixes for refresh * fixed issue with template refresh * Fix tslint errors * stackdriver: fix failing tests * stackdriver: make sure unit is not returned to the panel if mapping from stackdriver unit to grafana unit can't be made * Fix variable highlighting * Fixed yarn.lock (previous merge took out integrity) * changelog: add notes about closing #13710 * wip: enterprise docs * allow unit override if cloudwatch response unit is none * Revert "don't overwrite unit if user set" * don't overwrite unit if user set * changelog: add notes about closing #13674 * fix LDAP Grafana admin logic * graph legend: remove unused code * graph legend: refactor * docs: cleanup of how to build for docker. * Review feedback, increased height * changelog: add notes about closing #12342 * update changelog * remove not used file * simplify code * Explore: fix render issues in split view * A list of where to make changes when upgrading Go and Node.js (#13693) * tests * Update PromQueryField tests to address fixed bug * Fix typeahead behaviour for QueryField * permissions: cleanup. * hooked up actions * Explore: Use react-table as table component * created view * docs: installing custom plugins in docker. * Document oauth_auto_login setting * changelog: add notes about closing #13692 * postgres: use arrow function declaration of interpolateVariable * Use closure for calling interpolateVariable * changelog: add notes about closing #12308 * Add socket support for mysql data source * changelog: adds note about closing #12330 and #6696 * remove addpermissions component * cloudwatch: return a distinct list of regions * docs: update cloudwatch iam policy description * removes d in disableResolvedMessage * removed snaps * alerting: tests default value for disable resolve message * re-add hard coded region list * update doc due to client layout change * clean up tests * fix gofmt, add test, correct noted concerns with default value * fix gofmt, add test, correct noted concerns with default value * changelog: add notes about closing #13629 * add encrypt connstr param conditionally on the value chosen via GUI. * graph legend: add color picker (react) * removing datasource permissions states from grafana * update latest.json to latest stable version * update changelog * build: Upgraded nodejs to 8 on appveyor * codestyle * rename UI Option, align with control, update tests * pausing for now * Remove unwanted char * Fix incorrect alt text on logo * return default region list from backend * don't merge hard coded region list * add error message * get regions from after datasource save * show all CloudWatch regions * get region list from ec2:DescribeRegions * fix concurrent map writes * update, don't remove 'Known Issues' docs section. * update provisioning docs. * fix new setting default value handling. * rename new JSON data attrbute. * changelog: add notes about closing #13464 * changelog: add notes about closing #13553 * update changelog * doc(documentation) license * doc(documenation) * add channel option to disable the resolved alert (OK Message) that is sent when condition returns to normal. * Can render graph * Add 'encrypt' setting to MSSQL data source. * rendering settings * build: makes sure publisher.sh is available when deploying. * Fix grammar in log message * changelog: add notes about closing #13641 #13650 * Escape typeahead values in query_part * Escape values in metric segment and sql part * changelog: add notes about closing #13628 * update .bra.toml for using latest bra version * progress on react time series infra * wip: began first steps for a react graph component * various fixes to to queries tab (in react mode) * react panels query processing * react panels: got data * working on react data / query exectution * changed DataPanel from HOC to use render props * fixing unit tests * Removed reference to plugin_api.md (SDK Readme) on the development page as the file that it points to no longer exists. This addresses an open issue on the grafana.org repo * Adding tests * Adding time clockms and clocks * pkg/cmd/grafana-server/main.go: remove os.Kill as it cannot be trapped * changed to plain errors further down the alerting validation model so error did not get double wrapping in ValidationError * alerting: propagate alert validation issues to the user instead of just 'invalid alert data' message * updated gitignore * fix for graph time formating for Last 24h ranges, fixes #13650 * pkg/services/sqlstore/user_auth_test.go: comment unused users slice * fixed a typo * fixed a typo * fix: label values regex for single letter labels * created component for http settings * removes debug log. * make sure to add all variable nodes to dag before linking variables * changelog: adds note for #13607 * updated jest to 23.10 * Adds backend hooks service so extensions can modify index data * fix route issue * removed unused setting variable * minor setting refactorings * renamed extension point in the frontend * updated circleci build-container version * minor change to cloudwatch code formatting * minor ux fix for new select * fmt * grafana/grafana#13340 complete oauth doc * changed property name to UserWasDeleted and added an assert for it * Update check for invalid percentile statistics * pkg/services/alerting/notifiers/telegram.go: check error before close. * pkg/tsdb/*: Fix do not pass a nil Context * devenv: fix influxdb block * docs: refer to v5.3 instead of v5.2 * removed unsused function * docs: stackdriver fixes after review * fix mutability bug, removed unused constructor * stackdriver: check if array is empty to prevent filter from crashing. This closes #13607 * Handle DescriptionPicker's initial state #13425 * stackdriver docs: metric query editor and annotations * Update snapshots after merge * Requests for ds via backend blocked for users without permissions. * Removes unused code. * Remove CTA when CTA-action is clicked instead of a /new route #13471 * Add fancy delete button for ApiKeys. * Add form to both the CTA page and the regular list. * Add onClick handler to CTA. * Updated tests for new protip. * Updated protip, not sure what to write there. * Update tests for ApiKeys CTA screen. * changelog: add notes about closing #13616 * Show CTA if there are no ApiKeys, otherwise show table. * Extract ApiKeyCount from state. * made it possible to have frontend code in symlinked folders that can add routes * Added Loading state on org pages * fix phantomjs render of graph panel when legend as table to the right * changelog: add notes about closing #13172 * add test for es alert when group by has no limit * poc: frontend extensions * added the UserWasRemoved flag to make api aware of what happened to return correct message to UI * Remove user form org now completely removes the user from the system if the user is orphaned * remove tab * bug fix * Update time_series_query.go * changelog: add notes about closing #11711 * add admin page to show enterprise license status * docs: add version notes * tests * Css fix for selected option * User without permission to a datasource won't see it. * Updated test snapshot #13425 * Initialize Explore datasource correctly * Refactors ds permissions to a filter. * Remove the fixed widths and make it possible to pass it in as a prop instead #13425 * User filtering now works properly at the backend #13425 * Removed old code #13425 * Rename css class "gf-form-select2" to "gf-form-select-box" #13425 * Use new class names #13425 * Fixes for the tag filtering in the search #13425 * Start implementing the upgraded react-select in the tag filter box #13425 * fix /api/org/users so that query and limit querystrings works * Bump grafana/build-container to 1.2.0 * Revert "Lock down node version to see if we get rid of the circleci build issue" * Revert "Try to remove circleci cache to see if that solves the build issue" * Try to remove circleci cache to see if that solves the build issue * Generate yarn.lock from older yarn * Revert "Add node version output for debugging" * Add node version output for debugging * Lock down node version to see if we get rid of the circleci build issue * Lock down webpack to 4.19.1 to avoid issue with webpack-cli (https://github.com/webpack/webpack/issues/8082) * Bump react-select to 2.1.0 #13425 * Updated lockfile to get rid of build error #13425 * Add frontend filtering of users in user picker #13425 * Replace $white with a color working in both themes #13425 * Replace System.import() with import() to get rid of warning * Clean up css for react-select v2 #13425 * Upgrade Datasources-picker on Explore page #13425 * Enable trailing on the debounce in the TeamPicker (same as in UserPicker) #13425 * Update typescript notifications #13425 * Update (js-) tests and snapshots for react-select 2 #13425 * Remove variables not used #13425 * wip: Remove code for old react-select component #13425 * wip: The pickers are stateful nowadays, no need to pass in the current value #13425 * wip: Upgrade react-select #13425 * set v5.3 as root docs * disable permissions * whatsnew: adds image for Stackdriver * fixing weird arrow in select * update latest.json to 5.3.0 * changelog: set date for 5.3.0 release * fixing permission rows * changelog: add notes about closing #13575 * enable permissions for data source * Use correct naming convention * Fix typo * Provide more information about what's included in the Stackdriver plugin * changelog: add notes about closing #13575 * cloudwatch: return early if execute query returns error * fix tab switching * add test for automatically unit set * fix crach bug * fix id validation * refactoring after review comments * changelog: adds note for #13559 * added setting top hide plugins in alpha state * wip: fixed issues now things are starting to work as before for angular panels * pausing permissions list * Block graph queries from being queued until annotation datasource promises resolve * Redone with DataSourcePermissions * remove datasource permission admin for now * reverted AddPermissions * Explore: highlight typed text in suggestions * Update provisioning.md (#13572) * stackdriver: update docs, showing how to escape private key and use yaml multiline strings * modified AddPermissions component * set unit for CloudWatch GetMetricStatistics result * Remove duplicate labels in the datasource query * render drag handle only in edit mode * ux: minor update to look of stackdriver query help * changelog: adds note for #13495 * add gopkg.in/square/go-jose.v2 to dependencies, update github.com/hashicorp/yamux * adding permissions component * reverted back and using angular for settings and dashboards * stackdriver: improve filter docs for wildcards and regular expressions * stackdriver: always use regex full match for =~ and !=~operator * stackdriver: add tests from regex matching * stackdriver: always use regex full match for =~ and !=~operator * stackdriver: test build filter string * stackdriver: test that no interpolation is done when there are no wildcards * stackdriver: remove debug logging * stackdriver: add more tests * stackdriver: fix broken substring. also adds tests * stackdriver: remove not necessary helper functions * stackdriver: interpolate stackdriver filter wildcards when asterix is used in filter * stackdriver metric name fix. Fixes #13562 * Fixed nav model * fix for influxdb annotation issue that caused text to be shown twice, fixes #13553 * wip: restoring old angular panel tabs / edit mode * ux: final fixes to new datasource page * Fix text overflow on playlist search #13464 * docs: fix minor typos * ux: more minor ds setting tweaks * ux: more minor ds setting tweaks * ux: tweaks to add datasource page and datasource settings page * Fixed typo in query editor placeholder text. * Explore: do not show default suggestions after expressions * Explore: trigger a query field render to fix highlighting * Explore: compact state URLs * fix gofmt tests output * removed duplicate route * Use size-me to resize explore Graph, added types * algorithm to find new name if it exists * ux: misc react migration fixes and info box style improvement * docs: new variable type text box that allows free text input * docs: annotations tag filter with template variable support * docs: whats new in 5.3 - a few tweaks * mysql: note about connection max lifetime and wait_timeout * Explore: reset typeahead on cursor move * Explore: resize graph on window resize * Fix rate function hint for series with nulls * Extract query hints * Prevent Explore from updating when typing query * Avoid new metrics options being passed selector, made PromField pure * Perf on query field and typeahead * Dont rebuild datasource options on each render * contributing.md * changelog: add notes about closing #13326 * react-2-angular: added generic angular directive loader util that can be used from react * search data source types * mini fix * css: minor fix to search * bump master version to 5.4.0-pre1 * provisioning: adds more logging about failed to deletion of provisioned dashboards * various fixes and improvements * changelog: set date for 5.3.0-beta3 release * build: fix for invalid pathing for release publisher * changlog: adds note about closing #13551 and #13507 * new grid layout add data source * test: updated react snapshot * ux: minor tweak to link * stackdriver: adds missing nginject attribute * docs: better wording and docs links. * Fix issue with updating role permissions #13507 * fixed toggle buttons * dataproxy should forward a trailing slash to proxy * add datasource proxy test to verify trailing slashes are forwarded * centered dashboard icon in search with flexbox * mssql: fix tests * build: automatically publish releases to grafana.com. * updated after pr feedback * pkg/tsdb/postgres/postgres_test.go: pass context.Background() instead of nil * pkg/tsdb/mysql/mysql_test.go: pass context.Background() instead of nil * pkg/tsdb/mssql/mssql_test.go: pass context.Background() instead of nil * adjust mssql tests * pkg/tsdb/elasticsearch/client/client_test.go: pass context.Background() instead of nil * added data source type type * pkg/services/alerting/notifiers/telegram_test.go: pass context.Background() instead of nil * remove generic macros from macros_test and add integration test for generic macros * Revert "Revert "Org users to react"" * Revert "Org users to react" * add postgres test for global macros * add test * stackdriver heatmap support * added slow queries scenario to test data source, added new panel test dashboard with slow queries * Fix "appropriate"-typo * Update configuration doc to include socket at server * move timeFrom, timeTo, unixEpochFrom and unixEpochTo macros to sql_engine * wip: began work on support for testdata tables & annotations support * docs: connection limits for sql datasources * ux: put connection limits under own section * fiddling with validation * changelog: adds note about closing #13492 * view and route * wip: made sqlstore dialect accessable from outside * better comment about state changes * get or create alert notification should use transaction * use notification state id instead of notifier id * merges defaultShouldNotify and ShouldNotify * move version conflict logging for mark as complete to sqlstore package * removed duplicate route * improve local variable name * avoid exporting notificationState and notificationStateSlice * avoid sending full notification state to pending/complete * deleting obsolete things * Make max open, max idle connections and connection max life time configurable * snap * fix after merge from master * rename GetNotificationStateQuery to GetOrCreateNotificationStateQuery * reminder: uses UpdatedAt to track state changes. * snaps * invitees * changed from RFC to PureComponent * devenv: add postgres ha test config example * wip: going in circles * typo in sample.ini * pkg/tsdb/cloudwatch/credentials.go: Remove unnecessary variable assignment * pkg/cmd/grafana-server/main.go: '_ = <-ch' simplified to '<-ch' * pkg/tsdb/stackdriver/stackdriver_test.go: return simplified * Fix megacheck issue unused code. * invites table * Update ldap.md * use alert state changes counter as secondary version * wip: data source permissions hooks * docs: stackdriver version notice. * tests * added default prop instead of specifying prop * filter users in selector based on search * Moved explore helpers to utils/explore * Explore: jump to explore from panels with mixed datasources * functions and tests * cleanup alert_notification_state when deleting alert rules and channels * don't notify if notification state pending * remove unused code * stackdriver: set default view parameter to FULL * stackdriver: no tags for annotations (yet) * stackdriver: add help section for annotations * devenv: enable some debug logging for ha test setup * alert -> ok with reminders enabled should send * stackdriver: revert an accidental commit for text template variable * Added test for url state in Explore * Make Explore a pure component * first crude display * stackdriver: remove metric.category alias pattern * stackdriver: remove commented code * stackdriver: unit test group by and aggregation dropdown changes * stackdriver: make it impossible to select no aggregation when a group by is selected * Explore: Store UI state in URL * stackdriver: add relevant error message for when a user tries to create a template variable * stackdriver: make sure labels are loaded when service is changed in dropdown * stackdriver: change info logging to debug logging * stackdriver: change pattern for annotation to metric.value * stackdriver: add support for bool values * stackdriver: add support for int64 values * stackdriver: use correct default value for alignment period * stackdriver: fix reducer names * fix set sent_at on complete * snaps * noop services poc * implemented general actionbar * handle pending and completed state for alert notifications * stackdriver: fix froamt annotation text for value * stackdriver: make it possible to use point values of type string * No need to get alert notification state in ShouldNotify * using constant * added no datasources added * stackdriver: broadcasting through $scope doesnt work anymore since query_filter_ctrl is now a sibling directive to query_aggregation_ctrl, so broadcasting is now done using $rootScope * wip: test get alert notification state * wip: send and mark as complete * components, test, removed old not used files * wip: impl so that get alertstate also creates it if it does not exist * fix: preloader element issue * Adding AWS Isolated Regions * wip * stackdriver: pattern formatting for annotations * stackdriver: fix alignment period bug * stackdriver: set first metric as selected if no metric could be retrieved from the target * stackdriver: wip annotation support * Compile TS of the whole project to detect type errors * stackdriver: update tests * stackdriver: es6 style directive, avoid using scope * deletez * refactoring: slight changes to PR #13247 * revert rename * stackdriver: fix typescript error * stackdriver: remove not needed alignment option * using constant * stackdriver: extract out filter, metric type directive * stackdriver: add unit tests to resolve unit function * rename to pluginlistitem * fixing types * stackdriver: convert most common stackdriver units to grafana units if possible * sqlstore: add support for checking if error is constraint validation error * rewrote to use react.sfc * explore: fixes to dark theme, fixes #13349 * Remove angular code related to API Keys and point the route to the React component #13411 * Open modal with API key information after key is added #13411 * Add tests for the reducers & selectors for API keys #13411 * Update test-snapshot, remove dead code #13411 * Add tests for ApiKeysPage #13411 * Add "search box" and a "add new" box to the new API Keys page #13411 * Pick up the type from app/types * Pick up the type from app/types * Move User type out of UserPicker and into app/types * wip: Reactify the api keys page #13411 * add support for mysql and postgres unique index error codes * implement sql queries for transactional alert reminders * stackdriver: fix typescript errors * stackdriver: pass interval from panel to backend * stackdriver: remove debug logging * stackdriver: update docs so that they align with alignment period rules in stackdriver gui * stackdriver: update alignment period rules according to stackdriver * stackdriver: set target to be raw query * stackdriver: publish docs to v5.3 (not root) * initial rename refactoring * changelog: adds note about closing #12534 * devenv: grafana high availability (ha) test setup * stackdriver: use more appropriate test data * Add goconst to CircleCI * fix: also set dashboard refresh to false * simplified fix for 12030 * prevent refresh on fixed time window * using more variables * stackdriver: fix broken test * stackdriver: workaround for the fact the jest definitions does not include not * stackdriver: docs update * stackdriver: WIP - implement stackdriver style auto alignment period. also return the used alignment period and display it in the query editor * stackdriver: distinct grafana auto from stackdriver auto in alignment period * stackdriver: use correct name for variable * stackdriver: remove montly from alignment periods * Added constant * tests * stackdriver: add alignemnt period * stackdriver: make sure service and metric display name is used instead of value when loading a saved query editor * alerting: move all notification conditions to defaultShouldNotify * stackdriver: use correct event name * stackdriver: fix broken tests * stackdriver: update aggregation and alignment before refreshing when changing metric * stackdriver: use correct naming convention * stackdriver: get value type and metric kind from metric descriptor instead of from latest metric result * filter NULL values for column value suggestions * changed to first and last child * imguploader: Add support for ECS credential provider for S3 * stackdriver: adds on-change with debounce for alias by field * cli: fix init of bus * Remove .dropdown-menu-open on body click fixes #13409 * stackdriver: improve aggregation logic * stackdriver: fix failing test * stackdriver: wip: split metric dropdown into two parts - resource and metric * first test * stackdriver: remove console.log * filter plugins and layout mode * stackdriver: typescriptifying controller * render list * stackdriver: break out aggretation logic into its own directive and controller. also adds tests for new dropdown population logic * Remove option r from ln command since its not working everywhere * fix: updated tests * using variable * Fix spelling of your and you're * Changed setting to be an alerting setting * created test for graph disclaimer * Remove non-existing css prop * fix: Legend to the right, as table, should follow the width prop. Removing css conflicting with baron's width calculation. #13312 * stackdriver: populate alignment and aggregation dropdowns based on metric type and value type * docs: postgres gif. * limit number of time series show in explore graph * docs: whats new for 5.3 * rendering: Added concurrent rendering limits * stackdriver: fix test after parameter added to constructor * stackdriver: skeleton for more query types on the backend * stackdriver: better error handling for getLabels * stackdriver: move getLabels from query_ctrl to datasource * Run all sql data source queries for one panel concurrently * removed border, cleaned up css and fixed class naming * devenv: fix uid for bulk alert dashboards * Explore: moved code to app/features/explore * target gfdev-prometheus datasource * stackdriver: fix bug when multiple projects connected to service account * devenv: adds script for creating many dashboards with alerts * stackdriver: refactoring - extract out filtersegments component * stackdriver: alias patterns WIP * Fix goconst issues * When stacking graphs, always include the y-offset so that tooltips can render proper values for individual points * provisioning: changed provisioning default update interval from 3 to 10 seconds * Update render.js * Update render.js * Fix https://github.com/grafana/grafana/issues/13387 metric segment options displays after blur * docs: improve oauth generic azure ad instructions * invalidate access token cache after datasource is updated * Fix datbase > database * Fix changed want md5 hash * Revert Fahrenheit to Farenheit * Fix some typos found by codespell * Fix misspell issues * fix: use same User-Agent header as in other places in grafana when making external requests * docs: changed Json Web Token wording to be just JSON key file * added beta notice * created switch button for org users that can toggle between users and invites * pkg/tracing/tracing.go: replace deprecated cfg.New function * stackdriver: remove WIP tests * pkg/services/sqlstore/user.go: empty branch * pkg/tsdb/elasticsearch/response_parser.go: simplify redundant code * pkg/tsdb/elasticsearch/client/search_request.go: simplify loop with append. * Explore: remove closing brace with opening brace * Explore: show series title in tooltip of legend item * Explore: dont rate-hint on rate queries * Explore: Fix metric suggestions when first letters have been typed * Fix misspelled authentication in Auth overview doc * fix reader linux test * resolve symlink on each run * stackdriver: add templating support for metric, filter and group by * wip: panel options idea2 * stackdriver: use group by fields to create default alias * make sure we don't add the slash twice * Update render.js * devenv: fix docker blocks paths * Updated phantomjs render script to take full height screenshots * devenv: re-add missing docker-compose files * Explore: Fix label suggestions for recording rules * Explore: Fix click to filter for recording rule expressions * Don't use unnest in queries for redshift compatibility * pkg/tsdb/elasticsearch/client/client.go: use time.Since instead of time.Now().Sub * pkg/plugins/dashboards_updater.go: Simplify err check * pkg/services/sqlstore/alert_notification.go: Simplify err check * remove the test that does not do anything * add the trailing slash * stackdriver: add custom User-Agent header * stackdriver: remove hardcoding of test project name * updated * set maxworkers 2 for frontend tests * removes codedov refs * disable codecov * add a test * Fix setting test * stackdriver: improve query look * moves /tests to /pkg/plugins * stackdriver: add alignment period to query controller * stackdriver: making sure we dont pass too big alignmentPeriods to the stackdriver api * stackdriver: fix broken tests * stackdriver: adds default value for alignment period * stackdriver: use alignment period that is passed from frontend. if set to auto, use value provided from the panel. also added tests for alignment period * stackdriver: use alignment that is passed from frontend in the query * stackdriver: adds advanced options collapse to query editor with the possibility to select secondary aggregation and alignment * removes testdata from getting started * stackdriver: fix init labels bug * moves benchmark script to devenv * moves docker/ to devenv/docker * changelog: adds note about closing #9735 * docs: add version disclaimer for postgres query editor * moves files from /tests to more appropriate folders * docs: template variable support for annotations * Update getting_started.md * pkg/services/sqlstore: Fix sess.Id is deprecated: use ID instead. (megacheck) * pkg/services/sqlstore: Fix x.Sql is deprecated: use SQL instead. (megacheck) * fix: increased team picker limit to 50, closes #13294 * rename folder * Add documentation for PostgreSQL query builder * stackdriver: improve query editor to handle no data better * stackdriver: fixes in query editor * stackdriver: type rename * display team member labels * new column for team_member table * fix hipchat color code used "no data" notifications * stackdriver: makes sure filter dropdown doesnt crash if clicked before values are loaded * fixes strange gofmt formatting * stackdriver: adds null check to query * gdev: added test dashboard for polystat panel * Explore: Add multiline syntax highlighting to query field * stackdriver: add support for filtering to backend * Hotfix for Explore (empty page after running query) * stackdriver: add filters to query editor * ldap: made minor change to group search, and to docs * stackdriver: fixes remove option in filter * dsproxy: add mutex protection to the token caches * metrics: starts some counters at zero * tech: remove all mobx stuff * stackdriver: wip - filters for query editor * stackdriver: adds remove group by option * stackdriver: improve segments for group bys in query editor * stackdriver: load time series meta data for group by dropdown * stackdriver: make sure distinct labels are returned. also added test * stackdriver: fix failing test * stackdriver: test get metric types * stackdriver: wip - group bys * stackdriver: update logo * stackdriver: ux for config page, docs updated * upload: make the button text configurable * stackdriver: add simple readme * stackdriver: reverse points array to be in ascending order * stackdriver: adds support for primary aggregations * stackdriver: better error handling and show query metadata * stackdriver: tests for parsing api response * stackdriver: add first test for parsing frontend queries * Stackdriver: Fix weird assignment * Stackdriver: Use metric type from query controller state * Stackdriver: Set target correctly * Stackdriver: Break out parse response to its own func * Stackdriver: Use ds_auth_provider in stackdriver. This will make sure the token is renewed when it has exporired * Stackdriver: Restructured ds proxy tests * stackdriver: fix test * Stackdriver: Add new file * Stackdriver: Start breaking out apply route to its own file * Stackdriver: Parsed url params * Stackdriver: Parse datapoints correctly * Stackdriver: Add backed query using * Stackdriver: Prettify json * Stackdriver: Move data to target * Stackdriver: Load example metric and start parsing response * Stackdriver: Exposing stackdriver backend api * Stackdriver: Use new access token API * Stackdriver: Temporary exporting token lookup * Stackdriver: Loads project name and metrics descriptions into the query controller * Stackdriver: Corrected field title and removed debug logging * Stackdriver: Removed debug logging * Stackdriver: Improved feedback for when a JWT is already uploaded in the ds config page * docs: first draft for stackdriver datasource * dsproxy: implements support for plugin routes with jwt file * Stackdriver: Added test for getProjects * Stackdriver: Refactored api call to google resource manager * Stackdriver: Add scope for google resource manager * Stackdriver: Fixed error message from google resource manager * Removes comment * Adds skeleton for loading projects from google resource manager * Adds unit tests to test datasource * Implemented datasource test * Fixed broken if statement * Adds jwt token signing google auth * Improved user experience * Upload: Fixing link function in directive * Adds poc code for retrieving google auth accesstoken * Build new stackdriver frontend script * Add stackdriver backend skeleton * Adds stackdriver frontend skeleton * Use datasource cache for backend tsdb/query endpoint (#13266) * added underline to links in table * fix: add permission fixes * test: added simple dashboard reducer test * feat: dashboard permissions are working * Fix gauge display accuracy for "percent (0.0-1.0)" * use pluginName consistently when upgrading plugins * removes old unused examples (#13260) * fix: added loading screen error scenario (#13256) * changelog: add notes about closing #11555 * Interpolate $__interval in backend for alerting with sql datasources (#13156) * anonymous usage stats for authentication types * disabling internal metrics disables /metric endpoint * wip: dashboard permissions to redux * renames PartialMatch to MatchAny * fix: add folder permission fix * fix: fixed tslint issue introduced in recent prometheus PR merge * Folder pages to redux (#13235) * folder permissions in redux * minor fix * fix test * add annotation option to treat series value as timestamp * wip: first couple of things starting to work * fix: added reducer test * Adhoc-filtering for prometheus dashboards (#13212) * docs: include active directory ldap example and restructure * First pass at a text based template var, getting feedback from devs * fix: url update loop fix (#13243) * wip: working on reducer test * fix: gofmt issues * fix: added loading nav states * redux: moved folders to it's own features folder * fix theme parameter not working problem while prefer theme set to light (#13232) * fix: added type export to fix failing test * fix: fixed typescript test error * mobx -> redux: major progress on folder migration * another circleci fix * Another circleci fix * changed gometalinter to use github master * commented out metalinter as gopkg is having issues * wip: folder settings page to redux progress * Fix prometheus label filtering for comparison queries (#13213) * Upgrade react and enzyme (#13224) * enable partial tag matches for annotations * put folder name under dashboard name, tweaked aliginments in search results * support template variables with multiple values * Teams page replace mobx (#13219) * renames jest files to match new convention * upgrade of typescript and tslint and jest (#13223) * fix nil pointer dereference (#13221) * removes protoc from makefile * wip: folder to redux * changelog: note about closing #11681 * Adding Centrify configuration for Oauth * wip: progress on redux folder store * wip: moving option tabs into viz tab * fix: changing edit / view fullscreen modes now work * actions for group sync * initial render/refresh timing issues * team settings * wip: began folder to redux migration * test for team member selector * flattened team state, tests for TeamMembers * refactor: moved stuff into new features dir manage-dashboards * move: moved styleguide to admin * fix: fixed singlestat test broken due to file move * moved folders from features into the main feature folder they belong to * Add jsonnet with grafonnet-lib to provisioning docs * fix: Dashboard permissions now shows correctly, fixes #13201 * redux: do not use redux logger middleware in production builds * Allow oauth email attribute name to be configurable (#13006) * Document required order for time series queries (#13204) * refactor: changed AlertRuleItem pause action to callback * Fix query builder queries for interval start * team members, bug in fetching team * renaming things in admin * graph legend: use refactored version of scrollbar, #13175 * Teampages page * refactoring: custom scrollbars PR updated, #13175 * scrollbar: use enzyme for tests instead of react-test-renderer * changelog: add notes about closing #13121 * fix code formatting * Fix quoting to handle non-string values * scrollbar refactor: replace HOC by component with children * graph legend: scroll component refactor * scrollbar refactor: replace HOC by component with children * adds usage stats for alert notifiers (#13173) * changelog: typo * docs: what's new in v5.3 placeholder * tests for withScrollBar() wrapper * tests for withScrollBar() wrapper * changelog: restructure and add 5.3.0-beta1 header * changelog: add notes about closing #13157 * wrapper for react-custom-scrollbars component * graph legend: use 'react-custom-scrollbars' for legend scroll * wrapper for react-custom-scrollbars component * docs: sql datasources min time interval * changelog: note about closing #10424 * docs: minor fixes * docs: Updated auth docs * docs: updated * spelling errors * make default values for alerting configurable * Adding Action to view the graph by its public URL. * changelog: order changes by group (ocd) * changelog: add notes about closing #13030 * added radix rule and changed files to follow rule (#13153) * set search query action and tests * docs: default paths in the docker container. * delete team * added only-arrow-functions rule and changed files to follow new rule (#13154) * load teams and store in redux * build: uses 1.1.0 of the build container. * creating types, actions, reducer * Only authenticate logins when password is set (#13147) * refatoring: minor changes to PR #13149 * Add min time interval to mysql and mssql * build: updated build-container with go1.11. * added no-conditional-assignment rule and changed files to follow new rule * fix test failures for timeInterval * document postgres min time interval * Add min time interval to postgres datasource * Changed functions to arrow functions for only-arrow-functions rule. (#13131) * mobx: removed unused SearchStore * fix: Updated test * redux: minor changes to redux thunk actions and use of typings * Reactify sidebar (#13091) * Changed functions to arrow functions for only-arrow-functions rule. * removed unused mobx state * changed functions to arrowfunctions for only-arrow-functions rule (#13127) * fix: fixed home dashboard redirect issue when behind reverse proxy, fixes #12429 (#13135) * tests * Changed functions to arrow functions for only-arrow-functions rule. * improve remote image rendering (#13102) * handle new variables created not yet added * changelog: add notes about closing #10095 * graph legend: implement series toggling and sorting * docs: postgres provisioning * changelog: adds note about closing #13125 * fixed title prefix, fixes #13123 (#13128) * Reopen log files after receiving a SIGHUP signal (#13112) * Fixed a bug in the test and added test for filter alert rules * graph legend: react component refactor * added Bitcoin as a currency option * added new-parens rule (#13119) * cli: avoid rely on response.ContentLength (#13120) * some basic selector tests * fixed testcase * pausing alert * docs: v5.2 upgrade notice, ref #13084 * changelog: add notes about closing #7330 * extend from purecomponent * remove log * actions and reducers for search filter * added rule use-isnan and and updated file to follow new rule (#13117) * added no-namespace and no-reference rules (#13116) * added no-angle-bracket-type-assertion rule and updatet files to follow rule (#13115) * Updated rules for variable name (#13106) * update wording and punctuation (#13113) * redux: improved state handling * redux: progress * wip: load alert rules via redux * refactor: changed nav store to use nav index and selector instead of initNav action * moving things around * Fix array display from url * wip: solid progress on redux -> angular location bridge update * wip: moving things around * wip: moveing things around * wip: redux refactor * pass timerange in meta data queries * ignore information_schema tables * added jsdoc-format rule and fixed files that didn't follow new rule (#13107) * set member-access and no-var-keyword to true, removed public in two files (#13104) * fix: for text flickering in animation on chrome on windows * graph legend: minor refactor * use quoting functions from MysqlQuery in datasource * render query from query builder * graph: make table markup corresponding to standards * graph: legend as React component * wip: redux * redux: wip progress for using redux * fixed so preloader is removed when app is loaded * removed console.log * separated fade-ins for logo and text, tweaked delays and timing for fade-in animations * docs: minor updates, more work to do * ux: minor fixes to loading screen * start implementing mysql query editor as a copy of postgres query editor * reset metric column when changing table * fix timeFilter resetting when changing table * when changing table, refresh panel once after columns have been changed * added pro-tip text, removed pro-tip link * fixed styling for background and text, added intro animation, added fade in to text * fix timecolumn handling when table changes * set default for timeGroup in query builder to $__interval * when changing table reset columns * fix metric column suggestions * fix suggestions for metric column * Return correct path for OpenBSD in cli's returnOsDefault (#13089) * updated changelog * New TV Mode, dashboard toolbar update (layout change & new cycle view mode button) (#13025) * added this:any to functions and changed functions to arrowfunctions * feat: loading css async & inline svg * Explore: keep query when changing datasources (#13042) * changed var to let in 50 files (#13075) * changed var to let in last files (#13087) * tsconfig: started on setting noImplicitThis to true * tsconfig: format file * document postgres version and TimescaleDB option * tslint: added 1 more rule, #12918 * tslint: added 2 more rules and removed unused component, #12918 * tslint: added a new tslint rule * added rule prefer const to tslint (#13071) * dep ensure (#13074) * hide Query Builder button for table panels * check for correct quoting of multiple singlequotes * changed var to const 2 (#13068) * changed var to const (#13061) * update latest.json to latest stable version * docs: corrected docs description for setting * remove min time interval from datasource config * remove unneeded queryOptions * changelog: add notes about 4.6.4 and 5.2.3 releases * fix quoting * strip quotes when auto adding alias * handle quoting properly for table suggestion * link to github instead * recheck timecolumn when changing table * update filter macro on time column change * string formating fixes * go fmt fixes * Moved tooltip icon from input to label #12945 (#13059) * added empty cta to playlist page + hid playlist table when empty (#12841) * changed from rotating to bouncing, maybe to much squash and stretch * Update provisioning.md * make default mode for table panels raw editor * improve description for timescaledb option * Review feedback. * use series matchers to get label name/value * changelog: add notes about closing #12865 * fixed so validation of empty fields works again * added a loading view with a spining grafana logo * fix handling of variable interpolation for IN expresions * tslint: tslint to const fixes part3 (#13036) * tslint: more const fixes (#13035) * tslint: changing vars -> const (#13034) * tslint: autofix of let -> const (#13033) * fix: minor fix to changing type * upgrades to golang 1.11 * wip: angular panels now have similar edit mode and panel type selection enabling quick changing between panel react and angular panel types * add min interval to postgres datasource * wip: major change for refresh and render events flow * fix: going from fullscreen fix * wip: minor fixes * copy and docs update for alert notification reminders * change/add tests for alerting notification reminders * wip: trying to align react & angular edit modes * WIP Update tslint (#12922) * changelog: add notes about closing #12952 #12965 * build: fixes rpm build when using defaults. * docs: reminder notifications update * changelog: add notes about closing #12486 * docs: changes * created a section under administration for authentication, moved ldap guide here, created pages for auth-proxy, oauth, anonymous auth, ldap sync with grafana ee, and overview, moved authentication guides from configuration to, added linksin configuration page to guides * fixed so animation starts as soon as one pushes the button and animation stops if login failed * added link to getting started to all, changed wording * tests: fix missing tests (with .jest suffix) * docs: alerting notification reminders * update copy/ux for configuring alerting notification reminders * heatmap: fix tooltip bug in firefox * fix tableSegment and timeColumnSegment after table suggestion * Update notifications.md * sql: added code migration type * changelog: add notes about closing #11890 * Explore: Apply tab completion suggestion on Enter (#12904) * Show min-width option only for horizontal repeat (#12981) * Fix bulk-dashboards path (#12978) * add suggestions for reminder frequency and change copy * don't write to notification journal when testing notifier/rule * remove unnecessary conversion (metalinter) * fix after merge with master * Refresh query variable when another variable is used in regex field (#12961) * Webpack tapable plugin deprecation (#12960) * unify quoting * dsproxy: interpolate route url * prefill editor with first metric table * only allow 1 filter macro in where clause * fix timeColumnType assignment * make suggested filter macro depend on type * use unixEpochGroup macro for unix timestamp * alerting: inline docs for the slack channel. * Replacing variable interpolation in "All value" value * changelog: add notes about closing #12229 * cleaning up test data * changelog: add notes about closing #12892 * docs: es versions supported * devenv: update sql dashboards * when value in variable changes, identify which variable(s) to update * removed inverse btn styling and added bgColor to generic oauth and grafana.com login buttons, added styling so log in button uses dark theme inverse btn styling both for dark and light theme * suggest operators depending on datatype * Doc - fix title level * Update doc about repeating panels * Doc - fix broken link * build: beta versions no longer tagged as latest. * docs: cleanup. * docs: docker and restarts. * update persisted parts on param change * persist datatype information * Don't do value suggestions for numeric and timestamp * created a class for loading buttons, added a button for when login slow on login page * rename postgres_query.jest.ts to .test.ts * fix variable escaping * autodetect timescaledb when version >= 9.6 * build: duplicate docker run-script removed. * detect postgres version for saved datasources * Set User-Agent header in all proxied datasource requests * use pointer cursor for buttons in query editor * docs: cloudwatch dimensions reference link. * require postgres 9.4+ for ordered set aggregate functions * add postgres version to datasource config * only show first/last aggregate when timescaledb is enabled * keep jsonData in PostgresDatasource * docs: remove message property in response from get alerts http api * changelog: add notes about closing #5623 * build: cleanup * should allow one default datasource per organisation using provisioning * build: fixes rpm verification. * docs: add grafana version note for gitlab oauth * docs: gitlab: add note about more restrictive API scope * social: gitlab_oauth: set user ID in case email changes * docs: document GitLab authentication backend * social: add GitLab authentication backend * build: verifies the rpm packages signatures. * changelog: add notes about closing #12224 * added guide for logging in to grafana for the first and how to add a datasource * docs: update * feat: add auto fit panels to shortcut modal, closes #12768 * changelog: add notes about closing #12680 * docs: update postgres provisioning * Remove dependencies * Rename test files * changelog: add notes about closing #12598 * add version disclaimer for TimescaleDB * document TimescaleDB datasource option * Use variable in newPostgresMacroEngine * Remove Karma scripts and docs * changelog: add notes about closing #10705 * fix: ds_proxy test not initiating header * Don't pass datasource to newPostgresMacroEngine * Remove tests and logs * Fix for Graphite function parameter quoting (#12907) * don't render hidden columns in table panel (#12911) * fix: added missing ini default keys, fixes #12800 (#12912) * refactor timescaledb handling in MacroEngine * change: Set User-Agent to Grafana/%Version% Proxied-DS-Request %DS-Type% in all proxied ds requests * Remove comment * Cleanup * All tests passing * Class to function. Half tests passing * Karma to Jest: graph (refactor) (#12860) * tech: removed js related stuff now that 99% is typescript (#12905) * Add React container * changelog: add notes about closing #12805 * fix redirect to panel when using an outdated dashboard slug (#12901) * Add commit to external stylesheet url (#12902) * build: increase frontend tests timeout without no output * fix: Alerting rendering timeout was 30 seconds, same as alert rule eval timeout, this should be much lower so the rendering timeout does not timeout the rule context, fixes #12151 (#12903) * changelog: add notes about closing #12476 * now hides team header when no teams + fix for list hidden when only one team * Rename to HeatmapRenderer * Mock things * Explore: Fix label filtering for rate queries * add $__unixEpochGroup to mssql datasource * add $__unixEpochGroup to mysql datasource * Add $__unixEpochGroup macro to postgres datasource * changed const members to filteredMembers to trigger get filtered members, changed input value to team.search (#12885) * get timecolumn datatype on timecolumn change * changelog: add notes about closing #12882 * Removes link to deprecated docker image build * Add mocks * fix datatype query * Changelog update * docker: makes it possible to set a specific plugin url. * Add support for $__range_s (#12883) * Refactor setting fillmode * Update dashboard.md * Fix typo * Explore: label selector for logging * Replace element * Rewrite heatmap to class * Explore: still show rate hint if query is complex * Explore: Filter out existing labels in label suggestions * Add note for #12843 * Fix initial state in split explore * replaced with EmptyListCta * Begin conversion * changed messaging * mention time_bucket in timescaledb tooltip * keep legend scroll position when series are toggled (#12845) * replaced confirm delete modal with deleteButton component in teams members list * [wip]added empty list cta to team list, if statement toggles view for when the list is empty or not * Update NOTICE.md * Fix padding for metrics chooser in explore * fix rebase error * revert passing ctrl to testDatasource * change timescaledb to checkbox instead of select * add timescaledb option to postgres datasource * build: fixes png rendering in the docker based docker-image build. * remove duplicated /tmp entry in .dockerignore * move run script, update README * produce an image compatible with grafana-docker * More efficient builds and some fixes to the Go binaries * Simple Docker-based build option * Add example OR search_filter to docs * Explore: expand recording rules for queries * Explore: Query hints for prometheus (#12833) * Convert URL-like text to links in plugins readme * skip target _self to remove full page reload * use uid when linking to dashboards internally in a dashboard * add previous fill mode to query builder * added more info about the teams * removed mock-teams, now gets teams from backend * changelog: add notes about closing #12756 * add api route for retrieving teams of signed in user * devenv: update sql dashboards * team list for profile page + mock teams * changelog: add notes about closing #11270 * Fixing bug in url query reader and added test cases * fix missing * * rename last fillmode to previous * change fillmode from last to previous * return proper payload from api when updating datasource * Review feedback * changelog: update #12768 * Remove window * Fix url param errors * Explore: Metrics chooser for prometheus * Add clear row button * Add clear button to Explore * Explore: show message if queries did not return data * Fix closing parens completion for prometheus queries in Explore (#12810) * Update ROADMAP.md * Update ROADMAP.md * Update ROADMAP.md * switched to lowercase * replaced escape() call, renamed formatter to be more expressive * Smaller docker image (#12824) * build: failing to push to docker hub fails the build. * Reversed history direction for explore * Explore: Add history to query fields * unix socket docs * Explore: facetting for label completion (#12786) * docs: how to build a docker image. * Remove Karma test * All tests passing * Add mock constructor * Begin conversion * Convert query control * Convert datasource * refactor: take submenu into account PR #12796 * refactor: renaming variables, refactoring PR #12796 * refactor: moving code around a bit, refactoring PR #12796 * Remove weird import * Disable submenu when autopanels is enabled * Extract to own method * Use and add keybard shortcut * Add temporary url parameter * Replace floor with round * Go with just single margin compensation * Add margin and padding compensation * Remove weird import * Fit panels to screen height * dont break default parameters for functions * fix suggestion query * renamed slate unit tests to .jest.ts * Remove simple tests * Support client certificates for LDAP servers * Begin conversion * Add click on explore table cell to add filter to query (#12729) * dont order for aggregate * build: makes it easier to build a local docker container. * add moving average to query builder * adjust frontend test * use $__timeGroupAlias macro * specify grafana version for last fill mode * add fillmode "last" to sql datasource * build: disables external docker build for master and release. * build: complete docker build for master and releases. * build: removes unused args to docker build. * build: imported latest changes from grafana-docker. * build: attach built resources. * build: builds docker image from local grafna tgz. * build: new workflow for PR:s and branches. * docker: inital copy of the grafana-docker files. * changelog: add notes about closing #1823 #12801 * Add auto_assign_org_id to defaults.ini * changelog: add notes about closing #12749 * changelog: add notes about closing #12766 * adjust test dashboards * remove info logging * added two new classes for color, fixed so link has value color * changelog: add notes about closing #12063 * Add new Redshift metrics and dimensions for Cloudwatch datasource * changelog: add notes about closing #12752 * changelog: update * Improve iOS and Windows 10 experience (#12769) * add series override option to hide tooltip (#12378) * changelog: add notes about closing #12785 * removed table-panel-link class * removed table-panel-link class and add a class white to modify table-panel-cell-link class * add warning when switching from raw sql mode * add more prominent button for switching edit mode * document $__timeGroupAlias * add $__timeGroupAlias to mysql and mssql * fix custom variable quoting in sql* query interpolations * add compatibility code to handle pre 5.3 usage * Change to arrow functions * Add all tests to one file * changelog: add notes about closing #12561 * Remove angularMocks * All tests passing * replaced style with class for links * Add $__timeGroupAlias to postgres macros * adjust test dashboards * remove alias from postgres $__timeGroup macro * changelog: add notes about closing #12762 * fix: team email tooltip was not showing * fix: test data api route used old name for test data datasource, fixes #12773 * removed a blank space in div * fixed color for links in colored cells by adding a new variable that sets color: white when cell or row has background-color * changelog: add notes about closing #12300 * Weird execution order for the tests... * fixed test result * added urlescape formatting option * changelog: add notes about closing #12744 * changelog: add notes about closing #12727 * add aws_dx to cloudwatch datasource * also fixed "Watt per square metre" * fixed that missing one * add version note to metric prefix and fix typo * devenv: update sql dashboards * mssql: update tests * fix usage of metric column types so that you don't need to specify metric alias * Begin conversion * changelog: update * changelog: add notes about closing #12747 * Add missing tls_skip_verify_insecure (#12748) * rename special to windows * add first and last support * refactor function handling in query builder * refactor column function handling * consistent nameing fro group and select * mssql: add logo * add tests for metric column prefix to mssql * add metric column prefix test for mysql * document metric column prefix in query editor * document metric column prefix for mysql and mssql * Remove extra mock * Karm to Jest * correct volume unit * Remove lo * Test passing. Remove Karma * adjust metric prefix code to sql engine refactor * add testcase for metric column as prefix * Use metric column as prefix * Fix emit errors * Fix test * Add async/await * refactor schema query generation * removed unused class from the deletebutton pr * frontend part with mock-team-list * Update test for local time * update devenv datasources and dashboards for sql datasources * Begin conversion * use const for rowlimit in sql engine * Cleanup * Remove Karma file * All tests passing * All except one passing * remove tableschema from query builder ui * changelog: add notes about closing #12731 * elasticsearch: support reversed index patterns * update devenv datasources and dashboards for sql datasources * mssql: use new sql engine * mysql: use new sql engine * postgres: use new sql engine * refactor sql engine to make it hold all common code for sql datasources * Pass more tests * Refactor Explore query field (#12643) * Begin conversion * All tests passing. Remove Karma test. * Almost all tests passing * Add tslib to TS compiler * docs: using interval and range variables in prometheus * Two passing tests * Update Configuration.md * Start conversion * changelog: add notes about closing #12533 * changelog: add notes about closing #12668 * changelog: update * changelog: add notes about closing #12668 * fix for typeahead background, increased lighten * added position absolute and some flexbox so I could remov changes in display and setTimeout, added tests and types, did some renaming * fix invalid reference * minor fixes * fix failing test due to time diff issues * Remove comments * remove unneeded comment * Remove old influx stuff * changelog: add notes about closing #12489 * changelog: add notes about closing #12551 * changelog: add notes about closing #12533 * Karma to Jest * Begin conversion * changelog: add notes about closing #12589 * changelog: add notes about closing #12636 #9827 * Remove influx qeury_ctrl jest, as it is already completed * Test fail depending on test order * Karma to Jest: begin influx query_ctrl * Make beautiful * Karma to Jest: completer * Remove comments and Karm test * Karma to Jest * Pass more tests * changelog: add notes about closing #12644 * fix code style * docs: mentation that config changes requires restart. * return 400 if user input error * changing callback fn into arrow functions for correct usage of this (#12673) * Fix requested changes * Add templating docs for * Add docs about global variables in query template variables * Figuring out why it doesn't initialize * Add support for interval in query variable * Add jest file * Change to arrow functions * Add graph_ctrl jest * changelog: add notes about closing #12691 * Update kbn.ts * Add jest test file * Id validation of CloudWatch GetMetricData * Fix timezone issues in test * fix window function query without group by * changelog: adds note for #11487 * add order by to metadata queries * set explicit order for rate and increase * escaping ssl mode on postgres param * fix pre gui queries shortcircuit * Add unit test for InfluxDB datasource * Support timeFilter in templating for InfluxDB * Datasource for Grafana logging platform * removed blue-dark variable with blue-light in light-theme, blue variable now has same value as blue-dark had before, should fix issue with any low contrast issues with blue in light-theme, this made query-blue variable unnecessery removed it, added variable for variable dropdown highlight background * removed import appEvents * built a component for delete button in tables, instead of using a modal to confirm it now does it in the row of the table, created a sass file for the component, the component uses css transitions for animation * fix: postgres/mysql engine cache was not being used, fixes #12636 (#12642) * added: replaces added to grafana * fix: datasource search was not working properly * add groupby when adding first aggregate * docs: minor docs fix * Fix label suggestions in Explore query field * pluginloader: expose flot gauge plugin * alert: add missing test after refactor * Handle query string in storage public_url (#9351) (#12555) * HTTP API documentation +fix when updating a playlist (#12612) * Explore: calculate query interval based on available width * Use url params for explore state * Dont parse empty explore state from url * Fix default browser th font-weight * Adding eval_data to alerts query results * ldap: Make it possible to define Grafana admins via ldap setup, closes #2469 * nginx: update to docker block * minor fix for legacy panels * Remove string casting for template variables in prometheus * ldap: docker block readme update * Make prometheus value formatting more robust * Update README.md * Devenv testdata dashboards (#12615) * fix test for query generation * dont run queries if target has no table set * add query to find metric table * add popover for metric column * rename PostgresQueryBuilder to PostgresMetaQuery * dont expand variables in rawSql * filter datatype for groupby suggestions * fix rate special function when using group by * remove unused import * refactor adding sqlPart * remove render code from sql_part * fix bug in query generation with metricColumn * refactor PostgresQuery * refactor PostgresQueryCtrl * refactor PostgresQueryCtrl and PostgresQuery * refactor addGroupBy and removeGroupByPart * use let for variable declaration * Add templateSrv to PostgresQuery tests * add tests for query generation * Reverted $q to Promise migration in datasource_srv * Allow settting of default org id to auto-assign to (#12401) * Remove unused SASS variables (#12603) * fix: panel embedd scrolbar fix, fixes #12589 (#12595) * fix tests for postgres datasource * Set datasource in deep links to Explore * send timerange with metricFindQuery * Explore Datasource selector * changed you to your (#12590) * indent generated SQL * Add comments * Fix freezing browser when loading plugin * handle counter overflow and resets in rate * partition by metricColumn when using increase * add rate and increase special functions * wip: another baby step, another million to go * skip backend request if extended statistics is invalid. (#12495) * Refactor team pages to react & design change (#12574) * (prometheus) prevent error to use $__interval_ms in query (#12533) * fix: folder picker did not notify parent that the initial folder had been changed, fixes #12543 (#12554) * Add support for skipping variable value in URL, fixes #12174 (#12541) * Update mac.md * Update windows.md * Update rpm.md * Update debian.md * Don't build-all for PRs * Refactor value column SQL generation * Refactor metric column sql generation * fix: requests/sec instead of requets (#12557) * Add folder name to dashboard title (#12545) * Fix css loading in plugins (#12573) * Refactor group by query generation * Refactor where clause generation * refactor SQL generation for value columns * Refactor time column sql generation * Refactor render function on PostgresQuery * prepare sql part for special functions * set query gui as default handle old panels gracefully * Added BurstBalance metric to list of AWS RDS metrics. * dont throw exception for unknown types * Prevent scroll on focus for iframe * add alias when adding group by * Add new sequential color scales * add aggregates when adding group by * add column alias when add aggregate function * move go vet out of scripts and fixing warning (#12552) * fix enter in sql_part_editor * fix editing expression parts * wip: you can now change panel type in edit mode * rename inputBlur to switchToLink * react panels: working on changing type * Cleanup and remove some jest.fn() * fix spelling * add current value to dropdown if its not in resultset * Revert "show current value in dropdown when its not part of list" * Remove irrelevant tests and templateSrv stub * show current value in dropdown when its not part of list * redid redux poc, old branch was to old and caused to many conflicts * wip: redux poc * fix diff and percent_diff (#12515) * improve error message * generate unique id when variable is multi * support GetMetricData * dep ensure * update aws-sdk-go * Update lodash/moment version (#12532) * fix: minor css change * wip: minopr progress on react panel edit infra * Tabs to spaces in tslint (#12529) * wip: minor progres on react panels edit mode * add None to metric column suggestions * handle pre query gui queries gracefully * dont break on panels that dont have rawQuery set * refactor transformToSegments * devenv: updated devenv provision scripts * wip: viz editor started * ux: minor fix/tweak to inactive view mode, think logo should be visible & fixes dashboard title alignment * changelog: add notes about closing #12379 * Fix datasource sorting with template variables * another baby step * changelog: add notes about closing #12484 * changelog: add notes about closing #12506 * rename quoteLiteral to quoteIdentAsLiteral * changelog: add notes about closing #12506 * fix links not updating after changing variables * remove unused function removeSelect * put updateParam back in * fix where clause generation * remove hardcoded $__timeFilter, make macros functional in where clause * remove dead code, make label more flexible * fix constraint removal * react-panels: minor progress on data flow * dont autoquote, suggest quoted values if requried * prometheus heatmap: fix unhandled error when some points are missing * fix caret for help button is ds http settings * do not autoquote identifiers * fix group by ui * changelog: add notes about closing #11618 #11619 * fix where constraint handling * remove dead code from sql_part fix where clause query generation * Add mock to test files * Create new instance in beforeEach * Remove comments * Karma to Jest: Cloudwatch datasource * Karma to Jest: MySQL datasource * Karma to Jest: postgres datasource * Basic cleanup * Add mocks in test file * Remove q and stub * Add Jest stubs * Remove async * Remove logs and comments * Start elastic ds test conversion * run enterprise build only on master for now * refix the settings indentation * update stats admin doc * fix json indentation * include where constraints in query generation * remove unnecessary conversions * rearrange elements of query builder * mv query_part to sql_part * changelog: update * changelog: add notes about closing #11818 * changelog: add notes about closing #12460 * changelog: add notes about closing #8186 * changelog: add notes about closing #12379 * changelog: add notes about closing #12362 * devenv: open ldap docker block now prepopulating data with correct member groups * ci: Only publish grafana enterprise packages tagged with enterprise. * Make table sorting stable when null values exist (#12362) * Fix bar width issue in aligned prometheus queries (#12483) * correct example (#12481) * ldap: improved ldap test env with more structured users and groups * test: fixed usage of wrap in tests. * ci: typo * ci: publishes grafana enterprise to s3. * refactoring: making api wrap public * refactoring: enterprise build/hooks refactorings (#12478) * Karma to Jest: datasource_srv (#12456) * fix: #12461 introduced issues with route registration ordering, adding plugin static routes before plugins package had been initiated (#12474) * omit extra template refresh (#12454) * wip: minor progress on DataPanel * Improve extensions build. (#12461) * [mysql] fix $__timeGroup rounding (#12469) * [mssql] fix $__timeGroup rounding (#12470) * [postgres] fix timeGroup macro rounding (#12468) * pkg/social/github: Allow changing of userinfo data (#12471) * notifications: dont return error if one notifer failed * use sqlPart for ui parts * avoid calling os.Exit outside main.go (#12459) * update mysql/mssql query/annotation help sections * docs: update folders api * Changed documentation for MSSQL and MySQL to reflect macro changes * docs: update scripted dashboard for v5 * docs: update scripted dashboard for v5 * docs: update organisation http api * docs: upd windows installation * notifications: send notifications synchronous * notifications: read without tran, write with tran * registry: adds more comments * registry: adds comments to interfaces * changelog: update * changelog: update * changelog: add notes about closing #12438 * alerting: only log when screenshot been uploaded * fixes typos * Reverted yarn.lock to master * Used PostgreSQL TSDB as a model the set up the __timeFilter, __timeFrom, and __timeTo macros for Microsoft SQL and MySQL * changelog: add notes about closing #12444 * Revert "auth proxy: use real ip when validating white listed ip's" * changelog: adds note for #11892 * changelog: add notes about closing #12430 * fix footer css issue * Karma to Jest: 3 test files (#12414) * fix: log close/flush was done too early, before server shutdown log message was called, fixes #12438 * react panels wip * Karma to Jest: value_select_dropdown (#12435) * support passing api token in Basic auth password (#12416) * Add disabled styles for checked checkbox (#12422) * changelog: add notes about closing #11920 * changelog: add notes about closing #11920 * changelog: update * docs: upd what's new in v5.2 * docs: update index with link to what's new in 5.2 instead of 5.0 * wip: react panels editor mode, tabs working * changelog: add notes about closing #12385 * react panels wip * feat: panels v2, metrics-tab loading * docs: upd what's new in v5.2 * docs: upd what's new in v5.2 * login: fix layout issues * build: yarn should be included out of the box on circle ci * notifier: handle known error first * ensure that if the dasboardID is negative, it will not bypass the checking of the right (#12398) * changelog: add notes about closing #11968 * Webpack 4 (WIP) (#12098) * Make pre/postfix coloring checkboxes inactive when gauge is active * removes unused return object * handle "dn" ldap attribute more gracefully (#12385) * Update ROADMAP.md * Fix typo * Switched MySQL and MSSQL macros for timeFilter and related to use BETWEEN and calculate UNIX time server side instead of database side. Fixes #11618 #11619 * docs: update installation instructions * routing: raise panic if duplicate routes are added * routing: allows routes to be added to existing groups * changelog: add notes about closing #11868 * enhance error message if phantomjs executable is not found * fix: annnotation api & sql issue * changelog: add notes about closing #12248 * set correct text in drop down when variable is present in url using key/values * Light improve of massive delete annotation api (#12390) * Fix 12248 * Fixing wrong /public path, relative to the webpack.dev script, that would avoid webpack from cleaning previous builds. (#12351) * changelog: add notes about closing #12383 * changelog: adds note about closing #12313 * Return a 404 when deleting a datasource through the API if it doesn't exist and add a test for it to confirm #12313 * Set $rootScope in DatasourceSrv * Add options to colorize prefix and postfix in singlestat * devenv: adds dashboard with multiple rows * changelog: adds note about closing #10971 * Pass configured/auth headers to a Datasource. * Karma to Jest: history_ctrl. .gitingore: .vs/ * changelog: add notes about closing #12359 * build: fix signing of multiple rpm packages * docs: what's new in v5.2 and docker installation updates * tech: adds comments about route register code * changelog: add notes about closing issue * Karma to Jest: history_ctrl. Update version: ts-jest * changelog: add notes about 5.2.0-beta2 * changelog: add notes about closing #12240 * changelog: add notes about closing #12256 * changelog: add notes about closing #11792 * changelog: add notes about closing #12315 * dashboard: fix drop down links * wip: react panels, query editor loading from react PanelEditor view * fix regressions after save modal changes of not storing time and variables per default * wip: react panel minor progrss * updated * Karma to Jest: history_srv (#12341) * react panels minor progress * make sure to process panels in collapsed rows when exporting dashboard * changelog: add notes about closing #3132 * docs: update installation instructions * react panel minor progress * ldap: add note about config in Grafana * ldap: add note to dockerfile * changelog: add notes about closing #12343 * docs: Plugin review guidelines and datasource auth pages * remove unused argument in default scenario of guardian test * fix: fixed permission issue with api key with viewer role in dashboards with default permissions * wip: react panel makeover mini progress * Karma to Jest: time_srv (#12303) * Karma to Jest: team_details_ctrl (#12321) * Fix error in InfluxDB query * expose functions to use sessions * changelog: adds note about closing #11607 * test commit for checking github permissions * changelog: add notes about closing #12278 * changelog: add notes about closing #11076 * snapshot: copy correct props when creating a snapshot * added comment to reason the id tag * set current org when adding/removing user to org * changelog: add notes about closing #10707 * Include the vendor directory when copying source in to Docker (#12305) * changelog: adds note about closing #12199 * adds tests for journaling sql operations * use epoch to compare timestamp * adds inTransactionCtx that calls inTransactionWithRetryCtx * merge create user handlers * transactions: start sessions and transactions at the same place * adds info about eval/reminder interval * tests for defaultShouldNotify * cloudwatch: handle invalid time range * notifications: make journaling ctx aware * make sure to use real ip when validating white listed ip's * Adding Cloudwatch AWS/AppSync metrics and dimensions * notifications: gather actions in one transaction * changelog: adds note about closing #12286 * sql: adds tests for InTransaction * bus: noop should still execute fn * removes unused code * bus: Dispatch now passes empty ctx if handler require it * bus: dont start transaction when creating session * bus: dont mix ctx/classic handlers * bus: DispatchCtx can now invoke any handler * refactoring: renamed AddCtxHandler to AddHandlerCtx PR #12203 * refactoring: transaction manager PR #12203 * fixes typo in code * check if admin exists or create one in one transaction * replace begin/end with wrapper function * bus: support multiple dispatch in one transaction * docs: adds info about grafana-dev container * changelog: add notes about closing #12282 * Added Litre/min and milliLitre/min in Flow (#12282) * remove papaparse dependency * list name is deleteDatasources, not delete_datasources * remove internal influx ifql datasource * Document the endpoint for deleting an org * tests: rewrite into table tests * influxdb: adds mode func to backend * Fix queryfield wrapper css * Fix Queryfield metrics field missing * batch DOM reads from query field typeahead * hint support for typeahead * Make suggestions an object * Trigger typeahead on Ctrl-Space * refactor Explore query field * changelog: add notes about closing #11484 * changelog: add notes about closing #11233 * Remove import * Fix PR feedback * Removed papaparse from external plugin exports * Karma to Jest: query_builder * dsproxy: move http client variable back * Karma to Jest: threshold_mapper * Expose react and slate to external plugins * Karma to Jest: threshold_manager * Karma to Jest: query_def, index_pattern * Remove import * Karma to Jest: elastic_response * changelog: notes about closing #12189 * #11607 corrected file cleanup test * #11607 removed unnecessary conversion (from gometalinter) * Improve test readability * #11607 fixed formatting * #11607 Cleanup time of temporary files is now configurable * moved link icon in panel header * Karma to Jest: playlist_edit_ctrl * Karma to Jest: exporter * Update graphite.md * changelog: add notes about closing #10796 * added id tag to Panels for html bookmarking on longer Dashboards * dashboard import to folder: minor fixes * Docs: output location from build script * Correct Provisioning documentation link * dsproxy: allow multiple access tokens per datasource * Mock core in jest-setup * Docs: Update Build from Source * Convert tests from Karma to Jest * changelog: add notes about closing #11963 * save-modal save button (#12047) * Karma to Jest: graph-tooltip * removed QueryOptionsCtrl references * update latest.json to 5.1.3 * use ng-if * hot-fix ifql testdatasource() * triggers grafana-docker master build * changed som variables to values so it's the same for dark and light theme, added special styling for login text, link and input (#12196) * mattn/go-sqlite3 v1.6.0 to v1.7.0 * changelog: add notes about closing #11074 * fixed so panel title doesn't wrap and (#12142) * graph: fix legend decimals precision calculation * Use Passive eventListener for 'wheel' (#12106) * removes more unused code * removes unused code * nicer collapsed row behaviour (#12186) * remove DashboardRowCtrl (#12187) * add panel on enter * autoFocus the search filter * adds missing return statement * Fix typo: eleasticsearch -> elasticsearch (#12184) * Annotations support for ifql datasource * dashboard: improve import UX for non-editor users * Template variable support for ifql datasource * Use cut to trim down the SHA1. * show import menu in sidenav, dashboard search and manage dashboards page * Fix metrics panel test by adding config mock * Respect explore settings in config ini * Add .html to webpack.hot resolve extensions * Version the tarball uploaded to s3 and tell the next step about it. * dashboard: import into current folder from manage folder page * dashboard: add Import button to manage page * dashboard: import to folder * Query helpers for IFQL datasource * alerting: fixes broken table rename * docs: docker secrets available in v5.2.0 * Remove round-robin urls in ifql DS * IFQL range variable expansion * alerting: renames journal table to alert_notification_journal * alerting: move queries from evalcontext to notifier base * alerting: invert sendOnce to sendReminder * changelog: add notes about closing #11657 * alerting: remove zero units from duration * alerting: only check frequency when not send once * always show server admin link in sidenav if grafana admin * update google auth config docs * changelog: add notes about closing #11525 * fix: fixed problem with expanding access mode help in ds settings * dep: use master branch for plugin model * alerting: fixes invalid error handling * fixed so default is all and general only show dashboards * changelog: add notes about closing #11882 * added s to folderId in params * renamed variable in tests * added comment, variableChange -> variableValueChange * added a test * added if to check if new variable has been added * Gravatar fallback does not respect 'AppSubUrl'-setting (#12149) * change admin password after first login * changelog: adds note about closing #11958 * revert: reverted singlestat panel position change PR #12004 * Revert "provisioning: turn relative symlinked path into absolut paths" * provisioning: turn relative symlinked path into absolut paths * changelog: adds note about closing #11670 * elasticsearch: sort bucket keys to fix issue wth response parser tests * docs: what's new in v5.2 * made folder text smaller * Implement code review changes * Bug fix for repeated alerting even on OK state and add notification_journal cleanup when alert resolves * Fix tests * Fix multiple bugs * Revert changes post code review and move them to notification page * Feature for repeated alerting in grafana * InfluxDB IFQL datasource * changelog: add notes about closing #11167 * docs: docker secrets support. (#12141) * alerting: show alerts for user with Viewer role * datasource: added option no-direct-access to ds-http-settings diretive, closes #12138 * provisioning: adds fallback if evalsymlink/abs fails * tests: uses different paths depending on os * renames intervalSeconds to updateIntervalSeconds * changelog: add notes about closing #5893 * removed italic * changelog: add notes about closing #11500, #8168, #6541 * Alert panel filters (#11712) * docs: update alerting docs with alerting support for elasticsearch * added span with folder title that is shown for recently and starred, created a new class for folder title * provisioning: makes the interval for polling for changes configurable * provisioning: only update dashboard if hash of json changed * remove dead code * elasticsearch: minor refactor * changelog: update * changelog: add notes about closing #10748, #8805 * save modal ux improvements (#11822) * changelog: add notes about closing #11515 * provisioning: only provision if json file is newer then db * Guard /explore by editor role on the backend * make path absolute before following symlink * provisioning: follow symlinked folders * test: fixes broken test on windows * changelog: add notes about closing #11771 * changelog: add notes about closing #11971 * Fix singlestat threshold tooltip (#12109) * build: only runs db related tests on db. * build: integration testing postegres on ci. * build: mysql integration testing on ci. * Fix karma tests that rely on MetricsPanelCtrl * changelog: Second epochs are now correctly converted to ms. * Fix panel menu test * Restrict Explore UI to Editor and Admin roles * Fix CSS to hide grid controls in fullscreen/low-activity views * changelog: add notes about closing #11645 * Support InfluxDB count distinct aggregation (#11658) * provisioning: enable relative path's * changelog: note about closing #11858 * devenv: improve readme * provisioning: place testfiles within testdata folder * changelog: add notes about closing #11494 * Add new regions to handleGetRegions function (#12082) * PR: minor change to PR #12004 before merge * fix: refactoring PR #11996 and fixing issue #11551 16706hashkey in json editors * devenv: script for setting up default datasources * tech: updated react-grid-layout to latest official release, closes #12100 * Fix cache busting for systemjs imports for plugins * devenv: scripts for generating many unique dashboards * docker: new block for elasticsearch6 * changelog: add notes about closing #12087 * sql: seconds epochs are now correctly converted to ms. * add validation of uid when importing dashboards * fix: add track by name in annotation list to avoid $$hashKey in json * changelog: adds note about closing #9703 * go fmt fixes * configure proxy environments for Transport property * Show create dashboard link if at least editor in one folder * graphite: avoid dtracing headers in direct mode * Fix sourcemaps for webpack hot config * return better error message when err is ErrSmtpNotEnabled * elasticsearch: handle if alert query contains template variable * changelog: adds note about closing #9847 * Sparklines should scale to the data range (#12010) * Split webpack dev config into dev and hot * Upgrade webpack loaders (#12081) * pin versions of xorm to resolve sql tests * build: fixes broken path for bra run * use sql builder for the get system stats sql query * fix directly specified variable rendering * remove unused function renderAdhocFilters * send param in callback for get-param-options * Fix #9847 Add a generic signout_redirect_url to enable oauth logout * make separator configurable * fix error message * Changed Prometheus interval-alignment to cover whole panel range * alerting: refactor tests * add usage stats for datasource access mode * Review feedback (heading, typos) * add additional usage stats metrics * add tests for sending usage stats * Integrated dark theme for explore UI * elasticsearch: adds some more/better debug logging to client * changelog: fix broken link to contributor * changelog: adds note about closing #11788 * The old code for centering removed * Backend image rendering as plugin (#11966) * Fix typo in README.md * build: updates publisher to support arm archs for deb and rpm. * Explore split view * Fixed custom dates for react timepicker * Explore: Design integration * Explore: time selector * Fix dashboard snapshot deletion (#12025) * fix names of foreign arch packages * elasticsearch: handle NaN values * elasticsearch: metric and pipeline agg setting json encoding fix * elasticsearch: query interval override fix * elasticsearch: default interval fix * Document table row merge for multiple queries * elasticsearch: pipeline aggregation fix for json encoding * build: always build for all platforms. * fix: remove deadcode to make gometalinter happy * elasticsearch: refactor query handling and use new es simple client * elasticsearch: new simple client for communicating with elasticsearch * elasticsearch: refactor and cleanup * build: removes deploy from nightly while testing it. * update provisioning.md * Fix ResponseParser for InfluxDB to return only string values * Conditionally select a field to return in ResponseParser for InfluxDB * build: clean up the workflow filters. * Revert "Conditionally select a field to return in ResponseParser for InfluxDB" * Revert "Fix ResponseParser for InfluxDB to return only string values" * Revert "move queryTimeout option to common setting" * move queryTimeout option to common setting * add query timeout option for Prometheus * build: crosscompilation for nightlies and releases. * set style for registered query components * make param wrapper configurable * fix metric column when using group by * separate label in template from type * use sql part component * use sql part component * add sql_part component * Singlestat value: vertical alignment fix * Added Swiss franc currency * quote column name in buildValueQuery * return values quotes for suggestions in where expression * test: moves test files to testdata folder * build: downloads and bundles phantomjs for darwin and windows. * build: publisher updated to support more architectures and OSs. * build: saves artifacts with the build * build: crossplatform build with packages. * build: script for tagging and pushing a release * codespell: fixes * fix: fixed some minor startup logging issues * Sqlstore refactor (#11908) * Adds constant description for units * test: increase expire time to avoid tz issues in tests * explore: fixes #11953 * migrated files to ts, removed unused functions from lodash_extended * docs: installation pages for 5.1.3 * changelog: add note for #11830 * legend: fixes Firefox/baron scroll bug * wrote classes * migrated jquery.flot.events to ts * use canMakeEditable * allow to add annotation for non editable dashboard * scroll: temporary fix for double scrollbar issue * backend plugins: log an error if parsing meta field failed * backend plugins: expose meta field * fixes following first code review * add useful note to alerting api docs * improve alerting api docs sample responses * Prometheus step alignment: shift interval only on jitter * Use babel and hot loader only in yarn start * docs: removes notes about beeing introduced in 5.0 * lock caniuse-db version to resolve phantomjs rendering issue * Update dashboard_permissions.md * move database-specific code into dialects (#11884) * refactor: tracing service refactoring (#11907) * fix typo in getLdapAttrN (#11898) * docs: update installation instructions targeting v5.1.2 stable * changelog: add notes about closing #11862, #11656 * Fix dependencies on Node v10 * Update dashboard.md * changelog: add notes about closing #10338 * Phantom render.js is incorrectly retrieving number of active panels (#11100) * singlestat: render time of last point based on dashboard timezone (#11425) * Fix for #10078: symbol "&" is not escaped (#10137) * Add alpha color channel support for graph bars (#10956) * interpolate 'field' again in Elasticsearch terms queries (#10026) * Templating : return __empty__ value when all value return nothing to prevent elasticsearch syntaxe error (#9701) * http_server: All files in public/build have now a huge max-age (#11536) * fix: ldap unit test * only error log when err is not nil * rename alerting engine to service * case-insensitive LDAP group comparison (#9926) * changelog: add notes about closing #11813 * docs: updated changelog * fix XSS vulnerabilities in dashboard links (#11813) * PR: ux changes to #11528 * renames alerting engine to match other services * allow analytics.js to be cached, enable anonymizeIP setting (#11656) * Revert "Add baron scrollbar to a node managed by gafana (#11850)" * decrease length of auth_id column in user_auth table * fixed svg background (#11848) * Add baron scrollbar to a node managed by gafana (#11850) * Fix CSS asset loading for yarn start (HMR) (#11855) * fix: fixed gometalinter issues with Discord PR * docs: update installation instructions targeting v5.1.1 stable * fix root_url in docs & comments (#11819) * changelog: 5.1.1 update * fix: loading of css url (images/fonts) * Support for local Docker builds * Update ROADMAP.md * support additional fields in authproxy (#11661) * better handling for special chars in db config (#11662) * Fix/improved csv output (#11740) * Update ROADMAP.md * Update ROADMAP.md * Update ROADMAP.md * Remove preceding `/` from public JS path (#11804) * Add panel scrolling docs (#11826) * escape pipe symbol same way as in templating docs * changelog: add notes about closing #11616 * added left:unset to counter left:0 in recent react-select release * fixed text color in light theme * changelog: add notes about closing #11800 * test if default variable interpolation is effective when no specific format is specified * changelog: notes about closing #11690 * changelog: add notes for ##11754, #11758, #11710 * scroll: remove firefox scrollbars * Add missing items to Gopkg.lock * pipe escape try #3 * use ascii code for pipe symbol to not mess up markdown table * try to fix table * dont shadow format passed in as function parameter * fix: removed manully added http server from inject graph as it is now a self registered service * fix: removed unused channel * fix: comment spell fix * fix: fixed race condition between http.Server ListenAndServe & Shutdown, now service crash during startup correctly closes http server every time * refactoring: lots of refactoring around server shutdown flows, making sure process is terminated when background service has crashed * refactor: provisioning service refactoring * Metrics package now follows new service interface & registration (#11787) * Revert "Opportunities to unindent code (unindent)" * scroll: fix scrolling on mobile Chrome (#11710) * changelog: add notes about closing #11625 * remove jest it.only to not skip important tests * fixed so all buttons are styled not just small ones, fixes #11616 * --amend * fix: improved handling of http server shutdown * add test for prometheus table column title * Fix url encoding, expand template vars, fix TS hacks * Explore: Add entry to panel menu to jump to Explore * changelog: notes about closing #11498 * Initial Baby Step to refactoring settings from global vars to instance (#11777) * table: fix for padding * graph histogram: fix invisible highest value bucket * dashboard: show save as button if can edit and has edit permission to folders * new property for current user indicating if edit permissions in folders * increase length of auth_id column in user_auth table * fix dropdown typeahead issue * Use opportunities to unindent code (unindent) * Outdent code after if block that ends with return (golint) * Remove redundancy in variable declarations (golint) * fix: minor fix to plugin service shut down flow * appveyor: uppercase the C drive in go path * docs: further documents changes to the docker image. (#11763) * disable ent build to avoid slowing down build speed * Explore: add support for multiple queries * Fixed settings default and explore path * Refactoring PluginManager to be a self registering service (#11755) * fix: removed log calls used while troubleshooting * refactor: refactoring notification service to use new service registry hooks * Enable Grafana extensions at build time. (#11752) * revert renaming of unit key ppm * fix to match table column name and order * Import and typescript fixups * Settings to enable Explore UI * tech: removes unused code * Explore WIP * add deadcode linter to circleci * pkg: fix deadcode issues * build.go: fix deadcode issues * docs: update current version to 5.1 * docs: update installation instructions targeting v5.1.0 stable * changelog: update for v5.1.0 * fix so that google analytics script are cached * prometheus: convert metric find query tests to jest * prometheus: fix variable query to fallback correctly to series query * removed height 100% from panel-container to fix ie11 panel edit mode * replaced border hack carot with fontawesome carot fixes #11677 * dev: Mac compatible prometheus block. (#11718) * mssql: fix value columns conversion to float when using timeseries query * postgres: fix value columns conversion to float when using timeseries query * mysql: fix value columns conversion to float when using timeseries query * sql datasource: extract common logic for converting value column to float * added pointer to show more, reset values on new query * docs: add known issues section for mssql documentation * force GET for metadataRequests, w/ test * Renamed helperRequest and removed positional args * Move function calls w/ side-effects to componentDidMount * changed test name and dashboardMock code * fixed test * add ineffassign to circleci gometalinter check * pkg/components: fix ineffassign issues * pkg/cmd: fix ineffassign issues * pkg/log: fix ineffassign issues * pkg/services: fix ineffassign issues * removed import config * fixed so user who can edit dashboard can edit row, fixes #11466 * Fixes signing of packages. * db: fix failing user auth tests for postgres * changed rps to reqps * bump version * added button to show more preview values for variables, button runs a function that increases options limit, fixes #11508 * Added requests/sec(throughput) * use inherited property from api when rendering permissions * return inherited property for permissions * pkg/tsdb: fix ineffassign isues * fix circleci gometalinter test * Sort results from GetDashboardTags * Add silent option to backend requests * docs: escape asterisk in Graphite docs * docs: disable quoting option for MSSQL * docs: fix example for graphite tag query * docs: spelling * docs: add missing backtick for mysql/postgres * docs: fixes for table in variable docs * build: fixes release deploy * changelog: adds releaste date for 5.1.0-beta1 * graphite: convert ds test to jest * build: removes gometalinter * cli: adds os and arch headers * slightly better example * adjust timeFilter, timeFrom and timeTo macro examples * docs: what's new improvements * docs: what's new improvements * docs: what's new * docs: fix typos * docs: what's new * docs: whats new * docs: more info prometheus heapmap to whats new * docs: improve what's new in v5.1 * docs: what's new in v5.1 draft * Add weback-dev-server with hot/hmr support * build: only lint the pkg folder * changelog: adds note about closing #11476 * dev: only build server with bra run * add gometalinter to circleci * comment unused struct fields * remove unused variables detected by varcheck * fix typo * docs: describes variable formatting options * docs: graphite template variables for tag queries * docs: describes new variable formatting syntax * changelog: notes about closing #10427 * move jest test file to specs * make add panel panel scrollbar adjust when panel/dashboard grid are resized * style: code simplifications * build: introduce -dev flag optimal for building in development mode * changed copied message and added forced render for width change * removed padding and moved carrot * changelog: adds note about closing #11613 and #11602 * cleanup, make sure users are always synced with ldap * Specify expected encoding for access/secret key * make sure user's default org is kept up to date * fix: sign in link should have target self to trigger full page reload, fixes #11626 * codespell: exclude by words instead of files * remove old comment * org role sync tests * refactor authproxy & ldap integration, address comments * pass DN in ldap test * tests for user auth module * fix ldap test * restructure GetUserByAuthInfo * error handling * use Result in GetAuthInfoQuery * switch to passing ReqContext as a property * cleanup * switch to Result * update auth proxy * fixes * fix tests * shared library for managing external user accounts * fix: Label font weight should be semi bold, fixes #11629 * docs: typos * graphite: adds tests for tags and tag_values functions * docs: update provisioning documentation * changelog: notes about closing #10883 * changelog: adds note for #11553 * dev: only build server with bra run * changelog: adds note for #11173 * added forceupdate to grid item so addpanel items rezie instantly, renamed function to copyPanel, fixed panel items height issue * revert changes of add panel button to require save permission * changelog: fix typo * changelog: notes about closing #11572 * Fix issues with metric reporting (#11518) * changelog: notes about closing #10747 * fix: Row state is now ignored when looking for dashboard changes (#11608) * disable codecov comments * add some more sort order asserts for permissions store tests * Revert "build: remove code cov" * Revert "removes codecov from frontend tests" * docs: update postgres macro functions documentation * tsdb: update query and annotation editor help texts for postgres * changelog: notes about closing #11578 * calculate datetime for timeFrom and timeTo macro in go * set default for sslmode to verify-full in postgres datasource editor (#11615) * add some more sort order asserts for permissions store tests * Use sort.Strings() (gosimple) * Remove unused return value assignment (gosimple) * Remove unnecessary fmt.Sprintf() calls (gosimple) * Merge variable declaration with assignment (gosimple) * Use fmt.Errorf() (gosimple) * Simplify make() (gosimple) * Use raw strings to avoid double escapes (gosimple) * Simplify if expression (gosimple) * Simplify comparison to bool constant (gosimple) * Simplify error returns (gosimple) * Remove redundant break statements (gosimple) * fix unconvert issues * variable: fix binding bug after ts conversion * add GetFromAsTimeUTC and GetToAsTimeUTC and use them in timeFilter macro * fix merge conflict * remove changes to module.ts from this branch * migrated dropdown-typeahead to ts (#11499) * changelog: adds note for #11556 * changelog: adds note for #11133 * dashboard: better size and alignment of settings icons * bra should use the proper build script * moved version in help menu to top * docs: elasticsearch and influxdb docs for group by time interval option (#11609) * changelog: improved docker image * docs: new docker image in Grafana 5.1.0. * added fix for test * addeds test for sort order * Show Grafana version and build in Help menu * changlelog: notes about closing issues/pr's * sqlds: fix text in comments for tests * add codespell to circleci * removes codecov from front-end tests * wip: writing tests for permission sorting * changelog: adds note about closing #11228 * remove postgresversion and convert unix timestamp in go * Support deleting empty playlist * Grafana-CLI: mention the plugins directory is not writable on failure * make timefilter macro aware of pg version * add postgresVersion to postgres settings * changelog: adds note for #11530 * Documentation spelling fix * docs: fix codespell issues * public: fix codespell issues * conf: fix codespell issues * blocks: fix codespell issues * CHANGELOG.md: fix codespell issues * scripts: fix codespell issues * pkg: fix codespell issues * provisioned dashboard validation should be made when importing a dashboard * provisioned dashboard validation should not be made from provisioning service * remove comment/unused variable * docs: improves provisoning example for postgres * docs: add mssql provisioning example * docs: improves provisoning example for each datasource * ordered user orgs alphabeticaly fixes #11556 * permissions sorting fixed + icon same size as avatrs * docs: update mssql with azure sql database support * changelog: adds note for #11569 * docs: update default annotation limit when querying api * Mention the ?inactive parameter in the docs * Add another URL param ??inactive?? which works like ??kiosk?? but with title * tsdb: remove unnecessary type casts in sql data sources macro engines * tsdb: sql data sources should handle time ranges before epoch start correctly * change annotation limit from 10 to 100 * remove mistakenly added styles * fix right side legend rendering in phantomjs * scrollbar: fix so no overflow for legend under graph * build: remove code cov * scrollbar: fixes continuation scrolling for iOS * added styling to fontawesome icons so they have same size as the other icons * Improve wording * Add minimal IAM policy example for CloudWatch data source * PR comments * docs: fix typo of default port for mssql * minor scrollbar fixes * scrollbar: remove unused div * dashboard: show baron scrollbar in dashboard panel when mouse is over * fix so that page scrollbars can be scrolled by keyboard on page load * fix so that dash list panel are rendered correctly * panel: add baron scroller to correct element * Windows build updated to go1.10. * scrollbar: use native scroll for page * converted functions to arrow functions * folders: fix permissions in folder picker component * permission: fix user with org viewer save/move permissions * alerting: handle invalid json format * docker: change mysql container so that it uses utc * mysql: use a datetime column with microsecond precision in test * tsdb: improved floating point support when converting sql time column to epoch (ms) * added @ngInject * provisioning: dont override permissions * provisioning: simplify db query * mssql: fix precision for time columns in time series query mode * postgres: support running multiple postgres integration tests * postgres: fix precision for time columns in time series query mode * mysql: fix precision for time columns in time series query mode * mysql: mysql tests should use a db server with UTC * provisioning: fixes broken tests * tsdb: add support for more data types when converting sql time column to epoch (ms) * provisioning: check provisiong before saveCmd * provisioning: fixes typo * provisioning: adds error handling * added @ngInject * playlist: add missing nginject attribute * Update annotations.md to contain correct annotations api path * removed console.log * docs: update after #11531 * docs: improves provisoning example text * fix test * convert graphite epoch to ms * skip mssql fix * add mssql and mysql * don't convert to uint64 * scrollbar: fix phantomjs rendering error * prevent angular from evaluating {{hostname}} in tooltip (#11514) * using millis for annotations too * data source: rename direct/proxy access mode in data source settings * Fix ResponseParser for InfluxDB to return only string values * Conditionally select a field to return in ResponseParser for InfluxDB * docs: fixes typo * docs: updated debian distro in install docs to stretch, closes #11527 * Revert files * Fix after merge * Make dashboard JSON editable * guardian: when updating permissions should verify existing permissions * api: allow authenticated users to search current org users and teams * css: quick fix after IE11 changes * scrollbar: fix add panel height bug * scrollbar: styles cleanup * migrating to ts * fixed sidemenu icon issue created by earlier pr * added icons for viewer and editor, fixed add permission team avatar * singlestat: Fix optimization in setTableColumnToSensibleDefault * influxdb: Check before assuming first column to be 'time' * provisioning: fix tests for save provisioned dashboard modal * provisioning: ux fixes when saving provisioned dashboards * graphite: use a query when testing data source * migrated metric_segment to ts * scrollbar: fix search scroller in mobile view * scrollbar: fix graph legend height * changelog: adds note for #11165 * migrated dash_class to ts * migrated segment_srv to ts * removed indent for manage dashboards * scrollbar: fix potential memory leaks in event handlers * skip migration if it is a big number * Use curly brackets around hyperlink help text #11478 (#11479) * scrollbar: fix dashboard width updating for different modes * scrollbar: remove perfect-scrollbar and add baron to package list * scrollbar: fix dashboard width bug * scrollbar: fix 'legendScrollbar.destroy is not a function' error * Alerting: Fixing mobile notifications in Microsoft Teams * created closeDropdown function, renamed appevent, added second appevent for open timepicker * permissions: return user and team avatar in folder permissions api * permission: generate team avatar url with default * migrated playlist-routes to ts * migrated last all.js to ts * scrollbar: fix Firefox scroll position restore * Notes for closing #7119 * changelog: adds note for #11128 * variables: adds test for variable sorting * Add case-insensitive sort for variables. * graphite: fixes #11434 * settings: fixes test * changed from margin to padding * fixes for avatar on adding permission and size for gicon * scrollbar: fix side menu on mobile devices * changed variable for tabbed close btn hover, and changed text-strong variable for lighttheme, removed commented out variable * mssql: typos in help sections * docs: spelling * added if to onAppevent, renamed appevent, add appevent to applyCustom and setRelativeFilter * Webpack Grafana plugin template project to links (#11457) * scrollbar: fix Firefox issue (white stripe on the right of scrollbar) * scrollbar: fix legend rendering issues * Initially move to baron scrollbar * rm panel.type constrain from threshold_mapper.ts (#11448) * No need for node_modules/bin in npm run-script (#11449) * changelog: adds note about closing #11555 * add article * fix some typos * docker: add users and groups to ldap block * timepicker now closes without exiting edit/view mode, close order: modal, timepicker, view * migrated graph_tooltip to ts * started migration to ts * Fix #10555 #6888 Better escape for Prometheus variables * bounnd the esc key to exit timepicker * print to stderr since logger might not exist * settings: return error instead of ignoring it * docs: adds provisioning examples for all datasources * Fixed typo in upgrading.md * docs: rpm install page - update to centos 7 * docs: install pages for v5.0.4 * removed padding for icons and added margin * changelog: another update for v5.0.4 * changelog: update for v5.0.4 * changelog: adds note about closing issues * fixed graphpanel editmode and custom width for right side legend for IE11 * alerting: bad default state for notifiers * Clarified formatting multiple values doc * Add Google Hangouts Chat notifier. * dashboard: allow alerts to be saved for new/provisioned dashboards * add response_parser test * add fallback for gravatar in org/admin view * tech: migrates to none deprecated mail lib * docs: not about email notifications and local img store * alert: fixes broken link back to grafana * docs: update table plugin documentation with value/range to text mapping * cleanup and add more test * table panel: additional fixes for value to text mapping * add value to text mapping * provisioning: better description for provisioned save modal * dashboards: reject updates of provisioned dashboards * notes about closing #9210 * fixed alignment in search + fixed issue ie popup * changelog: adds note about closing #11102 * sidemenu fix for internet explorer 11, changed icon width/height to pixels and added height to logo * docs: prometheus ds, remove "new in v4.3" note * remove categories from queryPart * fix a terms bug and add test * remove unused import * handle aggregate functions more generic * Add new currency - Czech koruna * docs: update heatmap and prometheus docs, #10009 * provisioning: improve UX when saving provisioned dashboards * styled login page for ie11 * - pipeline aggs support - add some test * support non-nested menu entries * provisioning: removes id from dashboard.json * Handle Interval Date Format similar to the JS variant https://github.com/grafana/grafana/pull/10343/commits/7e14e272fa37df5b4d412 c16845d1e525711f726 * Use net.SplitHostPort to support IPv6 * add missing word to graphite docs * set right series name * Missed the 'p d' hint in the popup-menu * Add hints for the 'pd' Duplicate Panel command from PR #11264 * remove README changes * finished CODING PHASE 1 * wip * notes about closing #11306 * cleanup * changelog: unix socket permissions * Adjust permissions of unix socket * docs: fix typos * docs: update postgres, mysql and mssql documentation * docs: update graph panel documentation * docs: tweaks * changelog: adds note about closing #5855 * remove dashboardId check... i can't figure out how the tests work * get circle to run tests again * add dashboardId to test * remove api tests * fix operator * remove constraint from sqlstore * move dashboard error to API (not sql) * legend: small refactoring * changelog: adds note about closing #11278 * docs: spelling * docs: add intro paragraph to provisioning page * Cleanup CircleCI V2 Conversion * Make golint happier * dooh * update the updated column! * using circle as my tester * using circle as my tester * adding tests, but they arent running locally * changelog: notes for #1271 and #2740 * graph: minor fixes to y-axes alignment feature * added save icon to save buttons * removed trash can icon from save buttons * mysql: skip tests by default * Return actual user ID in UserProfileDTO * convert epoch to milliseconds * adding updated column * mssql: update query editor help * mysql: fix precision for the time column in table/annotation query mode * postgres: fix precision for the time column in table/annotation query mode * mssql: fix precision for the time column in table/annotation query mode * mssql: remove UTC conversion in macro functions * mssql: fix timeGroup macro so that it properly creates correct groups * small screen legend right also work like legend under in render + set scrollbar to undefined in destroyScrollbar so it doesnt become disabled when toggeling between right and under * dashboard version cleanup: more tests and refactor * Make golint happier * fixed so legend right works like legend under on small screens * adding created column * Alerting: move getNewState to EvalContext * minor refactor of dashboard version cleanup * refactor: dashboard version cleanup * limit number of rows deleted by dashboard version cleanup * fix dashboard version cleanup on large datasets * docs: add variable regex examples (#11327) * graphite: adds more traces for alerting * sql datasource: extract common logic for converting time column to epoch time in ms * docs: details about provisioning elastic * update email default year and name * dataproxy: adds dashboardid and panelid as tags * Alerting: Add retry mechanism and its unitests * docs: spelling * snapshot: fix legend rendering bug * session: update defaults for ConnMaxLifetime * snapshots: removes errors for empty values in ViewStore * Allocated to a separate alignment block. Replaced the attribute of the second axis by the attribute of the axes. * Expose option to disable snippets * changed var to const, changed to string interpolation * mssql: adds test for time should be ms in table mode * Remove unused kibana images * changed var to const * changelog: adds note about closing #11114 & #11086 * mssql: convert tests to jest * mssql: fix precision for time column in table mode * converted file to ts * changelog: notes about #10093 and #11298 * dashboard: fix phantomjs panel rendering in collapsed row * Fixed unit test. * Changed the way this feature was activated. And changed tolltip. * Added validation of input parameters. * converted file to ts * docs: update using mssql in grafana * fix: only run gofmt on pkg directory omitting vendor directory * fix: dep ensure. now without gofmt on ventor directory * mssql: add integration test to verify stored procedure usage * mssql: encrypt password in database * mssql: remove dynamic construction of metric column and other columns * docker: pin microsoft/mssql-server-linux to 2017-CU4 tag * docs: improve guide for high availability * fix: only run gofmt on pkg directory omitting vendor directory * test * mssql: cleanup and minor refactor * mssql: allow host without port and fallback to default port 1433 * docker: update test dashboard for mssql tests * mssql: cleanup and minor changes * Missed thanks in changelog * Adds pagerduty api update to changelog. * mssql: update readme * mssql: update test dashboard * docs: Using Microsoft SQL Server in Grafana * mssql: remove logos for now * docs: mssql documentation will go into another branch targeting next minor version * Updated roadmap for 5.1 * Minor format changes * Changed Swedish and Icelandic currency * fix failed tests for dashboard view state * dashboard: fix rendering link to panel in collapsed row * docs: update install docs for 5.0.3 * changelog: 5.0.3 * mssql: add alternative logo without text * mssql: strip inkscape from logo * mssql: minor improvements of query editor help * mssql: skip rendering of mssql logos until we have a valid logo * docker: add test dashboard for mssql tests based on test data generated by integration test * mssql: additional integration tests * mssql: support money, smallmoney and decimal data types * mssql: update plugin.json, added description and name MSSQL -> Microsft SQL Server * added indent to dashboards inside folder in search dropdown, and added indent to dashboard icon in search item * session: fork Macaron mysql session middleware * database: expose SetConnMaxLifetime as config setting * database: fixes after xorm update * database: update xorm to v0.6.4 and xorm core to v0.5.7 * prometheus editor: variable autocomplete support (PR #9988) * made a keyboard shortcut to duplicate panel * docs: update mssql documentation * mssql: disable mssql integration tests per default * mssql: timeGroup fill support added. * mssql: add timeGroup integration test * alertmanager: /Creating/Sending/ * mssql: adds fill to timeGroup macro. * allow any database for influx proxy * remove * alertmanager: handle resolved alerts, nodata, and execution errors * add regex search of username and password in urls, which are replaced by strings.Replace * notitfiers: avoid ShouldNotify duplication * fix merge error * alertmanager: if there are no alerts to send, do nothing * docker: change port for prom random data scrape target * mssql datasource: wip * docker: mssql and mssql tests blocks with common build context * fix lint problems * fix lint problems * fix lint problems * read aggregate functions from database * add buildAggregateQuery * Update README.md * docker: fake-data-gen:latest updates * Resolved conflict * docs: more details about slack notifier * properly handle IN queries * docs: updates latest release for docs * changelog: improve description of closed issues * renderer: avoid redirect render requests * changelog: adds notes about 5.0.2 * dashboard: fix import dashboard with alert rule * middleware: recover and retry on session start * alerting: supports extracting alerts from collapsed panels * join multivalue variables with , * revert special handling for IN * put values for IN in parens * dont quote where constraints * docker: add test dashboard for mssql for visualizing data generated by fake-data-gen * add regex operators * mssql datasource: support for timeGroup macro function * Added Kilopascals(kPa) under pressure * Added W/m2(energy) and l/h(flow) * folders: should be possible to browse folder using only uid * remove unused setting * dashboards: should be possible to browse dashboard using only uid * mssql datasource: additional data type tests * docker: add mssql block * Added icon for iOS web app * changelog: add note about closing #8151 * alerting: adds back the link to grafana. * Fix CI * Modify Grafana Pagerduty notifier to use Pagerduty API V2 * graph: minor refactor of histogram mode PR #8613 * changelog: adds note about closing #11220 * style: dont expose func outside package * teams: removes quota on route * changelog: adds note about closing #11143 * changelog: adds note about closing #11107 * Second to HH:mm:ss formatter (#11105) * changelog: adds note about closing #10009 * docs: fix an outdated link to Prometheus's doc * Added concentration units and "Normal cubic metre" * Corrected work for graphs created before this feature. * Replaced array values to variables yLeft and yRight for easy reading code. * Rename test file according module name. * prometheus: fix bug introduced by #9859 (httpMethod is undefined) * prometheus: add tests for heatmap mode * prometheus: datasource refactor * Fix urls in plugin update_checker logs * changelog: adds note about closing #10029 * docs: add team api link from http api reference page * added test for sorting and filtering * changelog: adds note about closing #9859 * Refactoring * set default value of httpMethod * support POST for query and query_range * cleanup where segment handling * remove limit * handle variables in where constraints * Adding Timeticks unit * properly quote where constraint parts * quote schema and table * docs: minor fix for dashboard http api documentation * build: cleanup * build: removes custom work dir in deploy. * build: upgrades build pipeline from CircleCI 1.0 -> 2.0 (#11162) * github: test new issue tempalte * dev: update dev prometheus2 to 2.2.0 * changelog: adds note about closing #10925 * docs: update latest to 5.0.1 * push 5.0.1 to package cloud * changelog: adds release date for 5.0.1 * bump master build to 5.1.0-pre1 * move quota to dedicated service * Fix indent * docker: add prometheus/example-golang-random to docker-compose blocks * Fix the code to match the documentation. * rename Context to ReqContext * fix, set default highResolution setting * changelog: note about closing #11145 and #11127 * docs: adds note about closing #10632 * removes commented code * removes unused variables * upgrade to go 1.10 * alerting: fixes validation error when saving alerts in dash * add csv templating format * docs: note about closing #11046 * docs: adds note about #10942 * heatmap: add explanation of Time series buckets mode * Add color to prefix and postfix in singlestat * replaced if with classNames * heatmap: able to set upper/lower bucket bound manually * heatmap: refactor * added media breakpoint to legend-right * Documentation: path "~/go" to "$GOPATH" * Update ROADMAP.md * add panel to list now copy, started on jest * docs: improves docs for alert rules * heatmap: fix Y axis and tooltip decimals and units issues * Append test to check not zero level. * Add bs-tooltip to Y-Align element. * move Context and session out of middleware * only use jwt token if it contains an email address * scrolling: faster wheelspeed * docs: improves provisioning description * changelog: adds note about closing #10975. * changelog: adds note about closing #7107 * changelog: adds note about closing #11103 * changed background for mobile menu background on light theme, increased font size in and added border-right in menu * heatmap: fix tooltip count and bucket bound format * alerting: Limits telegram captions to 200 chars. * changelog: note about closing #11097 * hide row actions for viewers * fixes invalid link to profile pic when gravatar is disabled * changelog: adds note about closing #11016 * fix: restores white resize handle for panels, fixes #11103 * changelog: adds note about closing #11063 * fix typo in heatmap rendering.ts (#11101) * docs: add v5.1 to versions * docs: fill for mysql/postgres * ignore iteration property when checking for unsaved changes * changelog: notes for #11055 and #9487 * use net/url to generate postgres connection url * made drop-menu into link * heatmap: sort series before converting to heatmap. * use metricColumn in query builder * set rawSQL when rendering query builder query * fix group by column * clean up aggregation functions * fix variable interpolation * rename field to column * Fix Prometheus 2.0 stats (#11048) * docs: removed beta notice in whats new article * remove spaces around arguments of macros * remove spaces around arguments before calling macro expansion * docs: update current version to 5.0 * docs: update install pages for v5.0.0 * update version to 5.0.1-pre1 * changelog update for 5.0.0 stable * Add metrics that triggered alert to description * build: updated version * heatmap: hide unused Y axis controls for tsbuckets mode * heatmap: format numeric tick labels in tsbuckets mode * heatmap: add rendering tests for tsbuckets mode * Fix Github OAuth not working with private Organizations (#11028) * login: hide sign up if configured so. Fixes #11041 * permissions: fix validation of permissions before update * dashboard: add permission check for diff api route * permissions: remove client validation and handle server validation * dashboards: change dashboard/folder permission error messages * dashboards: handle new guardian error responses and update tests * folders: handle new guardian error responses and add tests * dashboards: don't allow override of permissions with a lower precedence * Alerting: Fix OK state doesn't show up in Microsoft Teams (#11032) * grammar fix, add dir, and remove redundant info * heatmap: use series names as top or bottom bounds, depends of datasource * heatmap: refactor * heatmap: add few tests for histogram converter * fix: changed react-grid-layout to use grafana fork to a commit before https://github.com/STRML/react-grid-layout/commit/15503084fb7b0af826427c8c0 706901e5745a39f, this fixes all the panel movement bugs, fixes #10831 * heatmap: fix Y bucket size calculation for 'tsbuckets' mode * gave scroll-canvas-dashboard 100% height in kiosk-mode, fixes #11010 (#11017) * docs: update to install pages for beta5 * changelog: update for v5.0.0-beta5 * added admin icon and permission member definitions(role,team,user) * build: update to version 5.0.0-beta5 * [doc] Fix extra alerting options in installation->configuration * yarn: update lock file with tarball change * build: use tarball instead of git commit for tether drop * improve maintainability * docs: fix type in datasource http api * docs: adds accesskey and secret to securejsonfields * support [[variable:type]] syntax * offer template variables for tags * feature for issue #9911 * Added radiation units * docs: update shortcut docs * dashboards: remove non-supported keyboard shortcuts for delete/collapse row * dashboards: fix keyboard shortcut for expand/collapse rows * dashboards: fix keyboard shortcut for remove panel * snapshots: fixes cleanup of old snapshots * docs: minor folder http api changes * Update ROADMAP.md * Update ROADMAP.md * heatmap: fix bucket labels shift * heatmap tooltip: fix bucket bounds for 'tsbuckets' mode * heatmap tooltip: fix count decimals * heatmap: fix tooltip histogram for 'tsbuckets' mode * heatmap: use buckets from histogram with 'tsbuckets' mode * dashboards: created/updated and createdby/updatedby should be set before save * Add unit tests. * Refactoring code * Fix save as dashboard from folder to General folder (#10988) * changed name of copy tab to paste * added no copies div * prometheus: tests for heatmap format * dashboards: cleanup * folders: use folder api for retrieving folder * dashboards: fix batch dashboard/folder delete response * fix: elasticsearch terms size now allows custom values again, fixes #10124 * added highlighter, fixed setState and changed back flex to spacea around * folders: fix create folder in folder picker * added tabs and searchfilter to addpanel, fixes#10427 * snapshots: change to snapshot list query * prometheus: initial heatmap support * docs: update http api index * docs: dashboard and folder permissions http api * docs: folder http api * permissions: use updated api endpoint for dashboard permissions * fix typos in api, acl to permissions * folders: rename folder_acl in api to folder_permission * dashboards: change api route for dashboard permissions * folders: fix typo * folders: extend folder service tests * dev: docker-compose setup for prom2. * folders: folder api tests * fix: scrollbar position now to max right pos, fixes #10982 * Fixes for heatmap panel in Grafana 5 (#10973) * docs: updated cloudwatch docs add dimension filter as a option for dimension_values query. * folders: folder permissions api tests * dashboards: make fake dashboard guardian available to other packages * fix: added new known data source plugins, and minor migration fix for v1 dashboards * folders: folder permission api routes * folders: fix api error mapping * folders: basic integration tests for folders * folders: use new folder service in folder api routes * folders: new folder service for managing folders * dashboards: created date should be set when creating a folder/dashboard * fix: fixes to signup flow, fixes #9816 * Refactoring code. Change Y-Zero to Y-Level. * fix: fixed github oauth login with allowed orgs filter, fixes #10964, reverts #10851 * fix: plugin dashboard did not get plugin id after import * feat(ldap): Allow use of DN in user attribute filter (#3132) * added scroll to org list modal (#10960) * added an if to check for null to sort null as 0 (#10961) * fix: alert history list now shows on graphs with manually added annotation events, fixes #10968 * provisioning: dont ignore sample yaml files * docs: updated for changelog and docs with beta4 * Correct typo in DashboardInputMissingError * build: updated build version to v5.0-beta4 * graph: added 0.5 point radius option * Shouldn't be able to overwrite a dashboard if you don't have permissions (#10900) * influxdb: escape backslashes in tag values (for alerting) * [elasticsearch] Allow nested fields for annotation source (#10936) * changed m3 and dm3 to fixedUnit, fixes #10920 (#10944) * migrate panels in collapsed rows (#10948) * Share zero between Y axis. * Add hook processRange to flot plugin. * login: migration fix. * login: uses epochs for login throtting. * fix: fixed redirect after save, fixes #10946 * fix: esc key now closes panel edit/view mode as usual, fixes #10945 * docs: updated to beta3 * alerts: refactoring tests * alerting: pausing alerts modifies updated. * test: added integration test for #10941 * refactoring: alert rule query refactoring (#10941) * updated version to v5-beta3 * db: reduce name column size in dashboard_provisoning * teams: adds some validation to the API * docs: status code changes for Team API * docker: add test dashboards for mysql and postgres for visualizing data generated by fake-data-gen * cli: download latest dependency by default * Revert "removes dependencies install for plugins" * migrate minSpan (#10924) * Close modal with esc (#10929) * repeat row: fix panels placement bug (#10932) * docs: team API. Closes #10832 * Update sample.ini * Update ldap.toml * Update ldap.md * Minor typo fix * plugins: update meta data for all core plugins * alert notifiers: better error messages. * support cloudwatch high resolution query * chore: adds comment for exported function * updated download links * docs: Updated changelog * updated package.json version * fix: more phantomjs fixes * fix: refactoring #10922 * Fix phantomjs legend rendering issue, #10526 * mark redirect_to cookie as http only * dashboard: whitelist allowed chars for uid * updates readmes for mysql and postgres (#10913) * Set default threshold axis to 'left' for panels created before this feature. * provisioning: adds setting to disable dashboard deletes * tech: dont print error message on 500 page * removes dependencies install for plugins * tests: makes sure we all migrations are working * provisioning: uses unix epoch timestamps. (#10907) * improve error message for invalid/unknown datatypes (#10834) * add AWS/States Rekognition (#10890) * Dashboard acl query fixes (#10909) * wip: dashboard acl ux2, #10747 * permissions: refactoring of acl api and query * bug: return correct err message * initial fixes for dashboard permission acl list query, fixes #10864 * provisioing: always skip sample.yaml files * provisioning: handle nil configs * sql: removes locale from test to mirror prod. * adds tests that validate that updated is correct * provisioning: code formating * provisioning: adds logs about deprecated config format * provisioning: support camelcase for dashboards configs * provisioning: support camcelCase provisioning files * API Integration Tests via jest (#10899) * ux: refactoring #10884 * Invalid url in docs * Duplicate typo fixed * add 13-24 for min width (#10891) * sass/base: import from current dir in _fonts.scss (#10894) * fix: removed logging * fix: sql search permissions filter fix * provisioning: Warns the user when uid or title is re-used. (#10892) * Minor typo fix * new dashboard is now hidden from viewer, fixes #10815 (#10854) * fixed bg gradient, fixes #10869 (#10875) * login: fix broken reset password form (#10881) * moved div in code * added buttons and text to empty dashboard list * docs: spelling. * docs: update dashboard permissions http api docs * Cloudwatch dimension_values add dimension filter. * dashboard: always make sure dashboard exist in dashboard acl http api (#10856) * Fix #10823 (#10851) * provisioning: better variable naming * ux: minor tweak to grid resize handle color * teams: use orgId in all team and team member operations (#10862) * permissions: might have a solution for search * Fixes for graphite tags editor (#10861) * fix: clear items list before fetching permissions list * provisioning: dont return error unless you want to cancel all operations * provisioning: createWalkFn doesnt have to be attached to the filereader anymore * provisioning: update sample config to use path * provisioning: avoid caching and use updated field from db * update README.md regarding running tests * update README.md regarding running tests * docs: minor docs update * docs: updated docs landing page * provisioning: delete dashboards before insert/update * user picker should only include users from current org (#10845) * Correct code style. * db test: allow use of env variable for database engine to run tests for * dashboard and folder search with permissions * provisioning: fixed bug in saving dashboards. * dashboard: fix delete of folder from folder settings tab. * append test to thresholds on right axis * Update logic for create/update dashboard, validation and plugin dashboard links (#10809) * added width class to add member choose (#10835) * add where constraint handling * add query_builder * docs: adds uid to dashboard.json reference docs * Fix #7107 * fix: initial fix for #10822 * fix: folder redirect after creation * dashfolders: fixes #10820 * fix: fixed bug with redirect after new dashboard saved, related to buggy angularjs location path/url and base href, fixes #10817 * docs: describe uid for dashboard provisioning * fix: removed old shortcut that does not exist, fixes #10802 * build: fixed recovery test * fix: css fix, found a better way to fix #10772 * fix: minor build fix * fix: error handling now displays page correctly, fixes #10777 * heatmap tooltip: minor refactor * fix: changed dashboard title length to match slug length, will fix mysql index size issue, fixes #10779 * docs: added graphite section * docs: minor update * graph panel: fix csv export (series as col) (#10769) * org-switcher: should redirect to home page (#10782) * embedded panel: hide side menu during init (#10788) * docs: update http api for api index, dashboard, folder and dashboard search * scroll: css for #10722 * dashlist: scroll fix when no header * docs: video fix * Update changelog with deprecation notes of http api * redirect "permission denied" requests to "/" (#10773) * docs: fix * scroll: use wheelpropagation. Ref #10772 * docs: update dashboard model, persistent urls and api changes in what's new in v5 * docs: fix download link * docs: minor update * docs: adds http api dashboard permissions * docs: updated whats new * docs: update dashboard model, new url structure and api changes in what's new in v5 * build: updated publish script * docs: update docs with download links * build: increased version to beta1 * fix: fixed permission list caching issue, fixes #10750 * Stale permissions (#10768) * adds unique index for org_id+folder_id+title on dashboards (#10766) * docs: fix links in HTTP API Reference page * dashboards: render correct link for folder when searching for dashboards (#10763) * fix panel menu caret placement (#10759) * permissions: fix link to folder from permissions list * dashboard: fix loading of snapshot and scripted dashboard (#10755) * changes to new urlformat for home dashboard (#10738) * fix: alert list links did not work, changed dashboardUri to Url, this is breaking api change in alert api (#10756) * docs: typos and wording. * ux: hide sidemenu in kiosk mode, and while playlist is playing, fixes #107402 * dashboard: fix redirect of legacy dashboard url's * make metricColumn functional * add metric column selector * docs: add spaces to timeseries example * fix: restored tags to search * fix frontend validation for creating new folder and import dashboard (#10737) * #10724 Fix whitespace * poc: merge sync * #10724 Fix finding the x bucket * docs: dashboard provisioning * handle new error message * removes uid when using 'save as' * dashfolders: rename Root folder to General. Closes #10692 * Light theme icon color (#10730) * folders: use new folder api in frontend * folders: changes and updated tests after merging permissions and new url structure * folders: rename api files * dashboards: revert logic of returning 404 in dashboard api if it's a folder for now * db: fix failing integration tests for mysql and postgresql * docs: add examples for dashboard permissions * Update search datasource by name API path * fix for dashboard/folder url's when having a sub path in root_url config * ux: added max width to dashboard settings views * add gofmt as precommit hook * dashfolders: adds test for permission store * dashfolders: adds permission modal to dashboard settings * register handler for get dashboards by slug * make it easier for dashboards to generate ur; * changes dashboard url in alertlist * alert: use new url format * Improve logging in the phantomjs renderer (#10697) * route params from angular to view store should be updated on routeChangeSuccess * repeat panel: process repeats when row is expanding (#10712) * folders: changes needed due to merge * docs: removed section with session table sql, that is not needed anymore * ux: fix for responsive breakpoints and solo mode showing sidemenu * support multiple histogram series * docs: moved whats new article to master * ux: fixed issue with zoom on graph caused scroll, fixes #10696 * dashboard: refactor logic for retrieving url for folder/dashboard * update text, fix a few typos * dashboards: update dashboard/folder url if browser url is not the same as from backend * dashboards: when restoring a dashboard to an older version, set current uid * dashboards: fix updating folder so that correct url is returned * dashboards: remove slug property in dashboard search responses * folders: change the front end route for browsing folders * dashboards: add validation to delete dashboard by slug * dashboards: new route for deleting dashboards by uid * plugins: return table with empty rows array insteaf of nil * retry uid generation * fix: use replace when redirecting to new url * ux: Change input width of UserPicker and TeamPicker in AddPermissions component #10676 * viewstore: fix test after merge * tests: Add TeamPicker test and update TeamPicker/UserPicker snapshots so they match the latest classNames update #10676 * dashfolders: fix for folder picker * ux: Add an optional className to the UserPicker and TeamPicker #10676 * dashfolders: fixes #10671. Allow Editors default access to Root. * docs: added redirect from old provision page, #10691 * tests: Move tests from Permissions to AddPermissions #10676 * tests: Update tests in PermissionsStore and rem out the Permissions-tests for now #10676 * docs: added permissions page and updated folder docs * dashfolders: text change * dashfolders: special case for folders in root * add groupby to querybuilder remove unused aggregations * gofmt... * spelling * Verifies requirement of id in dashboards. * ux: POC - Update "Add permissions" design and add a fancy animation #10676 * ensure dashboard title is unique in folder * docs: Remove obsolete Ansible rule (#10689) * docs: Fix outdated provisioning link (#10690) * Renamed "Period" to "Min period" in CloudWatch query editor (#10665) * created cta-bg variable and changed bg color on light theme (#10693) * Repeat panels when row is expanding (#10679) * dashboards: make scripted dashboards work using the old legacy urls * dashboards: redirect from old url used to load dashboard to new url * docs: updated whats new * playlist: fixes #10254 * dashboards: add new default frontend route for rendering a dashboard panel * alerting: small refactoring * dashfolders: POC - Use separate component for "Add permission" #10676 * removes uniqnes check on slug when saving dashboards * Drops unique index orgid_slug from dashboards. * plugins: return empty tables array insteaf of nil * url: fix for boolean querystring parameters * moved icon (#10681) * docs: updated whatsnew * docs: progress on whats new article * docs: updated version * docs: fixed order of sidemenu * test: fixes failing test in go1.10 * dashboards: fix links to recently viewed and starred dashboards * dashboards: use new *url* prop from dashboard search for linking to dashboards * dashboards: when saving dashboard redirect if url changes * dashboards: add new default frontend route for loading a dashboard * dashboards: return url in response to save dashboard. #7883 * dashboards: ensure that uid is returned from getSaveModelClone * alertlist: disable pause button when user does not have permission * dashboards: revert adding api for retrieving uid by slug * util: remove retry logic in shortid_generator * dashboards: add url property to dashboard meta and search api responses * dashboards: api for retrieving uid by slug. #7883 * dashboards: add support for retrieving a dashboard by uid * dashboard: change unique index for uid to include org_id * dashboards: return uid in response to creating/updating a dashboard. #7883 * dashboards: extract short uid generator to util package. #7883 * dashboard: fix failing test. #7883 * dashboard: generate and include uid in dashboard model. #7883 * db: add migrations for creating a unique index for uid. #7883 * db: add migrations for generating uid for existing dashboards. #7883 * db: add new column uid to the dashboard table. #7883 * enhance render function * add postgres_query.ts * moved icon (#10681) * dashfolders: remove inline styles * fixed width of images and removed gifs and fixed text a bit in search * docs: fixed order of sidemenu * test: fixes failing test in go1.10 * new gifs for search * docs: adds more info about whats new in v5 * docs: updated versions.json * alerting: add permission check in api for pausing alerts * query builder changes * dashfolders: adds comment for dashboard api tests * more query builder components * docs: added versions file * dashfolders: adds comment for dashboard acl test * api: extract api test code to common_test.go * repeat panel: minor refactor * WIP: folder api. #10630 * changed img for shortcuts * replaced img in export_import and sharing * Fix horizontal panel repeat. Fix #10672. * dashfolders: Add min-width to align icons in permissions list and some margin between icon and text #10275 * ui: Fix Firefox align issue in dropdowns #10527 (#10662) * fix: InfluxDB Query Editor and selecting template variable in where clause caused issue, fixes #10402, fixes #10663 * dashfolders: link to folder for inherited permissions * test: Update Tooltip test to check for className support * changed img-link for timerange imgs and some text * fix: remove repeated rows when repeat was disabled. (#10653) * test: Update Popover test to check for className support * dashfolders: Get rid of unused import #10275 * dashfolders: Use grafana's question mark instead of FA's and use the react tooltip instead of angular's #10275 * dashfolders: Add className to Tooltip component * fix: don't show manually hidden sidemenu after view mode toggle (#10659) * dashfolders: css class as parameter for Picker * dashfolders: select with description for permissions * fix: show sidebar after mouse wheel scrolling (#10657) * fix: tweak of PR #10635 * ux: minor tweak of #10634 * plugins: only set error if errorstring is not empty * Revert "Fix typeahead to avoid generating new backend request on each keypress. (#10596)" * call render in query * dashfolders: add help popover. Add folder title for inherited permissions * dashfolders: use react component for dashboard permissions * added hash rate units for monitoring mining processes * replaced input with gf-form-dropdown * reverted media queries * graphite: fix nested alerting queries (#10633) * fix for sm * added media break for md and sm * dashfolders: add disabled Admin permission to list * tech: upgrade to golang 1.9.3 * Locks down prometheus1 to v1.8.2 in live-test. * fix typo in parameter. (#10613) * dashfolders: autosave permissions on change (remove update button) * changelog: move all 4.7 changes into 5.0 * changed some img-links, updated text for annotated img, more work on whats new in v5.0 * changelog: be more explicit about backwards compatibility * WIP: Protect against brute force (frequent) login attempts (#10031) * dashfolders: fix tests for ViewStore after merge * Fix typeahead to avoid generating new backend request on each keypress. (#10596) * fix vertical panel repeat (#10619) * graph: fix series sorting issue (#10617) * dashfolders: New snapshot since we changed from defaultValue to value per latest React documentation #10275 * refactor: Replace _.find with Array.prototype.find() * dashfolders: Convert mobx observable to js objects and remove the observer() since we want to use the component outside the react/mobx world #10275 * dashfolders: Clean up more variables and move newType, aclTypes and permissionOptions to the store #10275 * dashfolders: Remove variables not used and pass in the real dashboardId #10275 * dashfolders: Remove those 2-line-components from PageHeader to make it easier to read and make sure components listening to the mobx state are wrapped with observer() #10275 * dashfolders: Add support for breadcrumbs in NavStore #10275 * dashfolders: Rename UserPicker folder => Picker. Inject the permission-store in the FolderPermissions-container instead of the Permissions component, add the PermissionsStore to the RootStore and and the error-message to the Permissions-store #10275 * dashfolders: Add Permissions information box #10275 * dashfolders: Fix page max width #10275 * dashfolders: Update jest tests with backendSrv #10275 * dashfolders: Add a Team Picker component and use it on the dashboard permissions page #10275 * dashfolders: Working user picker on the dashboard permissions page #10275 * dashfolders: Send down backendSrv to the react components #10275 * dashfolders: Re-use the API of the angular user picker instead, which is reusable #10275 * provisioning: delete dashboards from db when file is missing * dashfolders: Remove the PermissionsInner-strategy since we have a container for this route now #10275 * dashfolders: Permissions are injected via MST so it needs to be defined as optional #10275 * dashfolders: Add FolderPermissions container and make sure isFolder is passed to PermissionsStore #10275 * dashfolders: Always get dashboardid and backendsrv from props #10275 * dashfolders: Rem code to avoid tests to fail #10275 * wip: More on the permissions. Left are team picker and user picker, tests and error messages #10275 * fix: mobx-react-devtools is a dev dependancy #10275 * dashfolder: wip: More wip on acl.html2permissions.tsx #10275 * dashfolders: wip - Move Permissions into React #10275 * variables: lint fix * variables: fix when datasource returns error * fixes broken phantomjs rendering * added varibale to table hover, lightend colors for table light theme, fixes #10609 (#10611) * added whats new v5, changed link in notifications, removed row from getting started * fixes minor typo * provsioning: dont stop grafana due to missing * Disable prefix and postfix font size when gauge mode is enabled (#10573) * docs: improve docs for image uploaders * cfg: remove local as default image uploader * docs: Add haproxy example for running behind reverse-proxy * provisioning: enables title changes for dashboards * Cloudwatch: add support for multi instances (#10570) * ux: minor change, added import dashboard link to dashboard search side view * tech: adds/removes in vendor folder according to dep 0.4.0. * docker: sync local time and timezone to mysql_tests block * dashfolder: fix for sqlite test * dashfolder: fix for mysql test * mysql: pin the mysql dependency * tech: ignore /public and /node_modules * tech: ignore /data folder for dep * docs: first draft of dashboard folders docs * plugins: map error property on query result * stats: send amount of stars as stats * tech: avoid using deprecated functions * style: minor code style changes * dashboards: save provisioning meta data * provisioing: add lookup table provisioned dashboards * refactor: minor css class naming change of #10505 * refactor: minor refactoring of PR #10560 * cloudwatch: fix ebs_volume_ids by create a client-session before call ec2:DescribeInstances. (#10566) * docker: use mysql and postgres from latest fake-data-gen * Update OpsGenie Notifier to support different api domains. * 10583 panel resize icon fix (#10585) * dashboards: Fix issue with first click when expanding folder in search * cfg: adds info about local img uploader to docs * docs: adds info about local img uploader * changelog: adds note about closing #6922 * changelog: note about closing #9664 * changelog: adds note about closing #9770 * start query builder ui * Disable instead of hide mode options when line/points is unchecked * dashfolders: show folders use can save to in picker * dashfolders: fix bug in save as modal * Add lumens unit * add docs for configuring OAuth with Auth0 and Azure AD * install dep instead of govendor on setup * remove unused code from vendor * migrate from govendor to dep * fix: cloudwatch corrected error handling so original error is not thrown away * go fmt * support for decoding JWT id tokens * ds: updated ds nav * feat: ds edit fix * feat: ds edit nav * Generic Oauth Support for ADFS (#9242) * Recommend a limit on database query * Adjusted the border color on the buttons in dashboard nav, fixed alert email text area width, fixed padding-top issue on dashboard settings aside * dashfolders: stop user locking themselves out of a folder * dashfolders: add breadcrumbs to NavStore * codestyle: extract code into methods * mysql: convert numbers to text for annotation tooltip * mysql: update to use ColumnTypes interface in new version * mysql: update mysql driver to latest master * gofmt my dear friend * ux: updated react-layout-grid * plugins: send secureJsonData unencrypted * Make file_reader follow symlinks * dashboards as cfg: property path replaces folder * moves datasource plugin model to grafana/grafana_plugin_model * Update package.json * fix: fixed build issue * fix: multi valued query variables did not work correctly, fixes #10539 * move graphite /functions parsing into gfunc.ts * remove duplicate sass rules * fix tests & some display issues * fix: graphite func editor fixes, this component is messy and ugly as hell * fix: minor fixes * fix: restored previous behavior of form_dropdown, this fixes all my observerd bugs with the dropdown behavior * fix: query editor needs to wait for function definitions to load * fix issue with metric find & functions being loaded multiple times * interpolate variables in tags & values during autocomplete * fix typo * update rst2html * fix line length, run jscs & jshint in precommit * function description formatting * tooltips for function definitions * support specifying tag_values("") as graphite template query * use typeahead value in graphite find requests * send prefix when auto-completing tags * add button to trigger evaluation of tag queries * sync function categories with graphite-web * work on tag dropdown behavior * support for loading function definitions from graphite * Update building_from_source.md * Update README.md * Update default_task.js * Clearer naming for dashboard provisioning config. * ux: dashboard nav and settings tweaks * Tag filters in search (#10521) * fix: save as enter key now works and folder selection also works, fixes #10464 * use context over golang.org/x/net/context * docs: small update to IIS proxy docs * added a variable for grid color and if statment to switch colors, fixes #10509 (#10517) * dashboards as cfg: logs error when trying to import dashboard with id * code style fixes * dashfolders: bugfix after rename * dashfolders: bugfix after rename * Adds Table in backend datasource contract. * fix: share snapshot controller was missing ngInject comment, fixes #10511 * Use URLEncoding instead of StdEncoding to be sure state value will be corectly decoded (#10512) * Optimize metrics and notifications docs * Optimize cli and provisioning docs * imguploader: Add support for new internal image store (#6922) * docs: Guide for IIS reverse proxy * changelog: adds note about closing #9645 * telegram: Send notifications with an inline image * telegram: Switch to using multipart form rather than JSON as a body * telegram: Fix a typo in variable name * dashfolder: refactor breadcrumbs in PageHeader * dashfolders: convert folder settings to React * Adds Tables types to protobuf * fix: alert list pause/start toggle was not working properly * fix template variable selector overlap by the panel (#10493) * Review tsdb protobuf contract * dashboard: Close/hide 'Add Panel' before saving a dashboard (#10482) * supports windows compatible plugin binaries * fix: removed unused param * Fix variables values passing when both repeat rows and panels is used (#10488) * moved angular-mocks out of dependencies * ux: minor change to alert list page * ux: minor word change to alert list * fix: updated snapshot test * moves plugin proxy to plugin package * Add eu-west-3 in cloudwatch datasource default's region (#10477) * fix: Make sure orig files are not added to git again #10289 * improves name for plugin logger * fix: Remove conflict file #10289 * text panel: fix $apply already in progress error (#10486) * uses pluginmanagers log instead of global * 10389 react tooltip components (#10473) * test: Updated snapshot for UserPicker jest test #10289 * ux: When adding a new panel we should scroll to top until we figure o??? (#10417) * removes commented code * naming fixes and added test file * makes datasource handshake more explicit * backend plugins: improves logging * dashfolders: show/hide create folder or dashboard buttons * dashfolders: fix mergeconflict error * dashfolders: prettify * dashfolders: check permissions for new dashboard * dashfolders: allow any signed in user to get list of teams * fix gofmt warning * dashfolders: permissions for saving annotations * dashfolders: disable save button after save of acl * dashfolders: on folder page, hide tabs if not has admin permission * dashfolders: remove role requirements on dashboard routes * dashfolders: must have admin permission to save/see dash acl * dashfolders: prettify on tests file * dashfolders: permissions tab in dashboard settings * dashfolders: permissions tab for dashboard folders * fix for unsaved changes popup on tab close/refresh * fix: Clean up logging and remove unused css #10289 * fix: Rename directive user-pickerr (yes two r's) to select-user-picker * fix: Accidently added the conflict files (#10289) * test: Add snapshot tests for UserPicker and UserPickerOption (#10289) * fix: Add interface for props to UserPickerOption (#10289) * ux: POC on new select box for the user picker (#10289) * dashboard: fix opening links in new tab (#10465) * alert list: fix rendering timeout when share panel (#10467) * fix missing profile icon (#10469) * More fixes for relative urls when running Grafana under a different sub path (#10470) * put this.props.search in the Highlighter * moved state handling for search to store * Delete CopyQuery.png * Delete tgr288gear_line6.pdf * fix: added back colors to rootScope, fixes #10462 * fixed the subUrl bugs from https://community.grafana.com/t/suburl-not-work-at-some-links-and-buttons/4 701 with folder/settings/teams etc. * added /** @nginject */ * Fix typo in error message * updated snapshot * styling fix * added highlight to search * Updates go-stack to v1.7.0. * docs: adds note about tlsSkipVerify to docs * fixed regex issue * made a view of filtered list * updated jest file and snapshot * Remove silly noise * Update tests to match new reality, and rejig the implementation a bit to truly work as desired * Align queries to prometheus with the step to ensure 'rate' type expressions get consistent results * plugin: fix path for app plugins on windows * added search function * new styling and markup * cleanup: removed unused typescript typings import * new add alert notification channel icon * mobx: poc in using each store as individual prop on the react containers (#10414) * fix: Change max size of panel JSON editor so button is shown on smaller screens, #10346 (#10415) * poc: began react panel experiments, step2 * poc: began react panel experiments, step2 * Add AWS/AmazonMQ namespace metrics to CloudWatch tsdb (#10407) * add docs for using oauth login with OneLogin (#10385) * Update built_in_plugins.ts * poc: began react panel experiments * added empty list cta to notification channels, fixes 10393 (#10400) * mobx: fixed issue with view store, and added missing snapshot * tech: enzyme container test working * tech: enzyme container test working * react: trying to get enzyme and mobx tests working * tech: url and query mobx store so now react components and containers can read and modify url path and query via mobx store * tech: alert list react migration progress * fix info popover, #10302 (#10377) * fix move dashboard variables, #10347 (#10375) * dashfolders: relative links should work when root_path is specified (#10363) * fix mixed datasource add query button, #10316 (#10361) * tech: react mobx progress * Doc version and schemaVersion properties of dashboards * tech: began reworking alerting list to mobx * tech: progress on react pages * prom: fixes broken test * prom: make $__$interval the first suggested range vector * fixes log typo * imguploader: log if the configuration is invalid * changelog: adds note about closing #8955 * renderer: avoid calling Handle twice * migrated file to ts * dashboards as cfg: moves dashcash into its own file * dashboards as cfg: create dashboard folders if missing * fixed error * migrated files to ts * tests: for skipping with hidden folders * Implement Azure Blob external image uploader * migrated datasource to ts * tech: minor progress on mobx state tree & react containers, working on unit testing * Fix tooltip unit when legend isn't shown (#10348) * refactor: minor refactoring of PR #10236 * don't save dashboard on make editable, #10236 * fix scripted dashboard loader, #10350 (#10351) * new aws region cn-northwest-1 (#10353) * Dashboard: View JSON improvements (#10327) * refactor: tried to simplify and also minimize scope a bit for #10323 * ignore trailing whitespace (#10344) * (prometheus) show label name in paren after by/without/on/ignoring/group_left/group_right * dont spawn new subprocess while shutting down * Fix small singlestat value display * fix: fixed issue with optimized build, fixes #10333 * migrated file to ts (#10328) * plugins: restart killed plugins * query result should be a map * prom: removes limitation of one query per tsdb call * changelog: adds note about closing #10222 * pagerduty: fixes invalid default value * fix: remove unused code * dashboard: copy panel to clipboard * pagerduty: adds test for reading auto resolve setting * code formatting fix * migrated files to ts + fixed specfile * tech: cleaned up unused stuff * ux: removed unused stuff form style guide * prettier: ran on all files again, sorry. now settings are defined in package.json * tech: mobx tests * Add avatar to team and team members page (#10305) * Various dashboard folders improvements (#10309) * mobx: progress on poc * test for plugin path builder * merge backend datasources and datasources * use int64 for timestamps * fixes invalid valud/timestamp order * fix: unit test fixed * prettier: change to single quoting * ux: minor name change to search sections * db: fix postgres regression when comparing boolean columns/values (#10303) * dashboard: delete row improvements * poc: mobx test * fix missing comma in documentation output example * fix broken link (#10291) * minor fixes and formatting after review * dashfolders: use validation service for folder creation and dashboard import. #10197 * dashfolders: support creating new folder when moving dashboards. #10197 * dashfolders: support creating new folder when saving a dashboard. #10197 * dashfolders: support creating new folder in dashboard settings. #10197 * dashfolders: support creating new folder from the folder picker. #10197 * poc: mobx poc * tech: ran prettier on all scss files * tech: ran pretttier on all typescript files * search: closes dash search when selecting current dashboard (#10285) * fix: Original dashboard link from snapshot should be an a-tag, not a button (#10269) (#10283) * dashboard: fixes #10262 * added new to new dahsboard and folder * test: Update test with new component signature * pushover: update default message * delete unused icon files * fix: The /logout route should always full page reload (#10277) * tech: added prettier to precommit * ux: Add icon to selected option in PageHeader navigation on small screens, update select boxes for Firefox so the arrow to the right is aligned with the other select boxes (#10190) * ux: Fix color picker positioning when scrolled down to the bottom of a page (#10258) (#10271) * test: remove unused code * alerting: make alert extractor backwards compatible * alerting: move test json into files * Use strings.TrimPrefix to make sure relative url doesn't start with forward slash * Update README.md * fix: Navigation on small screens when Grafana is installed in a sub directory (#10252) (#10261) * cloudwatch: fixed optimized build issue, fixes #10174 * fix text panel rows limit (#10246) * use ace editor in panel edit (#10245) * docs: mysql example with macro * docs: mysql macros update * fix: reduced team name column length, fixes #10244 * ux: Add missing icon for login with grafana-com, fixes #10238 (#10249) * Kinesis Metric Capitalization * merge backend-datasource and datasource type * dashfolder: nginject fix * teams: missing nginject attribute * grid: disable resize and drag on non editable dashboards, closes #10235 * logging: removed logging from panel loader * menu: fixed create default url * fix: dont show settings for viewers * prometheus: change default resolution to 1/1 * fix: viewers can edit now works correctly * fix: fixed minor ux and firefox issues, fixes #10228 * ux: minor fixes * profile: use name or fallback for profile page * fix: sidemenu profile main text is now username instead of name * build: update master version to 5.0.0-pre1 * dashfolder: change to migration text * ux:s sidemenu icon rules * teams: add team count when searching for team * changed background color for infobox and new blues in light theme, light theme now uses blue-dark in panel query (#10211) * ux: fixed navbar issue when sidemenu closes * ux: minor position change for layout selector, fixes #10217 * fix: view json from share modal now works, #10217 * ux: used new add data sources icon * dashfolders: styling of selected filters * dashfolders: styling of selected filters * dashfolders: fix moving plugin dashboard to folder * changelog: adds note about closing #9170 * dashfolders: fix folder selection dropdown in dashboard settings * fix for merge conflict * add links for large cta * resolve merge conflict * dashfolders: bulk move/delete improvements * snapshots: fixed snapshot issues, fixes #10214 * docs: include all notifiers type * replaced old table with filter-table, removed edit button, made whole rows to links * playlist: fixed playlist buttons in dashboard header, fixes #10213 * docs: update latest version to 4.6.3 * ux: minor changes to search input * Magnifying glass on search fields #10188 (#10206) * templating: made templateSrv globally accessable as ES6 module, DashboardRow can not interpolate row title * fix: ignore row clones in schema migration * proxyds: delete cookies except those listed in keepCookies * dshttpsettings: Move whitelisted cookies to end of config page * proxyds: failing test for keepCookies * dshttpsettings: add field for cookies that should be kept * dashfolders: /dashboards should render index page with a 200 OK * update version for packagecloud * dashfolders: bulk move/delete improvements * add release date for 4.6.3 * fix: after removed file * dashfolder: fix after backendSrv change * dashboard: fix test after merge conflict * orgswitcher: update test * Avoid ID validation before provisioning dashboards * annotation icon fix * udpate dark json icon * dashboard settings icons * replace icon on dashboard list (fa-th-large - looked squished) with a smaller version of dashbord icon. This may not be the best way to do the css, so it's a separate commit * new icons created and added to nav * changelog: adds note about closing #7481 * fixes broken unit test * alertmanager: endAt should only be used if we have the correct value * alertmanager: code style * alerting: reduce log level for notifiers * Alertmanager notifier: add "metric" labels if no tags * Alertmanager notifier: make it match the new notifier interface * support alertmanager * Replace Read Only Editor role with ViewersCanEdit setting (#10166) * dashfolders: bulk move dashboards synchronously * dashfolders: remove error message when moving to the same folder. #10135 * teams: Fixes to edit team page * ux: minor text change to #10177 * made template link look like input (#10198) * minor tweaks * execute process directly instead of creating sub shell * Dashboard grid fixes (#10194) * refactor: minor change to #10199 * fix broken 'd r' shortcut (refresh dashboard) (#10199) * ux: updated login page * fixes switching org when url contains orgId querystring param * build: fixed build issue * ux: refactoring login page change * navmodel: fix for signout link on pref page * change protip to go to manage dashboards * search: worked on search results * added select-wrapper to where it was missing for unified look * changelog: adds note about closing #10151 * ux: wip - Login animation POC (#9879) * changelog: adds note about closing #9318 * ux: Move "Sign up" and "Reset password" to its own pages - and remove all inline styling (#9879) * fixes broken alert eval when first condition is using OR * ux: org user management changes * removes unused property * fixed edit team header, fixes #10172 * changed width to input fields (#10184) * ux: added search box to ds list page, closes #10106 * ux: change members to users * plugins: fixed plugin edit page and plugin page * dashfolders: Minor css fixes for bulk edit * dashfolders: Minor css fixes for bulk edit * docs: SSL Mode config settings for Postgres * dashfolder: settings page for folder * removes verbose logging * fix: FolderId and IsFolder when saving dashboard * ux: fixed inactive view mode and removed animation * removed unused declaration * updated dashlink editor, now has list * fix: Handle state when no password is entered on registration page (#9879) * adding support for sgl native time datatypes * added missing cases for DATETIME datatype * ux: move add member into its own page (#10167) * Add a per-notifier ShouldNotify() * minor fix for #10136 * Fix graph legend scroll (#10169) * fix colorpicker colors order (width issue) (#10170) * graphite: remove check so that query is sent even for possible non leaf nodes * fix: fixed build failure * ux: Use the previously renamed classes (#9879) * fix: fixed dashboard api tests * fix: don't detect graphite version before it's saved * updated new dashboard folder * ux: style tweaks * ux: Update ui of login buttons via third parties and add link to sign up page (#9879) * redesigning links editor * ux: search look update * tech: updated version for react-grid item * build: fixed unit test failure * Extracted row matching function and added comments * allow overriding dashboards from api * redesigning links editor * graphite: minor fix for PR #10142 the query was being sent for every segmen t you selected before you completed the metric path * build: fixed broken test * refactor: minor change to panel json fix PR #10156 * Move panel JSON editor to modal dialog (#10156) * ux: minor updates to dashboard settings * ux: dashboard settings updated * new dashboard and folder in search (#10152) * avatar: avoid concurrent map writes * redesign dashlinks * fix: fixed issue with optimized build grid directive missing ngInject comment, fixes #10161 * annotations: allows template variables to be used in tag filter * Add default message for Pushover notifications * refactor: format files by gofmt * ux: Adjust margins when external auth providers are enabled (#9879) * ux: dashboard settings progress * ux: dashboard settings work progress * dashfolders: new dashboard with folder selected * ux: wip - Push pixels for new login, remove inline styling, change so we use media queries using min-width instead of max-width and make sure it looks ok across all screen sizes (#9879) * ux: dashboard settings work progress * backend plugins: manage plugins lifecycle with context * ux: dashboard settings progress * ux: dashboard settings progress * ux: dashboard settings progress * backend plugins: dont swallow errors * fix: fixed failing test * backend plugins: cleanup protobuf files * ux: dashboard settings progress * backend plugins: add more datasource params * Type-agnostic row merge in table transform for multiple queries * ux: dashboard settings progress * ux: fixed navbar and sidemenu z-index issue and improved responsive rules * code style * implement upstream changes * fix: fixed build failure * changelog: adds note about closing #10131 * Explicitly specify default region in CloudWatch datasource (#9440) * add encoding param * wait for all sub routines to finish * fix function re-ordering broken in #9436 * add missing value fill code to mysql datasource * hyphenhyphen * support metric trees of varying depth, never send '.select metric' to graphite * simplify function parameter addition * ux: dashboard settings progress * fix typo * ux: minor changes * implement missing value fill functionality for postgres * allow optional 3rd argument to timeGroup to control filling missing values * ux: navbar progress * improve handling of query references * build: fix for tslint * ux: form styles polish, improvement but can be better * pass tsdbQuery to transformToTimeSeries and transformToTable to get access to selected frontend timerange * demonstrate parseTarget issue * fix: fixed panel size rerendering issues * pass Query to MacroEngine Interpolate * ux: work on dashboard settings views * dashfolders: Do not allow loading a folder as a dashboard * fix: Remove console.log * dashfolders: Folder picker should set correct default values. Fixes #10135 * refactor: user groups to teams, replace rest mentions * refactor: user groups to teams, rename backend files * refactor: user groups to teams, rename frontend files * refactor: rename User Groups to Teams * changelog: adds ntoe about closing #10111 * ux: forms style font size change * ux: dashboard settings progress * postgres: change $__timeGroup macro to include "AS time" column alias (#10119) * new timepicker is working * dashfolders: Create nav model for folder page client side #10083 * ux: minor change to new folder page * fix for search dropdown on small screen + icon overlapping fix (#10091) * ux: added react scrollbar component and added it to add panel panel * tech: updated ngreact and with custom PR applied * refactoring: #10130 * Revert "Don't animate panels on initial render (#10130)" * Don't animate panels on initial render (#10130) * refactoring: fixing bug when all values are null * fixes broken test * dashfolders: Hide search input area when showing CTA. #10083 * ux: graph legend refactoring * improve error handling for datasources as cfg * improve sample datasource.yaml * make gitignore more generic * grid css transforms: minor refactor (#10128) * dashboard grid: enable CSS transforms (#10125) * fixes issue with datasource/dash as cfg and gitignore * refactoring: changing how graph height and legend height is calculated, using flex box seems to actually work, #10079 * dashfolders: create folder page * refactor: removed graph height from legend decimal calc * dashfolders: css fix * fixes failing tests * dashfolders: New Dashboard Folder page * fix: move components tests to specs folder * Fix go fmt * kill plugin processes when grafana shuts down * fix: v5 sidemenu & link to shortcuts now works, fixes #10087 * separate plugin impl and proto files * correct comments * add hclog wrapper for grafanas logger in plugins * add go-plugin deps to vendor * initial version of proto files * changelog: breaking regardless what your running * changelog: better styling * removes last pieces of dashboard.json * refactor: sidemenu toggle & hiding logic * changelog: note about closing #5269 and #9654 * dashboards as cfg: update docs to use /provisioning * dashboards as cfg: move dash/ds config files to /provisioning/* * dashboards as cfg: copy dash/ds files if missing * dashboards as cfg: include cfg files in dist packages * dashboards as cfg: avoid walking fs in parallel * dashboards as cfg: type * dashboards as cfg: disable loading dashboards from disk by default * dashboards as cfg: wire up dashboard repo * dashboards as cfg: use gocache for caching * dashboards as cfg: expose dashboard service as interface * dashboards as cfg: move saving logic for dashboards into its own service * dashboards as cfg: revert minor changes * dashboards as cfg: move dashboard saving into its own service * dashboards as cfg: minor tweaks * dashboards as cfg: make dashboard none editable by default * dashboards as cfg: more tests * dashboards as cfg: code cleanup * dashboards as cfg: read first cfg version * removed row to center footer (#10115) * ux: minor cleanup * mysql: pass timerange for template variable queries (#10071) * dashboard: fix edge case with keyboard nav in dashboard search. #10100 * Solves problem with Github authentication restriction by organization membership when the organization's access policy is set to "Access restricted". "Access restricted" policy should not stop user to authenticate. * graph: fix legend height calculation * postgres: pass timerange for template variable queries (#10069) * graph: move auto decimals calc to ticks.ts and use it for legend values format. * Resolves grafana/grafana:#9309 * dashboard: fix linting and formating - #10100 * dashboard: keyboard nav in dashboard search - closes #10100 * graph: refactor (don't render twice) * handle native postgres datetime types in annotation queries (#9986) * treat any text column in timeseries query as metric name unless column (#9985) * Fixing tabs for Grafana 5 - #10082 (#10103) * other panels now hidden, fixes 10088 (#10102) * fixed 404 for grafana5 + now responsive (#10101) * dashboard: fix search results tests #10083 * dashboard: Show CTA for empty lists/folders #10083 * dashboard: Dashboard folder page wip #10083 * prom: enable min interval per panel * Fix merge issue on multi-query table transforms * graph: fix karma tests * graph: render legend before graph * added tooltip, fixes #10092 (#10097) * graph: refactor * graph: convert legend.js to typescript * fixing a few fromattings * adding mssql docs * docs: link from cfg page to provisioning * reduce app icon by 3px on home dashboard - wasn't lining up properly with starred/recently viewed dasboard list properly * ux: minor style tweaks to cards and sidemenu icons for white theme * ux: tweaked light theme and made page container more fluid * dashboard: dashboard search results component. closes #10080 * docs: added utm_source for link from ds list page to docs page * updating the query editor's syntax highlighting mode to sqlserver * fixed grey colors in light-theme, added new variables, played a bit with blue * v5: removed permissions from dashboard cog dropdown, closes #10068 * nav: updated nav item id for manage dashboards * refactoring PR #10068 * dashboard: migrations for repeat rows (#10070) * Backwards-compat for multi-query table transform * graph: make legend scrollable * removes unused properties * Making the multi-query table transform the default table transform * ux: updated padding * ux: Add CTA for empty lists * move import menu item to the original place * move DashboardImportCtrl tests to jest * Move import dashboard from modal to the page * refactor: minor refactoring of #10027 * new grays for light theme * sidemenu: responsive sidemenu view for smallest breakpoint * add _tests for mssql data source * ux: tabs update * Tests for multi-query table transform * ux: updated modal header design * ux: progress on time picker dropdown version * fix templating undefined error (#10004) * tweaks to add panel panels * ux: updated dashboard nav * MSSQL Data Source * add server only build target "build-srv" * ux: dashboard setings progres * add Cloud Alchemy Ansible role * started on dashboard settings refactor * ux: add new panel and dash nav improvements * Added basic table transformer test * typo :boom: * influxdb: pass tags to alerting from influxdb client * ux: dashboard nav update * ux: new dashnav design * ignore /conf/**/custom.yaml files * repeat row: refactor * Fix dashboard menu overlapping (#10044) * Add multiquery_table table transform * typo :boom: * move systemd ready notification to server.go * changelog: adds note about closing #10024 * page header now on 99% of pages * navigation: more progress on new page header * ux: new page-header design, most pages beside admin done * fixed sass warnings * ux: made plugins page work * Use systemd notification where applicable * progress on page header * tweaked color on heatmap. still not there, but more vibrant * ux: new page header progress * added bundled dashboards * ux: progress on new page header * dashboard: when changing route, scroll to top * grafana-10039: fix query time range ends in the past * ux: work on page header * Revert "prometheus nested query support" * ux: updating header design for pages * fix: when navigating, scroll to top * repeat row: add more tests * ux: new page header design * tweak background size * new test svg background, minor form tweaks * ux: search filter box * ux: changed body default font size to 13px * test: fix failing postgres test * Added border radius and tightened up the folder boxes. Still needs to have the bottom margin expanded to 8px when in opened state (this needs @torkelo) * test: speedup mysql and postgres integration tests by 10-20x * repeat row: expose scopedVars to row panels * ux: search design update * repeat row: handle collapsed rows * notifier: Fixes path for uploaded image for Slack notifier * formatting in build file * dashboard: initial repeat row implementation * prometheus nested query support * fix render http[get] params error * test: close file before deleting * Restore Page Footer after migration to new scrollbar #9652 * export view json now templatized, fixes #10001 * dashfolders: Add a helper for creating a dashboard folder * dashfolders: revert automatic creation of folders for plugins * styling changes for light theme * grid: use single column layout for mobile devices (#9999) * fix panel solo mode (#10002) * dashlist: handle recent dashboards removed from backend * dashfolders: don't create app folder on dashboard import if already exists * dashfolders: create app folder on dashboard import * datasource: fix merge conflict - restore dashboards tab * search fix and update buttons on dashboard list page * fix: removed table background * build: fixed lint issue * fixed link i specs-file * Improve dashboard grid layout migration WIP (#9943) * test fix * updated libs and fixed new typescript errors * dashlist: Support for clear all filters * migrated viewstatesrv to ts * added yarn.lock file back * ux: table design work * panel: open panel menu by click on header * ux: search progress * worked on search * migrated four files from js to ts * migrated four files to ts, addd some code to config to make it work (#9980) * Update NOTICE.md * Update LICENSE.md * ux breadcrumb work * ux: sass fixes and polish * dashlist: Support for check/uncheck all * Migrate gfunc to ts (#9973) * migrated admin files to ts (#9975) * migration of org files from js to ts (#9974) * sass tweaks * dashlist: When searching should reset checked state to false * More js to ts (#9966) * dashlist: change scrollbar to new perfect scroll directive * docs: Improve delete snapshot documentation * ux: fixed sass issue * sass refactoring and updating styles for list item elements * dashlist: style list to be same as dash search * css tweaks and cleanup * removing gemini scrollbar and replacing with perfect scrollbar, muuuch better * dashlist: starred filter search * ux: tweaked panel color and dashboard background is same as page background * removed call to unused function in panel_ctrl * scrollable panels works better with perfect-scrollbar * Update latest.json * Optimized number of lines fetching in log file initialisation * work on scrollable panels * converted 3 .js files to .ts (#9958) * docs: adds docs for pausing all alerts * Removing file that got committed by accident * scrollable panels: fix initial content size (#9960) * Delete LICENSE.txt * dashlist: adds tag filter select (GitHub style) * [GCS] Support for gcs path * dashlist: toggle folders * dashboard: fix test for folderIds * allows head requests for /api/health endpoint * dashlist: fix tag filtering and some css * fix: fixed issue with metric segment introduced in graphite tags query editor PR * progress on scrollable panels work * mysql: add data source support for Azure MySql * fixed unit tests * fix: alert list panel now works correctly after adding manual annotation on dashboard, fixes #9951 * Elasticsearch max_concurrent_shard_requests parameter for es 5.6+ * prom: add prom2 dashboard as bundled dashboard * show top 5 max scrape durations by job, and fix legend format * fix scrape duration, add rule eval iteration stats, and reorg a bit * fix data source var and remove node_exporter dependency * First draft of a Prometheus 2.0 Stats dashboard * prom: initial docker block for prometheus 2 * tweak tabs: * color fix * make grays cooler * dashlist: started fixing js/css after design changes * updated search * more work on search * minor update to dashboard search * converted test-files to jest * improved search srv * converted influx-series to TS, converted test to jest * dashboard search * working on dashboard search * Move the loading flag to PanelCtrl (#9929) * graph: disable zoom in non-timeseries modes (#9914) * changed padding to pixels, fixes #9916 (#9924) * Use correct moments format for Showing last us time instead of value test (#9923) * Don't import JSON dashboards from hidden directories. * new design for login * fix: build & tests * search: add expanded folders * influxdb: another minor refactor of #9474 * refactor: refactoring InfluxDB query builder with policy PR #9473 * refactor: refactoring InfluxDB query builder with policy PR #9473 * docs: added versions_to_keep to config docs, #9671 * refactoring: minor refactor of clean up dashboard history PR #9882 * fix: fix for avatar images when gzip is turned on, fixes #5952 * elasticsearch: default version to 5.x * Adding a user in a specified organisation uses the admin API * panels: add css tweaks for scrollable panels * dashboard history clean up: avoid potential SQL injections * search: refactor search sql into a builder class * changelog: note about closing #9798 * removes invalid comment * api: fix so that datasources functions returns Response * changelog: note about closing #1789 * fix: Use Response as return type * fix: return id from api when creating new annotation/graphite annotation, fixes #9798 * datasources as cfg: adds docs for all jsondata and secure_json fields * graphite: minor changes * text panel: make scrollable * panels: general property which makes panel scrollable * datasources as cfg: convert yaml map into json for jsonData * fix: fix cloudwatch metricFindQuery error that stopped it working completely, fixes #9876 * dashlist: css adjustments for scrollbar * dashlist: fix resizing after mode switching * dashlist: add scrollbar * dashlist: fix panel resizing * docs: update metrics api path * changelog: adds note about closing #1871 * fixes: #1871 Dropdown starred (#9490) * dont loose subsecond precision when dealing with timestamp or (#9851) * graphite: progress on new query editor * datasource as cfg: fixes typos * docs: format cfg mgt tools as table * docs: adds more info about provisioning * datasource as cfg: update docs to include globbig * datasource as cfg: show deletes first in example * datasource as cfg: support globbing * datasource as cfg: enable editable ds's * datasource as cfg: add org_id to example config * tweak docs * datasource as cfg: adds readonly datasources * datasource as cfg: refactor to use bus * datasource as cfg: test for reading all properties * datasource as cfg: adds provisioning docs * datasource as cfg: rename feature to provisioning * datasource as cfg: improve name for this feature * datasource as cfg: refactor tests to use yaml files * datasource as cfg: ignore datasource all ready exist for inserts * datasource as cfg: add support for securedata field * datasource as cfg: setting for purging datasources not in cfg * datasources as cfg: tests for insert/updating datasources * datasource as cfg: basic implementation * More energy units (#9743) * Add feet to the length menu (#9889) * middleware: recovery handles panics in all handlers * sql: small fix to error handling * graphite: progress on new query editor * changelog: make prom fixes more explicit * dashboard history clean up: add tests * tech: ignore debug.test file created by VS Code * dashboard history: refactor after review * changelog: adds note about closing #9777 * prom: add support for default step param (#9866) * properly escape components of connection string (#9850) * refactor: changed string slicing to strings.TrimPrefix, #9862 * dashboard history: clean up dashboard version history * build: fixed jshint error * sync documentation, add remark about to_timestamp and redshift (#9841) * fix: Html escaping caused issue in InfluxDB query editor, could not pick greater than or less then operators, fixes #9871 * changelog: adds note about closing #8523 * teams: removes print statement * Add Microsoft Teams notifier * docs: update building from source doc with node-gyp * heatmap: fix tooltip in "Time series bucket" mode, #9332 (#9867) * fix: Table panel now renders annotations correctly. Fixes #9842 (#9868) * build: fixes build and jest tests on Windows * fix cloudwatch ec2_instance_attribute (#9718) * graph: the stack & legend sort sync was not working correctly, the z-index sorting that happened in after the legend sort order was applied and messed with the order even though the sort function returned zero for all entries, combined the sort function to one sort function, fixes #9789 (#9797) * not ok option to alert list, fixes: #9754 * changelog: note about closing #9661 * return empty array for no datapoints * fix query inspector for cloudwatch * Add AWS/NetworkELB to cloudwatch definitions * changelog: note about closing #9784 * test: adds tests for password encodiing * use SHOW RETENTIONS to test influxdb connection (#9824) * Use hex.EncodeToString to encode to hex * Added missing documentation for auth.proxy (#9796) * fix date test (#9811) * docker: expose statsd endpoint for graphite block * update lib/pq (#9788) * Update the config key to database_log_queries so it is more descriptive, as suggested in #9785. * graph: don't change original series name in histogram mode, #8886 (#9782) * MySQL Performance when using GF_DATABASE_URL Set MaxIdleConn and MaxOpenConn when using the GF_DATABASE_URL configuration. Also added GF_DATABASE_DEBUG flag to print SQL statements and SQL execution times. See #9784 for the details. * Update postgres.md * colorpicker: fix color string change #9769 (#9780) * refactor: alert list panel fixes and no alerts message, rewrite of PR #9721 * feat: refactoring hide time picker PR #9756 * search: began writing test for new search * changed class name for no-alerts * chore(docs): update the search Query Example * ux: search progress * dashfolders: fix for dashlist nav * reduce docker-compose header version * ux: progress on new search * ux: minor changes * ignore docker-compose.yaml * docs: update latest release to 4.6.1 * packages: update published package version * option to hide Time picker, fixes #2013 * fix: panel view now wraps, no scrolling required, fixes #9746 * changelog: set release date for 4.6.1 * changelog: adds note about closing #9707 * fix default alias * add period alias * plugins: fix for loading external plugins behind auth proxy, fixes #9509 * testdata: added manual entry mode to test data * new design for no alerts in alert-list, fixes #9721 * fix: fixed compiler error from #9676 * converted ng_model_on_blur.js to ts, deletedkeyboard_manager.js (#9676) * docs: update testdata enable explanantion * MAINTAINER is deprecated, now using LABEL * Update ROADMAP.md * Adding energy, area, and acceleration units (#9336) * tests: migrated tests for link_srv to jest, #9666 * Transitioning fig to docker-compose v3 * tests: migrated tests for link_srv to jest, #9666 * fix for dashboard tag link bug, fixes #9737 (#9739) * github: dont require bug/fr in title * changelog: adds note about closing #9713 * converted confirm_click.js to .ts (#9674) * Update codecov.yml * change default sslmode for postgres to verify-full (#9736) * fix: color picker bug at series overrides page, #9715 (#9738) * Update ROADMAP.md * tech: switch to golang 1.9.2 * always quote template variables for mysql when multi-value is allowed (#9712) * always quote template variables for postgres when multi-value or include (#9714) * fix: dashboard links dropdown toggle did not update view, fixes #9732 * docs: adds prom grafana dashboard * graphite: tag is required for values autocomplete * dashfolders: bulk edit tag filtering * Correct help message of api_dataproxy_request_all_milliseconds * changelog: adds note about closing #9645 * changelog: adds note about closing #9698 * ace editor for text panel * dashboards: bulk edit delete * tech: add missing include * dashboards: fix link to bulk edit * sql: remove title from annotation help * changelog: adds note about closing #9681 * fix: undefined is not an object evaluating this., #9538 * [Bug Fix] Opentsdb Alias issue (#9613) * fix: graphite annotation tooltip included undefined, fixes #9707 * Alertlist: Inform when no alerts in current time range * save as should only delete threshold for panels with alerts * graphite: tags and values autocomplete based on @DanCech PR to graphite-web * changelog: note for #9596 * add __timeGroup macro for mysql (#9596) * updated icons * docs: fix link * ux: testing 3px panel border radius * more link fixes * fixed link issues * renamed file * converted inspect_ctrl.js to ts (#9673) * converted dashboard_loaders.js to .ts (#9672) * declared any to info in declaration * converted analytics.js to ts, minor code formatting fix to timer.ts (#9663) * docs: updated download links * docs: update alerting with new data sources * changelog: spelling * plugins: added backward compatible path for rxjs * ux: updated singlestat default colors * prometheus: fixed unsaved changes warning when changing time range due to step option on query model was changed in datasource.query code, fixes #9675 * docs: updated changelog * fix: firefox can now create region annotations, fixes #9638 * changelog: adds note about closing #9639 * set release date for 4.6.0 * grid: work in progress on row repeats * dashfolders: rough draft of bulk edit * converted linkSrv.js to linkSrv.ts * docs: update docker installation docs * grid: minor changes * converted outline.js to outline.ts (#9658) * converted timer.js to timer.ts (#9656) * datasource as cfg: typo * Create codecov.yml * datasource as cfg: explain why cmd.version can be higher * #edit_grafana_organisation_apis_doc (#9651) * add a phantomjs execution status to log if errors happens, e.g. OOM killer kills it (#9644) * grid: worked on row options modal and row removal * dashboard: fix home dashboard getting started panel * Fix typo in template help tab * replace store.js with store.ts, test for store.ts (#9646) * tests: added test for DashboardRow * docs: update first page with data source guides * docs: document annotations for postgres/mysql * docs: update for template variables * changelog: spelling * Allow for multiple auto interval template variables (#9216) * changelog: adds note about closing #9645 * tech: remove rabbitmq event publisher * changelog: note for #9030 * dont quote variables for mysql and postgres datasource (#9611) * asscoiate comment with name * Update development.md * ux: row collapse / expand starting to work * changelog: adds note about closing #9640 * alerting: only editors can pause rules * prom: adds pre built grafana dashboard * changelog: adds note about closing #9636 * fix: another fix for playlist view state, #9639 * ux: updated icons * shore: migrating config/settings.js to typescript * fix: fixed playlist controls and view state, fixes #9639 * Fixed #9636 * shore: removed unused old system conf file * Use d3 from node_modules (#9625) * update log15 (#9622) * docs: update whats-new-in * changelog: small text change * changelog: v4.6.0-beta3 released * tech: annotations refactor, add tests for regions processing (#9618) * Move #9527 to 4.6.0-beta3 * build: disable jest on precommit hook -windows fix * build: fix all npm run commands for Windows * plugins: fixes path issue on Windows * build: tryingt of fix windows build issue * tests: removes commented tests * graph: invert order when sorting by legend * fix: escape series name in graph legend, added aliasEscaped to time series model to reuse escape, fixes #9615 * build: fixed gofmt issue and addd mock response feature * prometheus: enable gzip for /metrics endpoint * build: split circle test shell scripts * datasources: change to optimisic concurrency * build: reduced webpack log output and remove race flag from go tests * build: set max workers to 2 for jest * build: log heap usage * build: another build fix * tests: migrated two more tests to jest * build: fixed build failure * build: reworking pre commit hook * build: added precommit * fix: fixed tslint validation error * test: added first react snapshot test * docs: another docs fix * docs: fix docs redirect for older datasources index page, fixes #9609 * [Tech]: Start migrating to Jest for tests (#9610) * Fix typo in init.d script * graphite: auto detect version * graphite: improved version comparison * graphite: split tags and functions into 2 rows when seriesByTag used * graphite: add tags to dropdown and switch to tag editor if selected * plugins: expose dashboard impression store * ux: minor ux tweaks * Sort series in the same order as legend in graph panel (#9563) * fix: fixed save to file button in export modal, fixes #9586 * mysql: add usage stats for mysql * run go fmt * Add a setting to allow DB queries * note for #9527 * modify $__timeGroup macro so it can be used in select clause (#9527) * Fix heatmap Y axis rendering (#9580) * prometheus: add builtin template variable as range vectors * Note for #5457 * fix: fixed prometheus step issue that caused browser crash, fixes #9575 * changelog: adds note about closing #9551 * fix: getting started panel and mark adding data source as done, fixes #9568 * pluginloader: esModule true for systemjs config * Fixes for annotations API (#9577) * ux: new fixes * Grafana5 light (#9559) * When Messasge field is set for an alert, map it to the output field in a Sensu check result. If Message is empty, send "Grafana Metric Condition Met" * ux: work on rows * fix vector range * allow ":" character for metric name * build: added imports of rxjs utility functions * grid: row work * fix template variable expanding * annotations: quote reserved fields (#9550) * fix: fixed color pickers that were broken in minified builds, fixes #9549 * ux: align alert and btn colors * docs: doc updates * remove duplicative prometheus function * remove label match operator from keyword.operator * remove label match operator from keyword.operator * remove extra state push * fix typo * newgrid: row progress * styleguide: fix link in index * api: fix for dashboard version history * textpanel: fixes #9491 * graphite: datasource refactor * csv: fix import for saveAs shim * grid: minor progress on new row concept * ux: add panel progress * alert_tab: clear test result when testing rules * ux: worked on add panel function * plugins: expose more util and flot dependencies * (cloudwatch) fix cloudwatch query error over 24h (#9536) * Add autofocus tag for username field on login.html (#9526) * show error message when cloudwatch datasource can't add * ux: minor button changes * CloudWatch: Add ALB RequestCountPerTarget metric * ux: color tweaks * ux: testing out new icons * set nightly version to v4.7.0-pre1 * changelog: adds release date for v4.6.0-beta1 * ux: minor fixes * grid: fixed grid width issues * grid: repeat refactoring and unit tests * Missing dot in aws credentials path * newgrid: added constants, changed grid to 24 cols, added tests for panel repeats * docs: doc updates * grid: minor progress on panel repeats * changed name back to use underscore instead of camelcase, need to think more about this * fixed dashboard sorting * newgrid: worked panel duplicate * fix: various fixes for new grid * dashgrid: fix or skip tests for repeat rows * dashboardgrid: disable dynamic_dashboard_srv for now * ux: style tweaks * newgrid: various fixes * If retention policy is set for influxDB, preprend that to the measurement name for exploration queries. * newgrid: fixed migration code to new grid * docker: updated our graphite docker container * grid: edit/view now works * dashboard: fixes for panels without rows * webpack: changed devtools setting to stop exceptions * fix: ignore upgrading dashboard grid when there are no rows * grid: fixed migration for rows without height * ux: minor fix sidemenu * newgrid: progress on fullscreen/edit view modes * search: fix search to limit dashboards better * grid: fixed geting started panel pos * grid: progress on react grid * grid: progress on new grid, resize & saving layouts works * grid: minor progress * tech: got angular component to load inside react grid * grid: need to find a way to add angular component inside react * ux: initial react grid poc * graphite-tags: refactor, improve performance - remove unnecessary parseTarget() calls * graphite-tags: add tests * graphite-tags: refactor, use instead of * graphite-tags: initial tag editor * Update kbn.js * Update kbn.js * fixes * Use B/s instead Bps for Bytes per second * fix merge issue * develop: fixed more broken tests, couple still failing * ux: alternative row design * newgrid: fixes to default home dashboard * ux: minor fixes * ux: new grid progress * grid: minor progres on new grid * grid: minor progres on new grid * ux: minor button changes * ux: minor updates * ux: changed cta button style * minor fix * ux: added scroll to two pages * minor fix for page-h1 * grid work * progress on rows as panelsW * fixed unit tests * minor user avatar stuff * started on rows as panels in single grid * minor user list cahnge * users view update * ux: color tweaks * Moved around the columns a bit * ux: dashboard stuff * ux: minor changes * ux: sidemenu animation duration * ux: fixed sidenav issues * ux: sidemenu toggling * ux: sidenav fixes and dashboard search changes * ux: switching orgs now works through modal * ux: making org visibile in profile view * ux: more nav work * ux: nav fixes & polish * ux: more nav work * ux: more nav work * ux: navigation work * ux: sidenav fixes and dashboard search changes * ux: more work on sidemenu * Silly gradient added a placeholder. no more experimentation to be done here until Trent has a pass at it * ux: scrollbar stuff * Added drop shadown for sticky scrolling, moved colors into dark and light variables * Reduced size of breadcrumbs, additional form styling. Colors still need to be adjusted * Starting to play with new form styles * ux: minor scroll fix * ux: removed custom scrollbar look * ux: reduced size of sidemenu icons a bit * ux: testing fixed sidemenu and breadcrumbs * ux: minor navbar update * ux: new breadcrumb progress * ux: wip * ux: new page header look wip * ux: testing roboto font * ux: use flexbox for sidenav, put logo in sidenav * moving panels betwen rows are starting to work * grid: progress on row support * grid: new grid fixes * new-grid: fixed destory issues * grid: remove panel works * grid: updated gridstack to use grafana fork * feat: new grid fixes * minor fixes * updated * feat: new grid system progressW * ux: minor panel menu fix * ux: minor panel menu tweaks * ux: tweaks to new panel menu * updated * dashfolders: inherited permissions for dashboards * dashfolders: handle permission changes when saving/moving dashboards * added code from #8504, and #8021 * dashboard folder search fix * dashfolders: fix user group picker + cleanup * dashfolders: rename refactor * dashfolders: validation for duplicates in acl modal * minor update * ux: style tweaks, trying out non italic headers * ux: nav changes * added sidemeu stuff * dashfolders: use canadmin permission in settings menu * dashfolders: tests for permission modal * dashboard acl fixes * acl fixes * dashfolders: new admin permission needed to view/change acl * acl: more acl work * dashfolders: filter search based on child dash permissions * dashfolders: allows phantomjs rendering for alerting * dashfolders: allow overflow-y for modals * dashfolders: security for png rendering * dashboard acl stuff * dashboard acl work * dashboard acl * working on dashbord acl stuff * WIP: first draft of permissionlist panel * dashboard acl * dashboard acl work * WIP: fix js tests for acl * WIP: fix folder-picker for dashlist * dashboard acl work * refactoring: dashboard folders * dashboard acl modal * WIP: adding roles - not finished * refactoring: moving dashboards acl migrations to its own folder * WIP: fix acl route * refactoring: renaming * folders: changed api urls for dashboard acls * refactoring more renaming * refactoring renaming dashboard folder operations * dashboard_folders refactoring * refactoring dashboard folder security checks * dashboard guardian refactoring starting to work * dashboard folders acl work * refactoring dashoard folder guardian * WIP: refactor user group modal * refactoring: Dashboard guardian * WIP: remove unused test file * WIP: refactor dash search and remove extra query * WIP: move guardian logic for search into the sql query * WIP: remove dashboard children on delete * dashboard_folders: refactoring picker and folder selection in dashboard settings & save as menu * WIP: adds API check to stop folders being included in folders * use gf-form-dropdown in user picker * WIP: add test for add user group permission * WIP: can edit dashboard permission * WIP: clean up after user and org user delete * WIP: remove permissions when deleting global user * dashboard_folders: updated * WIP: delete dependent permissions on user group delete * dashboard_folders: fixes to user picker & group picker * dashboard_folders: fixes to user & group picker * minor update * WIP: permission checking for dash version api methods * ux: gridstack poc * Gridstack: testing * WIP: check permissions for delete/post dashboard * WIP: fixes after version history merge * ux: nav experiments * WIP: add permission check for GetDashboard * ux: side nav experiments * WIP: fix test after merge conflict * WIP: fix go fmt error * WIP: user + user-group pickers for permissions * WIP: API - add dash permission * WIP: user-picker directive * WIP: Permission Type as string in permission query * WIP: fixes after navbar changes * WIP: dashlist in template for new folder * WIP: refactor folder-picker for dashlist * WIP: dashboard search by folder + toggle for list or tree mode * WIP: adds folder-picker to save as dialog * WIP: use metric-segment for folder picker * WIP: add dummy root folder to folder picker * WIP: Create new dashboard button in dash search * WIP: permissions moved to settings tab. Adds folder dropdown to general settings tab * WIP: add parentid to getdashboard query result * WIP: dashboard search by type (folder or dash) * WIP: fix after upstream sqlstore refactoring * WIP: rollback * WIP: delete permission in API * WIP: user group additions * WIP: remove browse mode for dashboard search * WIP: get Dashboard Permissions * WIP: add open/closed folders icons for dash search * WIP: Can remove dashboard permission - sql * WIP: limit GetAllowedDashboards sql query with a where in * WIP: Add or update Dashboard ACL * WIP: guardian service for search * dashboard: sort search with dash folder first * WIP: add some TS types * WIP: edit user group page * WIP: API methods for add/remove members to user group * WIP: add update user group command * WIP: add new group, needs to be redone * WIP: add user group search * WIP: add usergroup commands and queries * WIP: rough prototype of dashboard folders * ux: very early start to new sidemenu * ux: very early start to new sidemenu * ux: minor tweak to faintness of icons of panel menu caret * ux: minor progress on panel title menu makover * use the original options parameter * use targets[0] as the options * pass the options along with a _seriesQuery * pass database parameter in the options * allow setting the database * ux: more work on panel menu * ux: panel title ux improvements poc * Sending image * Discord integration Changes in grafana-natel-discrete-panel: - Add recompress source service - Add set_version source service - Enable changesgenerate for tar_scm source service - Update to version 0.0.9: * split commands * put back the history Changes in openstack-aodh: - Add %_tmpfilesdir to %files Changes in openstack-barbican: - Add %_tmpfilesdir to %files Changes in openstack-cinder: - Add %_tmpfilesdir to %files Changes in openstack-gnocchi: - Add %_tmpfilesdir to %files Changes in openstack-heat: - Add %_tmpfilesdir to %files Changes in openstack-ironic: - Add %_tmpfilesdir to %files Changes in openstack-magnum: - Add %_tmpfilesdir to %files Changes in openstack-manila: - Add %_tmpfilesdir to %files Changes in openstack-monasca-agent: - Add dependency: * fdupes * pwdutils and shadow-utils for useradd/groupadd - remove rpm-packaging integration - Add %_tmpfilesdir to %files Changes in openstack-murano: - Add %_tmpfilesdir to %files Changes in openstack-neutron: - Add %_tmpfilesdir to %files Changes in openstack-neutron-vpnaas: - Add %_tmpfilesdir to %files Changes in openstack-nova: - Add 0014-Provide-VIR_MIGRATE_PARAM_PERSIST_XML-during-live-migration.patch - (bsc#1175484, CVE-2020-17376) - Add 0001-rbd_utils-increase-_destroy_volume-timeout.patch (bsc#1154434) - Fix for https://bugs.launchpad.net/nova/+bug/1856845 Changes in openstack-sahara: - Add %_tmpfilesdir to %files Changes in python-google-api-python-client: - Add pr-201.patch . This enables also older oauth2client versions. - update to 1.5.0: - Release to support oauth2client >= 2.0.0. - Fix file stream recognition in Python 3 (#141) - Fix non-resumable binary uploads in Python 3 (#147) - Default to 'octet-stream' if mimetype detection fails (#157) - Handle SSL errors with retries (#160) - Fix incompatibility with oauth2client v2.0.0 (#182) - Add automatic caching for the discovery docs. - Add the googleapiclient.discovery.Resource.new_batch_http_request method. - Python 3 support. - Small bugfix release. - Fix an infinite loop for downloading small files. - Fix a unicode error in error encoding. - Better handling of `content-length` in media requests. - Add support for methodPath entries containing colon. - Quick release for a fix around aliasing in v1.3. - Add support for the Google Application Default Credentials. - Require python 2.6 as a minimum version. - Update several API samples. - Finish splitting out oauth2client repo and update tests. - Various doc cleanup and bugfixes. - We've added `googleapiclient` as the primary suggested import name, and kept `apiclient` as an alias, in order to have a more appropriate import name. At some point, we will remove `apiclient` as an alias. - Due to an issue around in-place upgrades for Python packages, it's not possible to do an upgrade from version 1.2 to 1.3. Instead, setup.py attempts to detect this and prevents it. Simply remove the previous version and reinstall to fix this. - The use of the gflags library is now deprecated, and is no longer a dependency. If you are still using the oauth2client.tools.run() function then include gflags as a dependency of your application or switch to oauth2client.tools.run_flow. - Samples have been updated to use the new apiclient.sample_tools, and no longer use gflags. - Added support for the experimental Object Change Notification, as found in the Cloud Storage API. - The oauth2client App Engine decorators are now threadsafe. - Use the following redirects feature of httplib2 where it returns the ultimate URL after a series of redirects to avoid multiple hops for every resumable media upload request. - Updated AdSense Management API samples to V1.3 - Add option to automatically retry requests. - Ability to list registered keys in multistore_file. - User-agent must contain (gzip). - The 'method' parameter for httplib2 is not positional. This would cause spurious warnings in the logging. - Making OAuth2Decorator more extensible. Fixes Issue 256. - Update AdExchange Buyer API examples to version v1.2. - Add PEM support to SignedJWTAssertionCredentials (used to only support PKCS12 formatted keys). Note that if you use PEM formatted keys you can use PyCrypto 2.6 or later instead of OpenSSL. - Allow deserialized discovery docs to be passed to build_from_document(). - Make ResumableUploadError derive from HttpError. - Many changes to move all the closures in apiclient.discovery into real classes and objects. - Make from_json behavior inheritable. - Expose the full token response in OAuth2Client and OAuth2Decorator. - Handle reasons that are None. - Added support for NDB based storing of oauth2client objects. - Update grant_type for AssertionCredentials. - Adding a .revoke() to Credentials. Closes issue 98. - Modify oauth2client.multistore_file to store and retrieve credentials using an arbitrary key. - Don't accept 403 challenges by default for auth challenges. - Set httplib2.RETRIES to 1. - Consolidate handling of scopes. - Upgrade to httplib2 version 0.8. - Allow setting the response_type in OAuth2WebServerFlow. - Ensure that dataWrapper feature is checked before using the 'data' value. - HMAC verification does not use a constant time algorithm. - Fix description - Update BuildRequires and Requires - Use Source from pypi Changes in python-Pillow: - Add 0019-FLI-overflow-error-fix-and-testcase.patch * From upstream, backported * Fixes CVE-2016-0775, bsc#965582 - Add 0020-Fix-OOB-reads-in-FLI-decoding.patch * From upstream, backported * Fixes CVE-2020-10177, bsc#1173413 - Add 0021-Fix-bounds-overflow-in-JPEG-2000-decoding.patch * From upstream, backported * Fixes CVE-2020-10994, bsc#1173418 - Add 0022-Fix-bounds-overflow-in-PCX-decoding.patch * From upstream, backported * Fixes CVE-2020-10378, bsc#1173416 Changes in rubygem-crowbar-client: - Update to 3.9.3 - Enable restricted commands for Cloud 7 (bsc#1117080, CVE-2018-17954) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2911=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): crowbar-core-4.0+git.1600767499.0615a418f-9.69.3 crowbar-core-branding-upstream-4.0+git.1600767499.0615a418f-9.69.3 python-Pillow-2.8.1-4.17.2 python-Pillow-debuginfo-2.8.1-4.17.2 python-Pillow-debugsource-2.8.1-4.17.2 ruby2.1-rubygem-crowbar-client-3.9.3-7.23.1 - SUSE OpenStack Cloud 7 (noarch): ansible-2.2.3.0-17.2 crowbar-openstack-4.0+git.1599037255.25b759234-9.74.4 grafana-natel-discrete-panel-0.0.9-1.6.5 openstack-aodh-3.0.5~dev2-2.11.2 openstack-aodh-api-3.0.5~dev2-2.11.2 openstack-aodh-doc-3.0.5~dev2-2.11.1 openstack-aodh-evaluator-3.0.5~dev2-2.11.2 openstack-aodh-expirer-3.0.5~dev2-2.11.2 openstack-aodh-listener-3.0.5~dev2-2.11.2 openstack-aodh-notifier-3.0.5~dev2-2.11.2 openstack-barbican-3.0.1~dev9-2.12.4 openstack-barbican-api-3.0.1~dev9-2.12.4 openstack-barbican-doc-3.0.1~dev9-2.12.2 openstack-barbican-keystone-listener-3.0.1~dev9-2.12.4 openstack-barbican-retry-3.0.1~dev9-2.12.4 openstack-barbican-worker-3.0.1~dev9-2.12.4 openstack-cinder-9.1.5~dev6-4.28.1 openstack-cinder-api-9.1.5~dev6-4.28.1 openstack-cinder-backup-9.1.5~dev6-4.28.1 openstack-cinder-doc-9.1.5~dev6-4.28.1 openstack-cinder-scheduler-9.1.5~dev6-4.28.1 openstack-cinder-volume-9.1.5~dev6-4.28.1 openstack-gnocchi-3.0.7~dev1-2.8.2 openstack-gnocchi-api-3.0.7~dev1-2.8.2 openstack-gnocchi-carbonara-3.0.7~dev1-2.8.2 openstack-gnocchi-indexer-sqlalchemy-3.0.7~dev1-2.8.2 openstack-gnocchi-metricd-3.0.7~dev1-2.8.2 openstack-gnocchi-statsd-3.0.7~dev1-2.8.2 openstack-heat-7.0.7~dev10-5.17.3 openstack-heat-api-7.0.7~dev10-5.17.3 openstack-heat-api-cfn-7.0.7~dev10-5.17.3 openstack-heat-api-cloudwatch-7.0.7~dev10-5.17.3 openstack-heat-doc-7.0.7~dev10-5.17.2 openstack-heat-engine-7.0.7~dev10-5.17.3 openstack-heat-plugin-heat_docker-7.0.7~dev10-5.17.3 openstack-heat-test-7.0.7~dev10-5.17.3 openstack-ironic-6.2.5~dev3-2.8.2 openstack-ironic-api-6.2.5~dev3-2.8.2 openstack-ironic-conductor-6.2.5~dev3-2.8.2 openstack-ironic-doc-6.2.5~dev3-2.8.2 openstack-magnum-3.3.2~dev7-14.14.4 openstack-magnum-api-3.3.2~dev7-14.14.4 openstack-magnum-conductor-3.3.2~dev7-14.14.4 openstack-magnum-doc-3.3.2~dev7-14.14.2 openstack-manila-3.0.1~dev30-4.17.2 openstack-manila-api-3.0.1~dev30-4.17.2 openstack-manila-data-3.0.1~dev30-4.17.2 openstack-manila-doc-3.0.1~dev30-4.17.1 openstack-manila-scheduler-3.0.1~dev30-4.17.2 openstack-manila-share-3.0.1~dev30-4.17.2 openstack-monasca-agent-1.10.1~dev4-13.3 openstack-murano-3.0.1~dev21-7.5.3 openstack-murano-api-3.0.1~dev21-7.5.3 openstack-murano-doc-3.0.1~dev21-7.5.1 openstack-murano-engine-3.0.1~dev21-7.5.3 openstack-neutron-9.4.2~dev21-7.43.2 openstack-neutron-dhcp-agent-9.4.2~dev21-7.43.2 openstack-neutron-doc-9.4.2~dev21-7.43.1 openstack-neutron-ha-tool-9.4.2~dev21-7.43.2 openstack-neutron-l3-agent-9.4.2~dev21-7.43.2 openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.43.2 openstack-neutron-macvtap-agent-9.4.2~dev21-7.43.2 openstack-neutron-metadata-agent-9.4.2~dev21-7.43.2 openstack-neutron-metering-agent-9.4.2~dev21-7.43.2 openstack-neutron-openvswitch-agent-9.4.2~dev21-7.43.2 openstack-neutron-server-9.4.2~dev21-7.43.2 openstack-neutron-vpn-agent-9.0.1~dev8-5.8.2 openstack-neutron-vpnaas-9.0.1~dev8-5.8.2 openstack-neutron-vpnaas-doc-9.0.1~dev8-5.8.2 openstack-neutron-vyatta-agent-9.0.1~dev8-5.8.2 openstack-nova-14.0.11~dev13-4.45.3 openstack-nova-api-14.0.11~dev13-4.45.3 openstack-nova-cells-14.0.11~dev13-4.45.3 openstack-nova-cert-14.0.11~dev13-4.45.3 openstack-nova-compute-14.0.11~dev13-4.45.3 openstack-nova-conductor-14.0.11~dev13-4.45.3 openstack-nova-console-14.0.11~dev13-4.45.3 openstack-nova-consoleauth-14.0.11~dev13-4.45.3 openstack-nova-doc-14.0.11~dev13-4.45.2 openstack-nova-novncproxy-14.0.11~dev13-4.45.3 openstack-nova-placement-api-14.0.11~dev13-4.45.3 openstack-nova-scheduler-14.0.11~dev13-4.45.3 openstack-nova-serialproxy-14.0.11~dev13-4.45.3 openstack-nova-vncproxy-14.0.11~dev13-4.45.3 openstack-sahara-5.0.2~dev3-14.3 openstack-sahara-api-5.0.2~dev3-14.3 openstack-sahara-doc-5.0.2~dev3-14.1 openstack-sahara-engine-5.0.2~dev3-14.3 python-aodh-3.0.5~dev2-2.11.2 python-barbican-3.0.1~dev9-2.12.4 python-cinder-9.1.5~dev6-4.28.1 python-gnocchi-3.0.7~dev1-2.8.2 python-heat-7.0.7~dev10-5.17.3 python-ironic-6.2.5~dev3-2.8.2 python-magnum-3.3.2~dev7-14.14.4 python-manila-3.0.1~dev30-4.17.2 python-monasca-agent-1.10.1~dev4-13.3 python-murano-3.0.1~dev21-7.5.3 python-neutron-9.4.2~dev21-7.43.2 python-neutron-vpnaas-9.0.1~dev8-5.8.2 python-nova-14.0.11~dev13-4.45.3 python-sahara-5.0.2~dev3-14.3 - SUSE OpenStack Cloud 7 (x86_64): grafana-6.7.4-1.17.1 References: https://www.suse.com/security/cve/CVE-2016-0775.html https://www.suse.com/security/cve/CVE-2018-17954.html https://www.suse.com/security/cve/CVE-2018-18623.html https://www.suse.com/security/cve/CVE-2018-18624.html https://www.suse.com/security/cve/CVE-2018-18625.html https://www.suse.com/security/cve/CVE-2019-15043.html https://www.suse.com/security/cve/CVE-2020-10177.html https://www.suse.com/security/cve/CVE-2020-10378.html https://www.suse.com/security/cve/CVE-2020-10744.html https://www.suse.com/security/cve/CVE-2020-10994.html https://www.suse.com/security/cve/CVE-2020-11110.html https://www.suse.com/security/cve/CVE-2020-12052.html https://www.suse.com/security/cve/CVE-2020-13379.html https://www.suse.com/security/cve/CVE-2020-1733.html https://www.suse.com/security/cve/CVE-2020-17376.html https://bugzilla.suse.com/1117080 https://bugzilla.suse.com/1154434 https://bugzilla.suse.com/1164140 https://bugzilla.suse.com/1171823 https://bugzilla.suse.com/1172450 https://bugzilla.suse.com/1173413 https://bugzilla.suse.com/1173416 https://bugzilla.suse.com/1173418 https://bugzilla.suse.com/1174583 https://bugzilla.suse.com/1175484 https://bugzilla.suse.com/965582 From sle-security-updates at lists.suse.com Tue Oct 13 14:05:32 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 22:05:32 +0200 (CEST) Subject: SUSE-SU-2020:2908-1: important: Security update for the Linux Kernel Message-ID: <20201013200532.20A72FD12@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2908-1 Rating: important References: #1055186 #1058115 #1065600 #1065729 #1094244 #1152472 #1152489 #1153274 #1154353 #1155518 #1156395 #1167527 #1170774 #1171068 #1171688 #1171742 #1172757 #1173017 #1173115 #1173746 #1174358 #1174899 #1175749 #1175882 #1176019 #1176038 #1176137 #1176235 #1176236 #1176237 #1176242 #1176278 #1176357 #1176358 #1176359 #1176360 #1176361 #1176362 #1176363 #1176364 #1176365 #1176366 #1176367 #1176381 #1176423 #1176449 #1176482 #1176486 #1176507 #1176536 #1176537 #1176538 #1176539 #1176540 #1176541 #1176542 #1176544 #1176545 #1176546 #1176548 #1176558 #1176559 #1176587 #1176659 #1176698 #1176699 #1176700 #1176721 #1176722 #1176725 #1176732 #1176763 #1176775 #1176788 #1176789 #1176833 #1176869 #1176877 #1176925 #1176962 #1176980 #1176990 #1177021 #1177030 Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14385 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-26088 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 75 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14385: Fixed a failure of the file system metadata validator in XFS which could have caused an inode with a valid, user-creatable extended attribute to be flagged as corrupt (bsc#1176137). The following non-security bugs were fixed: - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda: fixup headset for ASUS GX502 laptop (git-fixes). - ALSA: hda: hdmi - add Rocketlake support (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - ALSA: hda/realtek - The Mic on a RedmiBook does not work (git-fixes). - ALSA: hda/tegra: Program WAKEEN register for Tegra (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for UR22C (git-fixes). - ALSA: usb-audio: Disable autosuspend for Lenovo ThinkStation P620 (git-fixes). - arm64: paravirt: Initialize steal time when cpu is online (bsc#1176833). - ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt (git-fixes). - ASoC: img-parallel-out: Fix a reference count leak (git-fixes). - ASoC: meson: axg-toddr: fix channel order on g12 platforms (git-fixes). - ASoC: qcom: common: Fix refcount imbalance on error (git-fixes). - ASoC: qcom: Set card->owner to avoid warnings (git-fixes). - ASoC: SOF: Intel: add PCI ID for CometLake-S (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ata: ahci: use ata_link_info() instead of ata_link_printk() (jsc#SLE-14459). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: Fix own OGM check in aggregated OGMs (git-fixes). - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: Convert pr_ uses to a more typical style (git fixes (block drivers)). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: btrtl: Add support for RTL8761B (bsc#1177021). - bnxt: do not enable NAPI until rings are ready (git-fixes). - bnxt_en: Check for zero dir entries in NVRAM (git-fixes). - bnxt_en: Do not query FW when netif_running() is false (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bnxt_en: fix HWRM error when querying VF temperature (git-fixes). - bnxt_en: Fix PCI AER error recovery flow (git-fixes). - bnxt_en: Fix possible crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix race when modifying pause settings (networking-stable-20_07_29). - bonding: check error value of register_netdevice() immediately (networking-stable-20_07_29). - bonding: check return value of register_netdevice() in bond_newlink() (networking-stable-20_07_29). - bonding: fix a potential double-unregister (git-fixes). - bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1155518). - bpf: map_seq_next should always increase position index (bsc#1155518). - btrfs: add a leak check for roots (bsc#1176019). - btrfs: add __cold attribute to more functions (bsc#1176019). - btrfs: add dedicated members for start and length of a block group (bsc#1176019). - btrfs: Add read_backup_root (bsc#1176019). - btrfs: block-group: Refactor btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: Reuse the item key from caller of read_one_block_group() (bsc#1176019). - btrfs: Cleanup and simplify find_newest_super_backup (bsc#1176019). - btrfs: clear DEAD_RELOC_TREE before dropping the reloc root (bsc#1176019). - btrfs: do not init a reloc root if we are not relocating (bsc#1176019). - btrfs: Do not use objectid_mutex during mount (bsc#1176019). - btrfs: drop block from cache on error in relocation (bsc#1176019). - btrfs: drop create parameter to btrfs_get_extent() (bsc#1176019). - btrfs: drop unused parameter is_new from btrfs_iget (bsc#1176019). - btrfs: export and rename free_fs_info (bsc#1176019). - btrfs: export and use btrfs_read_tree_root for tree-log (bsc#1176019). - btrfs: Factor out tree roots initialization during mount (bsc#1176019). - btrfs: fix setting last_trans for reloc roots (bsc#1176019). - btrfs: free more things in btrfs_free_fs_info (bsc#1176019). - btrfs: free the reloc_control in a consistent way (bsc#1176019). - btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root (bsc#1176019). - btrfs: hold a ref for the root in btrfs_find_orphan_roots (bsc#1176019). - btrfs: hold a ref on fs roots while they're in the radix tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_check_uuid_tree_entry (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_send (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_log_trees (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_relocation (bsc#1176019). - btrfs: hold a ref on the root in __btrfs_run_defrag_inode (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree_user (bsc#1176019). - btrfs: hold a ref on the root in build_backref_tree (bsc#1176019). - btrfs: hold a ref on the root in create_pending_snapshot (bsc#1176019). - btrfs: hold a ref on the root in create_reloc_inode (bsc#1176019). - btrfs: hold a ref on the root in create_subvol (bsc#1176019). - btrfs: hold a ref on the root in find_data_references (bsc#1176019). - btrfs: hold a ref on the root in fixup_tree_root_location (bsc#1176019). - btrfs: hold a ref on the root in get_subvol_name_from_objectid (bsc#1176019). - btrfs: hold a ref on the root in merge_reloc_roots (bsc#1176019). - btrfs: hold a ref on the root in open_ctree (bsc#1176019). - btrfs: hold a ref on the root in prepare_to_merge (bsc#1176019). - btrfs: hold a ref on the root in record_reloc_root_in_trans (bsc#1176019). - btrfs: hold a ref on the root in resolve_indirect_ref (bsc#1176019). - btrfs: hold a ref on the root in scrub_print_warning_inode (bsc#1176019). - btrfs: hold a ref on the root in search_ioctl (bsc#1176019). - btrfs: hold a ref on the root->reloc_root (bsc#1176019). - btrfs: hold a root ref in btrfs_get_dentry (bsc#1176019). - btrfs: hold ref on root in btrfs_ioctl_default_subvol (bsc#1176019). - btrfs: implement full reflink support for inline extents (bsc#1176019). - btrfs: make btrfs_find_orphan_roots use btrfs_get_fs_root (bsc#1176019). - btrfs: make relocation use btrfs_read_tree_root() (bsc#1176019). - btrfs: make the fs root init functions static (bsc#1176019). - btrfs: make the init of static elements in fs_info separate (bsc#1176019). - btrfs: move all reflink implementation code into its own file (bsc#1176019). - btrfs: move block_group_item::flags to block group (bsc#1176019). - btrfs: move block_group_item::used to block group (bsc#1176019). - btrfs: move fs_info init work into it's own helper function (bsc#1176019). - btrfs: move fs root init stuff into btrfs_init_fs_root (bsc#1176019). - btrfs: open code btrfs_read_fs_root_no_name (bsc#1176019). - btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root (bsc#1176019). - btrfs: push grab_fs_root into read_fs_root (bsc#1176019). - btrfs: push __setup_root into btrfs_alloc_root (bsc#1176019). - btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1176019). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1176019). - btrfs: Remove block_rsv parameter from btrfs_drop_snapshot (bsc#1176019). - btrfs: remove btrfs_read_fs_root, not used anymore (bsc#1176019). - btrfs: remove embedded block_group_cache::item (bsc#1176019). - btrfs: Remove newest_gen argument from find_oldest_super_backup (bsc#1176019). - btrfs: Remove unused next_root_backup function (bsc#1176019). - btrfs: rename block_group_item on-stack accessors to follow naming (bsc#1176019). - btrfs: rename btrfs_block_group_cache (bsc#1176019). - btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root (bsc#1176019). - btrfs: rename extent buffer block group item accessors (bsc#1176019). - btrfs: Rename find_oldest_super_backup to init_backup_root_slot (bsc#1176019). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: reset tree root pointer after error in init_tree_roots (bsc#1176019). - btrfs: simplify inline extent handling when doing reflinks (bsc#1176019). - btrfs: stop clearing EXTENT_DIRTY in inode I/O tree (bsc#1176019). - btrfs: Streamline btrfs_fs_info::backup_root_index semantics (bsc#1176019). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - btrfs: unset reloc control if we fail to recover (bsc#1176019). - btrfs: use bool argument in free_root_pointers() (bsc#1176019). - btrfs: use btrfs_block_group_cache_done in update_block_group (bsc#1176019). - btrfs: use btrfs_put_fs_root to free roots always (bsc#1176019). - ceph: do not allow setlease on cephfs (bsc#1176537). - ceph: fix potential mdsc use-after-free crash (bsc#1176538). - ceph: fix use-after-free for fsc->mdsc (bsc#1176539). - ceph: handle zero-length feature mask in session messages (bsc#1176540). - ceph: set sec_context xattr on symlink creation (bsc#1176541). - ceph: use frag's MDS in either mode (bsc#1176542). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: davinci: Use the correct size when allocating memory (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - cxgb4: fix thermal zone device registration (git-fixes). - debugfs: Fix module state check condition (bsc#1173746). - debugfs: Fix module state check condition (git-fixes). - dev: Defer free of skbs in flush_backlog (networking-stable-20_07_29). - dmaengine: acpi: Put the CSRT table after using it (git-fixes). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: dw-edma: Fix scatter-gather address calculation (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dm: do not call report zones for more than the user requested (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (networking-stable-20_08_08). - driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (bsc#1176486 ltc#188130). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - Drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amd/display: Switch to immediate mode for updating infopackets (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu/gfx10: refine mgcg setting (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct the thermal alert temperature limit settings (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega20 swctf limit setting (git-fixes). - drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading (git-fixes). - drm/amd/powerplay: correct Vega20 cached smu feature state (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1152472) * context changes - drm/mgag200: Remove declaration of mgag200_mmap() from header file (bsc#1152472) * context changes - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/sched: Fix passing zero to 'PTR_ERR' warning v2 (git-fixes). - drm/sun4i: add missing put_device() call in (bsc#1152472) - drm/sun4i: backend: Disable alpha on the lowest plane on the A20 (bsc#1152472) - drm/sun4i: backend: Support alpha property on lowest plane (bsc#1152472) - drm/sun4i: Fix dsi dcs long write function (bsc#1152472) - drm/virtio: fix missing dma_fence_put() in (bsc#1152489) * context changes - EDAC/amd64: Add AMD family 17h model 60h PCI IDs (bsc#1152489). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1152489). - EDAC: Fix reference count leaks (bsc#1152489). - enetc: Remove the mdio bus on PF probe bailout (networking-stable-20_07_29). - epoll: atomically remove wait entry on wake up (bsc#1176236). - epoll: call final ep_events_available() check under the lock (bsc#1176237). - fbcon: prevent user font height or width change from causing potential out-of-bounds access (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - HID: core: Add printk_once variants to hid_warn() etc (bsc#1176775). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: core: fix dmesg flooding if report field larger than 32bit (bsc#1176775). - HID: core: reformat and reduce hid_printk macros (bsc#1176775). - HID: core: Sanitize event code and type when mapping input (git-fixes). - HID: elan: Fix memleak in elan_input_configured (git-fixes). - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands (git-fixes). - HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller (git-fixes). - HID: quirks: add NOGET quirk for Logitech GROUP (git-fixes). - HID: quirks: Always poll three more Lenovo PixArt mice (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK (git-fixes). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:accel:mma8452: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio:adc:ti-adc084s021 Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio:chemical:ccs811: Fix timestamp alignment and prevent data leak (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - iio:proximity:mb1232: Fix timestamp alignment and prevent data leak (git-fixes). - include/asm-generic/vmlinux.lds.h: align ro_after_init (git-fixes). - include/linux/bitops.h: avoid clang shift-count-overflow warnings (git-fixes). - include/linux/poison.h: remove obsolete comment (git-fixes). - initramfs: remove clean_rootfs (git-fixes). - initramfs: remove the populate_initrd_image and clean_rootfs stubs (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - iommu/amd: Do not force direct mapping when SME is active (bsc#1174358). - iommu/amd: Do not use IOMMUv2 functionality when SME is active (bsc#1174358). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176357). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176358). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176359). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176360). - iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361). - iommu/vt-d: Handle 36bit addressing for x86-32 (bsc#1176362). - iommu/vt-d: Handle non-page aligned address (bsc#1176367). - iommu/vt-d: Remove global page support in devTLB flush (bsc#1176363). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176364). - iommu/vt-d: Support flushing more translation cache types (bsc#1176365). - ipv4: Silence suspicious RCU usage warning (networking-stable-20_08_08). - ipv6: fix memory leaks on IPV6_ADDRFORM path (networking-stable-20_08_08). - ipv6: Fix nexthop refcnt leak when creating ipv6 route info (networking-stable-20_08_08). - irqdomain/treewide: Free firmware node after domain removal (git-fixes). - irqdomain/treewide: Keep firmware node unconditionally allocated (git-fixes). - kABI: net: dsa: microchip: call phy_remove_link_mode during probe (kabi). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks (jsc#SLE-14459). - libbpf: Fix readelf output parsing for Fedora (bsc#1155518). - libbpf: Fix readelf output parsing on powerpc with recent binutils (bsc#1155518). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: cedrus: Add missing v4l2_ctrl_request_hdl_put() (git-fixes). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: gpio-ir-tx: improve precision of transmitted signal due to scheduling (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mlx4: disable device on shutdown (git-fixes). - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (networking-stable-20_07_29). - mmc: sdhci-acpi: Clear amd_sdhci_host on reset (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-of-esdhc: Do not walk device-tree on every interrupt (git-fixes). - mmc: sdio: Use mmc_pre_req() / mmc_post_req() (git-fixes). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/pgalloc)). - mm/page_alloc: silence a KASAN false positive (git fixes (mm/pgalloc)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/shuffle: do not move pages between zones and do not read garbage memmaps (git fixes (mm/pgalloc)). - mm/sparse: rename pfn_present() to pfn_in_present_section() (git fixes (mm/pgalloc)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration (networking-stable-20_07_29). - net: dsa: microchip: call phy_remove_link_mode during probe (networking-stable-20_07_29). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix MTU warnings (networking-stable-20_08_08). - netfilter: ipset: Fix forceadd evaluation path (bsc#1176587). - net: Fix potential memory leak in proto_register() (networking-stable-20_08_15). - net: gre: recompute gre csum for sctp over gre tunnels (networking-stable-20_08_08). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net: sched: initialize with 0 before setting erspan md->u (bsc#1154353). - net: Set fput_needed iff FDPUT_FPUT is set (networking-stable-20_08_15). - net/smc: put slot when connection is killed (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (networking-stable-20_08_08). - net/tls: Fix kmap usage (networking-stable-20_08_15). - net: udp: Fix wrong clean up for IS_UDPLITE macro (networking-stable-20_07_29). - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (networking-stable-20_08_08). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - platform/x86: dcdbas: Check SMBIOS for protected buffer address (jsc#SLE-14407). - powerpc/64: mark emergency stacks valid to unwind (bsc#1156395). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: machine check interrupt update NMI accounting (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc: Do not flush caches when adding memory (bsc#1176980 ltc#187962). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm/radix: Create separate mappings for hot-plugged memory (bsc#1055186 ltc#153436). - powerpc/mm/radix: Fix PTE/PMD fragment count for early page table mappings (bsc#1055186 ltc#153436). - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1055186 ltc#153436). - powerpc/mm/radix: Remove split_kernel_mapping() (bsc#1055186 ltc#153436). - powerpc/numa: Early request for home node associativity (bsc#1171068 ltc#183935). - powerpc/numa: Offline memoryless cpuless node 0 (bsc#1171068 ltc#183935). - powerpc/numa: Prefer node id queried from vphn (bsc#1171068 ltc#183935). - powerpc/numa: Set numa_node for all possible cpus (bsc#1171068 ltc#183935). - powerpc/numa: Use cpu node map of first sibling thread (bsc#1171068 ltc#183935). - powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute (bsc#1176486 ltc#188130). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - qrtr: orphan socket in qrtr_release() (networking-stable-20_07_29). - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1173017). - RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017). - RDMA/bnxt_re: Remove set but not used variable 'qplib_ctx' (bsc#1170774). - RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds (bsc#1170774). - RDMA/bnxt_re: Restrict the max_gids to 256 (bsc#1173017). - RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774). - RDMA/mlx4: Read pkey table length instead of hardcoded value (git-fixes). - RDMA/siw: Suppress uninitialized var warning (jsc#SLE-8381). - Remove patch causing regression (bsc#1094244 ltc#168122). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-binary.spec.in: pack .ipa-clones files for live patching When -fdump-ipa-clones option is enabled, GCC reports about its cloning operation during IPA optimizations. We use the information for live patches preparation, because it is crucial to know if and how functions are optimized. Currently, we create the needed .ipa-clones dump files manually. It is unnecessary, because the files may be created automatically during our kernel build. Prepare for the step and provide the resulting files in -livepatch-devel package. - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, "--ca-check" is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The "-c" option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390: Change s390_kernel_write() return type to match memcpy() (bsc#1176449). Prerequisite for bsc#1176449. - s390/dasd: fix inability to use DASD with DIAG driver (git-fixes). - s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig (git-fixes). - s390/maccess: add no DAT mode to kernel_write (bsc#1176449). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - s390/setup: init jump labels before command line parsing (git-fixes). - sbitmap: Consider cleared bits in sbitmap_bitmap_show() (git fixes (block drivers)). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - scsi: zfcp: Fix use-after-free in request timeout handlers (git-fixes). - sctp: shrink stream outq only when new outcnt < old outcnt (networking-stable-20_07_29). - sctp: shrink stream outq when fails to do addstream reconf (networking-stable-20_07_29). - selftests/net: relax cpu affinity requirement in msg_zerocopy test (networking-stable-20_08_08). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - soundwire: fix double free of dangling pointer (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: stm32: always perform registers configuration prior to transfer (git-fixes). - spi: stm32: clear only asserted irq flags on interrupt (git-fixes). - spi: stm32: fix fifo threshold level in case of short transfer (git-fixes). - spi: stm32: fix pm_runtime_get_sync() error checking (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate (git-fixes). - spi: stm32h7: fix race condition at end of transfer (git-fixes). - taprio: Fix using wrong queues in gate mask (bsc#1154353). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - tcp: correct read of TFO keys on big endian systems (networking-stable-20_08_15). - test_kmod: avoid potential double free in trigger_config_run_type() (git-fixes). - tg3: Fix soft lockup when tg3_reset_task() fails (git-fixes). - thermal: qcom-spmi-temp-alarm: Do not suppress negative temp (git-fixes). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tracing: fix double free (git-fixes). - Update patches.suse/btrfs-add-dedicated-members-for-start-and-length-of-.patch (bsc#1176019). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: typec: ucsi: Prevent mode overrun (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vfio-pci: Avoid recursive read-lock usage (bsc#1176366). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer (networking-stable-20_07_29). - vt: defer kfree() of vc_screenbuf in vc_do_resize() (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (networking-stable-20_08_08). - wireguard: noise: take lock when removing handshake entry from table (git-fixes). - wireguard: peerlookup: take lock before checking hash in replace operation (git-fixes). - workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs (bsc#1176763). - x86/hotplug: Silence APIC only after all interrupts are migrated (git-fixes). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1152489). - x86, sched: Bail out of frequency invariance if turbo_freq/base_freq gives 0 (bsc#1176925). - x86, sched: Bail out of frequency invariance if turbo frequency is unknown (bsc#1176925). - x86, sched: check for counters overflow in frequency invariant accounting (bsc#1176925). - x86/stacktrace: Fix reliable check for empty user task stacks (bsc#1058115). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen: do not reschedule in preemption off sections (bsc#1175749). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2908=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.21.1 kernel-source-azure-5.3.18-18.21.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.21.1 kernel-azure-debuginfo-5.3.18-18.21.1 kernel-azure-debugsource-5.3.18-18.21.1 kernel-azure-devel-5.3.18-18.21.1 kernel-azure-devel-debuginfo-5.3.18-18.21.1 kernel-syms-azure-5.3.18-18.21.1 References: https://www.suse.com/security/cve/CVE-2020-0404.html https://www.suse.com/security/cve/CVE-2020-0427.html https://www.suse.com/security/cve/CVE-2020-0431.html https://www.suse.com/security/cve/CVE-2020-0432.html https://www.suse.com/security/cve/CVE-2020-14385.html https://www.suse.com/security/cve/CVE-2020-14390.html https://www.suse.com/security/cve/CVE-2020-25212.html https://www.suse.com/security/cve/CVE-2020-25284.html https://www.suse.com/security/cve/CVE-2020-26088.html https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1167527 https://bugzilla.suse.com/1170774 https://bugzilla.suse.com/1171068 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171742 https://bugzilla.suse.com/1172757 https://bugzilla.suse.com/1173017 https://bugzilla.suse.com/1173115 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1174358 https://bugzilla.suse.com/1174899 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1175882 https://bugzilla.suse.com/1176019 https://bugzilla.suse.com/1176038 https://bugzilla.suse.com/1176137 https://bugzilla.suse.com/1176235 https://bugzilla.suse.com/1176236 https://bugzilla.suse.com/1176237 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176278 https://bugzilla.suse.com/1176357 https://bugzilla.suse.com/1176358 https://bugzilla.suse.com/1176359 https://bugzilla.suse.com/1176360 https://bugzilla.suse.com/1176361 https://bugzilla.suse.com/1176362 https://bugzilla.suse.com/1176363 https://bugzilla.suse.com/1176364 https://bugzilla.suse.com/1176365 https://bugzilla.suse.com/1176366 https://bugzilla.suse.com/1176367 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176423 https://bugzilla.suse.com/1176449 https://bugzilla.suse.com/1176482 https://bugzilla.suse.com/1176486 https://bugzilla.suse.com/1176507 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176537 https://bugzilla.suse.com/1176538 https://bugzilla.suse.com/1176539 https://bugzilla.suse.com/1176540 https://bugzilla.suse.com/1176541 https://bugzilla.suse.com/1176542 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176558 https://bugzilla.suse.com/1176559 https://bugzilla.suse.com/1176587 https://bugzilla.suse.com/1176659 https://bugzilla.suse.com/1176698 https://bugzilla.suse.com/1176699 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176721 https://bugzilla.suse.com/1176722 https://bugzilla.suse.com/1176725 https://bugzilla.suse.com/1176732 https://bugzilla.suse.com/1176763 https://bugzilla.suse.com/1176775 https://bugzilla.suse.com/1176788 https://bugzilla.suse.com/1176789 https://bugzilla.suse.com/1176833 https://bugzilla.suse.com/1176869 https://bugzilla.suse.com/1176877 https://bugzilla.suse.com/1176925 https://bugzilla.suse.com/1176962 https://bugzilla.suse.com/1176980 https://bugzilla.suse.com/1176990 https://bugzilla.suse.com/1177021 https://bugzilla.suse.com/1177030 From sle-security-updates at lists.suse.com Tue Oct 13 14:14:51 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 22:14:51 +0200 (CEST) Subject: SUSE-SU-2020:2914-1: moderate: Security update for bind Message-ID: <20201013201451.DBBE6FD11@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2914-1 Rating: moderate References: #1100369 #1109160 #1118367 #1118368 #1128220 #1156205 #1157051 #1161168 #1170667 #1170713 #1171313 #1171740 #1172958 #1173307 #1173311 #1173983 #1175443 #1176092 #1176674 #906079 ECO-1402 Cross-References: CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves 12 vulnerabilities, contains one feature and has 8 fixes is now available. Description: This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: "update-policy" rules of type "subdomain" were incorrectly treated as "zonesub" rules, which allowed keys used in "subdomain" rules to update names outside of the specified subdomains. The problem was fixed by making sure "subdomain" rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of "max-stale-ttl" has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The "primary" and "secondary" keywords, when used as parameters for "check-names", were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the "named" group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added "/etc/bind.keys" to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed "-r /dev/urandom" from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2914=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2914=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2914=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2914=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2914=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2914=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2914=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2914=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2914=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): bind-9.16.6-12.32.1 bind-chrootenv-9.16.6-12.32.1 bind-debuginfo-9.16.6-12.32.1 bind-debugsource-9.16.6-12.32.1 bind-devel-9.16.6-12.32.1 bind-utils-9.16.6-12.32.1 bind-utils-debuginfo-9.16.6-12.32.1 libbind9-1600-9.16.6-12.32.1 libbind9-1600-debuginfo-9.16.6-12.32.1 libdns1605-9.16.6-12.32.1 libdns1605-debuginfo-9.16.6-12.32.1 libirs-devel-9.16.6-12.32.1 libirs1601-9.16.6-12.32.1 libirs1601-debuginfo-9.16.6-12.32.1 libisc1606-9.16.6-12.32.1 libisc1606-debuginfo-9.16.6-12.32.1 libisccc1600-9.16.6-12.32.1 libisccc1600-debuginfo-9.16.6-12.32.1 libisccfg1600-9.16.6-12.32.1 libisccfg1600-debuginfo-9.16.6-12.32.1 libns1604-9.16.6-12.32.1 libns1604-debuginfo-9.16.6-12.32.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): bind-doc-9.16.6-12.32.1 python3-bind-9.16.6-12.32.1 sysuser-shadow-2.0-4.2.8 sysuser-tools-2.0-4.2.8 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): bind-9.16.6-12.32.1 bind-chrootenv-9.16.6-12.32.1 bind-debuginfo-9.16.6-12.32.1 bind-debugsource-9.16.6-12.32.1 bind-devel-9.16.6-12.32.1 bind-utils-9.16.6-12.32.1 bind-utils-debuginfo-9.16.6-12.32.1 libbind9-1600-9.16.6-12.32.1 libbind9-1600-debuginfo-9.16.6-12.32.1 libdns1605-9.16.6-12.32.1 libdns1605-debuginfo-9.16.6-12.32.1 libirs-devel-9.16.6-12.32.1 libirs1601-9.16.6-12.32.1 libirs1601-debuginfo-9.16.6-12.32.1 libisc1606-9.16.6-12.32.1 libisc1606-debuginfo-9.16.6-12.32.1 libisccc1600-9.16.6-12.32.1 libisccc1600-debuginfo-9.16.6-12.32.1 libisccfg1600-9.16.6-12.32.1 libisccfg1600-debuginfo-9.16.6-12.32.1 libns1604-9.16.6-12.32.1 libns1604-debuginfo-9.16.6-12.32.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): bind-doc-9.16.6-12.32.1 python3-bind-9.16.6-12.32.1 sysuser-shadow-2.0-4.2.8 sysuser-tools-2.0-4.2.8 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): bind-9.16.6-12.32.1 bind-chrootenv-9.16.6-12.32.1 bind-debuginfo-9.16.6-12.32.1 bind-debugsource-9.16.6-12.32.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): bind-doc-9.16.6-12.32.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): bind-9.16.6-12.32.1 bind-chrootenv-9.16.6-12.32.1 bind-debuginfo-9.16.6-12.32.1 bind-debugsource-9.16.6-12.32.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): bind-doc-9.16.6-12.32.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): sysuser-tools-2.0-4.2.8 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.6-12.32.1 bind-debugsource-9.16.6-12.32.1 bind-devel-9.16.6-12.32.1 bind-utils-9.16.6-12.32.1 bind-utils-debuginfo-9.16.6-12.32.1 libbind9-1600-9.16.6-12.32.1 libbind9-1600-debuginfo-9.16.6-12.32.1 libdns1605-9.16.6-12.32.1 libdns1605-debuginfo-9.16.6-12.32.1 libirs-devel-9.16.6-12.32.1 libirs1601-9.16.6-12.32.1 libirs1601-debuginfo-9.16.6-12.32.1 libisc1606-9.16.6-12.32.1 libisc1606-debuginfo-9.16.6-12.32.1 libisccc1600-9.16.6-12.32.1 libisccc1600-debuginfo-9.16.6-12.32.1 libisccfg1600-9.16.6-12.32.1 libisccfg1600-debuginfo-9.16.6-12.32.1 libns1604-9.16.6-12.32.1 libns1604-debuginfo-9.16.6-12.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-bind-9.16.6-12.32.1 sysuser-shadow-2.0-4.2.8 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.6-12.32.1 bind-debugsource-9.16.6-12.32.1 bind-devel-9.16.6-12.32.1 bind-utils-9.16.6-12.32.1 bind-utils-debuginfo-9.16.6-12.32.1 libbind9-1600-9.16.6-12.32.1 libbind9-1600-debuginfo-9.16.6-12.32.1 libdns1605-9.16.6-12.32.1 libdns1605-debuginfo-9.16.6-12.32.1 libirs-devel-9.16.6-12.32.1 libirs1601-9.16.6-12.32.1 libirs1601-debuginfo-9.16.6-12.32.1 libisc1606-9.16.6-12.32.1 libisc1606-debuginfo-9.16.6-12.32.1 libisccc1600-9.16.6-12.32.1 libisccc1600-debuginfo-9.16.6-12.32.1 libisccfg1600-9.16.6-12.32.1 libisccfg1600-debuginfo-9.16.6-12.32.1 libns1604-9.16.6-12.32.1 libns1604-debuginfo-9.16.6-12.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-bind-9.16.6-12.32.1 sysuser-shadow-2.0-4.2.8 sysuser-tools-2.0-4.2.8 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): bind-9.16.6-12.32.1 bind-chrootenv-9.16.6-12.32.1 bind-debuginfo-9.16.6-12.32.1 bind-debugsource-9.16.6-12.32.1 bind-devel-9.16.6-12.32.1 bind-utils-9.16.6-12.32.1 bind-utils-debuginfo-9.16.6-12.32.1 libbind9-1600-9.16.6-12.32.1 libbind9-1600-debuginfo-9.16.6-12.32.1 libdns1605-9.16.6-12.32.1 libdns1605-debuginfo-9.16.6-12.32.1 libirs-devel-9.16.6-12.32.1 libirs1601-9.16.6-12.32.1 libirs1601-debuginfo-9.16.6-12.32.1 libisc1606-9.16.6-12.32.1 libisc1606-debuginfo-9.16.6-12.32.1 libisccc1600-9.16.6-12.32.1 libisccc1600-debuginfo-9.16.6-12.32.1 libisccfg1600-9.16.6-12.32.1 libisccfg1600-debuginfo-9.16.6-12.32.1 libns1604-9.16.6-12.32.1 libns1604-debuginfo-9.16.6-12.32.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): bind-doc-9.16.6-12.32.1 python3-bind-9.16.6-12.32.1 sysuser-shadow-2.0-4.2.8 sysuser-tools-2.0-4.2.8 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): bind-9.16.6-12.32.1 bind-chrootenv-9.16.6-12.32.1 bind-debuginfo-9.16.6-12.32.1 bind-debugsource-9.16.6-12.32.1 bind-devel-9.16.6-12.32.1 bind-utils-9.16.6-12.32.1 bind-utils-debuginfo-9.16.6-12.32.1 libbind9-1600-9.16.6-12.32.1 libbind9-1600-debuginfo-9.16.6-12.32.1 libdns1605-9.16.6-12.32.1 libdns1605-debuginfo-9.16.6-12.32.1 libirs-devel-9.16.6-12.32.1 libirs1601-9.16.6-12.32.1 libirs1601-debuginfo-9.16.6-12.32.1 libisc1606-9.16.6-12.32.1 libisc1606-debuginfo-9.16.6-12.32.1 libisccc1600-9.16.6-12.32.1 libisccc1600-debuginfo-9.16.6-12.32.1 libisccfg1600-9.16.6-12.32.1 libisccfg1600-debuginfo-9.16.6-12.32.1 libns1604-9.16.6-12.32.1 libns1604-debuginfo-9.16.6-12.32.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): bind-doc-9.16.6-12.32.1 python3-bind-9.16.6-12.32.1 sysuser-shadow-2.0-4.2.8 sysuser-tools-2.0-4.2.8 References: https://www.suse.com/security/cve/CVE-2017-3136.html https://www.suse.com/security/cve/CVE-2018-5741.html https://www.suse.com/security/cve/CVE-2019-6477.html https://www.suse.com/security/cve/CVE-2020-8616.html https://www.suse.com/security/cve/CVE-2020-8617.html https://www.suse.com/security/cve/CVE-2020-8618.html https://www.suse.com/security/cve/CVE-2020-8619.html https://www.suse.com/security/cve/CVE-2020-8620.html https://www.suse.com/security/cve/CVE-2020-8621.html https://www.suse.com/security/cve/CVE-2020-8622.html https://www.suse.com/security/cve/CVE-2020-8623.html https://www.suse.com/security/cve/CVE-2020-8624.html https://bugzilla.suse.com/1100369 https://bugzilla.suse.com/1109160 https://bugzilla.suse.com/1118367 https://bugzilla.suse.com/1118368 https://bugzilla.suse.com/1128220 https://bugzilla.suse.com/1156205 https://bugzilla.suse.com/1157051 https://bugzilla.suse.com/1161168 https://bugzilla.suse.com/1170667 https://bugzilla.suse.com/1170713 https://bugzilla.suse.com/1171313 https://bugzilla.suse.com/1171740 https://bugzilla.suse.com/1172958 https://bugzilla.suse.com/1173307 https://bugzilla.suse.com/1173311 https://bugzilla.suse.com/1173983 https://bugzilla.suse.com/1175443 https://bugzilla.suse.com/1176092 https://bugzilla.suse.com/1176674 https://bugzilla.suse.com/906079 From sle-security-updates at lists.suse.com Tue Oct 13 14:17:38 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Oct 2020 22:17:38 +0200 (CEST) Subject: SUSE-SU-2020:2906-1: important: Security update for the Linux Kernel Message-ID: <20201013201738.A26EFFD11@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2906-1 Rating: important References: #1055186 #1065600 #1065729 #1094244 #1112178 #1113956 #1154366 #1167527 #1169972 #1171688 #1171742 #1173115 #1174899 #1175228 #1175749 #1175882 #1176011 #1176022 #1176038 #1176235 #1176242 #1176278 #1176316 #1176317 #1176318 #1176319 #1176320 #1176321 #1176381 #1176423 #1176482 #1176507 #1176536 #1176544 #1176545 #1176546 #1176548 #1176659 #1176698 #1176699 #1176700 #1176721 #1176722 #1176725 #1176732 #1176788 #1176789 #1176869 #1176877 #1176935 #1176950 #1176962 #1176966 #1176990 #1177030 #1177041 #1177042 #1177043 #1177044 #1177121 #1177206 #1177291 #1177293 #1177294 #1177295 #1177296 Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14381 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-25641 CVE-2020-25643 CVE-2020-26088 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 55 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow (bsc#1177206). - CVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084). - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084). - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: Convert pr_ uses to a more typical style (git fixes (block drivers)). - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)). - bcm63xx_enet: correct clock usage (git-fixes). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - ceph: do not allow setlease on cephfs (bsc#1177041). - ceph: fix potential mdsc use-after-free crash (bsc#1177042). - ceph: fix use-after-free for fsc->mdsc (bsc#1177043). - ceph: handle zero-length feature mask in session messages (bsc#1177044). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: Add (devm_)clk_get_optional() functions (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dm crypt: avoid truncating the logical block size (git fixes (block drivers)). - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm: report suspended device during destroy (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm: use noio when sending kobject event (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - Drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes - drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes). - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/radeon: revert "Prefer lower feedback dividers" (git-fixes). - drm/sun4i: Fix dsi dcs long write function (git-fixes). - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes). - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - fbcon: prevent user font height or width change from causing (bsc#1112178) * move from drivers/video/fbdev/fbcon to drivers/video/console * context changes - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950). - ftrace: Move RCU is watching check after recursion check (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes). - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes). - gtp: fix use-after-free in gtp_newlink() (git-fixes). - Hide e21a4f3a930c as of its duplication - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - hwmon: (applesmc) check status earlier (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - include: add additional sizes (bsc#1094244 ltc#168122). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293). - iommu/amd: Fix potential @entry null deref (bsc#1177294). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084). - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084). - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084). - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084). - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084). - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084). - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084). - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084). - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084). - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084). - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084). - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084). - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084). - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084). - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084). - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084). - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084). - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084). - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084). - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084). - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084). - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084). - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084). - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084). - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084). - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084). - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084). - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084). - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084). - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084). - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084). - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084). - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178). - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321). - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084). - libceph: allow setting abort_on_full for rbd (bsc#1169972). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)). - mac802154: tx: fix use-after-free (git-fixes). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)). - mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: lpddr: Fix a double free in probe() (git-fixes). - mtd: phram: fix a double free issue in error path (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes). - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes). - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes). - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes). - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes). - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes). - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes). - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes). - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes). - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: fs_enet: do not call phy_stop() in interrupts (git-fixes). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes). - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08). - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes). - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes). - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes). - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes). - net: mvneta: fix mtu change on port without link (git-fixes). - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: qca_spi: Avoid packet drop during initial sync (git-fixes). - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: improve close of terminated socket (git-fixes). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: tolerate future SMCD versions (git-fixes). - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes). - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes). - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes). - net: stmmac: dwmac4: fix flow control issue (git-fixes). - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes). - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes). - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes). - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes). - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes). - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes). - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes). - net: stmmac: set MSS for each tx DMA channel (git-fixes). - net: stmmac: Use correct values in TQS/RQS fields (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes). - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes). - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes). - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - PCI/ASPM: Allow re-enabling Clock PM (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122). - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122). - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122). - powerpc/64s: Include header file to fix a warning (bsc#1094244 ltc#168122). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122). - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208). - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436). - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122). - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, "--ca-check" is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The "-c" option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtc: ds1374: fix possible race condition (git-fixes). - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: free response frame from GPN_ID (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08). - usblp: fix race between disconnect() and read() (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes). - USB: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vgacon: remove software scrollback support (bsc#1176278). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vrf: prevent adding upper devices (git-fixes). - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2906=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): kernel-devel-azure-4.12.14-8.47.1 kernel-source-azure-4.12.14-8.47.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): kernel-azure-4.12.14-8.47.1 kernel-azure-base-4.12.14-8.47.1 kernel-azure-base-debuginfo-4.12.14-8.47.1 kernel-azure-debuginfo-4.12.14-8.47.1 kernel-azure-devel-4.12.14-8.47.1 kernel-syms-azure-4.12.14-8.47.1 References: https://www.suse.com/security/cve/CVE-2020-0404.html https://www.suse.com/security/cve/CVE-2020-0427.html https://www.suse.com/security/cve/CVE-2020-0431.html https://www.suse.com/security/cve/CVE-2020-0432.html https://www.suse.com/security/cve/CVE-2020-14381.html https://www.suse.com/security/cve/CVE-2020-14390.html https://www.suse.com/security/cve/CVE-2020-25212.html https://www.suse.com/security/cve/CVE-2020-25284.html https://www.suse.com/security/cve/CVE-2020-25641.html https://www.suse.com/security/cve/CVE-2020-25643.html https://www.suse.com/security/cve/CVE-2020-26088.html https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1154366 https://bugzilla.suse.com/1167527 https://bugzilla.suse.com/1169972 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171742 https://bugzilla.suse.com/1173115 https://bugzilla.suse.com/1174899 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1175882 https://bugzilla.suse.com/1176011 https://bugzilla.suse.com/1176022 https://bugzilla.suse.com/1176038 https://bugzilla.suse.com/1176235 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176278 https://bugzilla.suse.com/1176316 https://bugzilla.suse.com/1176317 https://bugzilla.suse.com/1176318 https://bugzilla.suse.com/1176319 https://bugzilla.suse.com/1176320 https://bugzilla.suse.com/1176321 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176423 https://bugzilla.suse.com/1176482 https://bugzilla.suse.com/1176507 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176659 https://bugzilla.suse.com/1176698 https://bugzilla.suse.com/1176699 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176721 https://bugzilla.suse.com/1176722 https://bugzilla.suse.com/1176725 https://bugzilla.suse.com/1176732 https://bugzilla.suse.com/1176788 https://bugzilla.suse.com/1176789 https://bugzilla.suse.com/1176869 https://bugzilla.suse.com/1176877 https://bugzilla.suse.com/1176935 https://bugzilla.suse.com/1176950 https://bugzilla.suse.com/1176962 https://bugzilla.suse.com/1176966 https://bugzilla.suse.com/1176990 https://bugzilla.suse.com/1177030 https://bugzilla.suse.com/1177041 https://bugzilla.suse.com/1177042 https://bugzilla.suse.com/1177043 https://bugzilla.suse.com/1177044 https://bugzilla.suse.com/1177121 https://bugzilla.suse.com/1177206 https://bugzilla.suse.com/1177291 https://bugzilla.suse.com/1177293 https://bugzilla.suse.com/1177294 https://bugzilla.suse.com/1177295 https://bugzilla.suse.com/1177296 From sle-security-updates at lists.suse.com Wed Oct 14 00:39:41 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 14 Oct 2020 08:39:41 +0200 (CEST) Subject: SUSE-CU-2020:518-1: Security update of suse/sle15 Message-ID: <20201014063941.A34B1FD14@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:518-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.280 Container Release : 4.22.280 Severity : important Type : security References : 1100369 1109160 1118367 1118368 1128220 1156205 1157051 1161168 1170667 1170713 1171313 1171740 1172958 1173307 1173311 1173983 1175443 1176092 1176410 1176674 1177143 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-25219 CVE-2020-26154 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Wed Oct 14 00:50:22 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 14 Oct 2020 08:50:22 +0200 (CEST) Subject: SUSE-CU-2020:519-1: Security update of suse/sle15 Message-ID: <20201014065022.ABFAFFD14@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:519-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.324 Container Release : 6.2.324 Severity : important Type : security References : 1100369 1109160 1118367 1118368 1128220 1156205 1157051 1161168 1170667 1170713 1171313 1171740 1172958 1173307 1173311 1173983 1175443 1176092 1176410 1176674 1177143 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-25219 CVE-2020-26154 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Wed Oct 14 00:54:00 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 14 Oct 2020 08:54:00 +0200 (CEST) Subject: SUSE-CU-2020:520-1: Security update of suse/sle15 Message-ID: <20201014065400.65376FD14@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:520-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.768 Container Release : 8.2.768 Severity : important Type : security References : 1100369 1109160 1118367 1118368 1128220 1156205 1157051 1161168 1170667 1170713 1171313 1171740 1172958 1173307 1173311 1173983 1175443 1176092 1176410 1176674 1177143 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-25219 CVE-2020-26154 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Wed Oct 14 10:16:42 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 14 Oct 2020 18:16:42 +0200 (CEST) Subject: SUSE-SU-2020:14516-1: important: Security update for php53 Message-ID: <20201014161642.2847BFFAA@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14516-1 Rating: important References: #1177352 Cross-References: CVE-2020-7070 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php53 fixes the following issues: - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-php53-14516=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-php53-14516=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-14516=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-php53-14516=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.93.1 php53-5.3.17-112.93.1 php53-bcmath-5.3.17-112.93.1 php53-bz2-5.3.17-112.93.1 php53-calendar-5.3.17-112.93.1 php53-ctype-5.3.17-112.93.1 php53-curl-5.3.17-112.93.1 php53-dba-5.3.17-112.93.1 php53-dom-5.3.17-112.93.1 php53-exif-5.3.17-112.93.1 php53-fastcgi-5.3.17-112.93.1 php53-fileinfo-5.3.17-112.93.1 php53-ftp-5.3.17-112.93.1 php53-gd-5.3.17-112.93.1 php53-gettext-5.3.17-112.93.1 php53-gmp-5.3.17-112.93.1 php53-iconv-5.3.17-112.93.1 php53-intl-5.3.17-112.93.1 php53-json-5.3.17-112.93.1 php53-ldap-5.3.17-112.93.1 php53-mbstring-5.3.17-112.93.1 php53-mcrypt-5.3.17-112.93.1 php53-mysql-5.3.17-112.93.1 php53-odbc-5.3.17-112.93.1 php53-openssl-5.3.17-112.93.1 php53-pcntl-5.3.17-112.93.1 php53-pdo-5.3.17-112.93.1 php53-pear-5.3.17-112.93.1 php53-pgsql-5.3.17-112.93.1 php53-pspell-5.3.17-112.93.1 php53-shmop-5.3.17-112.93.1 php53-snmp-5.3.17-112.93.1 php53-soap-5.3.17-112.93.1 php53-suhosin-5.3.17-112.93.1 php53-sysvmsg-5.3.17-112.93.1 php53-sysvsem-5.3.17-112.93.1 php53-sysvshm-5.3.17-112.93.1 php53-tokenizer-5.3.17-112.93.1 php53-wddx-5.3.17-112.93.1 php53-xmlreader-5.3.17-112.93.1 php53-xmlrpc-5.3.17-112.93.1 php53-xmlwriter-5.3.17-112.93.1 php53-xsl-5.3.17-112.93.1 php53-zip-5.3.17-112.93.1 php53-zlib-5.3.17-112.93.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): apache2-mod_php53-5.3.17-112.93.1 php53-5.3.17-112.93.1 php53-bcmath-5.3.17-112.93.1 php53-bz2-5.3.17-112.93.1 php53-calendar-5.3.17-112.93.1 php53-ctype-5.3.17-112.93.1 php53-curl-5.3.17-112.93.1 php53-dba-5.3.17-112.93.1 php53-dom-5.3.17-112.93.1 php53-exif-5.3.17-112.93.1 php53-fastcgi-5.3.17-112.93.1 php53-fileinfo-5.3.17-112.93.1 php53-ftp-5.3.17-112.93.1 php53-gd-5.3.17-112.93.1 php53-gettext-5.3.17-112.93.1 php53-gmp-5.3.17-112.93.1 php53-iconv-5.3.17-112.93.1 php53-intl-5.3.17-112.93.1 php53-json-5.3.17-112.93.1 php53-ldap-5.3.17-112.93.1 php53-mbstring-5.3.17-112.93.1 php53-mcrypt-5.3.17-112.93.1 php53-mysql-5.3.17-112.93.1 php53-odbc-5.3.17-112.93.1 php53-openssl-5.3.17-112.93.1 php53-pcntl-5.3.17-112.93.1 php53-pdo-5.3.17-112.93.1 php53-pear-5.3.17-112.93.1 php53-pgsql-5.3.17-112.93.1 php53-pspell-5.3.17-112.93.1 php53-shmop-5.3.17-112.93.1 php53-snmp-5.3.17-112.93.1 php53-soap-5.3.17-112.93.1 php53-suhosin-5.3.17-112.93.1 php53-sysvmsg-5.3.17-112.93.1 php53-sysvsem-5.3.17-112.93.1 php53-sysvshm-5.3.17-112.93.1 php53-tokenizer-5.3.17-112.93.1 php53-wddx-5.3.17-112.93.1 php53-xmlreader-5.3.17-112.93.1 php53-xmlrpc-5.3.17-112.93.1 php53-xmlwriter-5.3.17-112.93.1 php53-xsl-5.3.17-112.93.1 php53-zip-5.3.17-112.93.1 php53-zlib-5.3.17-112.93.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.93.1 php53-debugsource-5.3.17-112.93.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): php53-debuginfo-5.3.17-112.93.1 php53-debugsource-5.3.17-112.93.1 References: https://www.suse.com/security/cve/CVE-2020-7070.html https://bugzilla.suse.com/1177352 From sle-security-updates at lists.suse.com Wed Oct 14 10:17:39 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 14 Oct 2020 18:17:39 +0200 (CEST) Subject: SUSE-SU-2020:2920-1: important: Security update for php7 Message-ID: <20201014161739.018D8FFAA@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2920-1 Rating: important References: #1173786 #1177352 Cross-References: CVE-2020-7070 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for php7 fixes the following issues: - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). - Added tmpfiles.d for php-fpm to provide a base for a socket (bsc#1173786) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2920=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2920=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.102.1 php7-debugsource-7.0.7-50.102.1 php7-devel-7.0.7-50.102.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.102.1 apache2-mod_php7-debuginfo-7.0.7-50.102.1 php7-7.0.7-50.102.1 php7-bcmath-7.0.7-50.102.1 php7-bcmath-debuginfo-7.0.7-50.102.1 php7-bz2-7.0.7-50.102.1 php7-bz2-debuginfo-7.0.7-50.102.1 php7-calendar-7.0.7-50.102.1 php7-calendar-debuginfo-7.0.7-50.102.1 php7-ctype-7.0.7-50.102.1 php7-ctype-debuginfo-7.0.7-50.102.1 php7-curl-7.0.7-50.102.1 php7-curl-debuginfo-7.0.7-50.102.1 php7-dba-7.0.7-50.102.1 php7-dba-debuginfo-7.0.7-50.102.1 php7-debuginfo-7.0.7-50.102.1 php7-debugsource-7.0.7-50.102.1 php7-dom-7.0.7-50.102.1 php7-dom-debuginfo-7.0.7-50.102.1 php7-enchant-7.0.7-50.102.1 php7-enchant-debuginfo-7.0.7-50.102.1 php7-exif-7.0.7-50.102.1 php7-exif-debuginfo-7.0.7-50.102.1 php7-fastcgi-7.0.7-50.102.1 php7-fastcgi-debuginfo-7.0.7-50.102.1 php7-fileinfo-7.0.7-50.102.1 php7-fileinfo-debuginfo-7.0.7-50.102.1 php7-fpm-7.0.7-50.102.1 php7-fpm-debuginfo-7.0.7-50.102.1 php7-ftp-7.0.7-50.102.1 php7-ftp-debuginfo-7.0.7-50.102.1 php7-gd-7.0.7-50.102.1 php7-gd-debuginfo-7.0.7-50.102.1 php7-gettext-7.0.7-50.102.1 php7-gettext-debuginfo-7.0.7-50.102.1 php7-gmp-7.0.7-50.102.1 php7-gmp-debuginfo-7.0.7-50.102.1 php7-iconv-7.0.7-50.102.1 php7-iconv-debuginfo-7.0.7-50.102.1 php7-imap-7.0.7-50.102.1 php7-imap-debuginfo-7.0.7-50.102.1 php7-intl-7.0.7-50.102.1 php7-intl-debuginfo-7.0.7-50.102.1 php7-json-7.0.7-50.102.1 php7-json-debuginfo-7.0.7-50.102.1 php7-ldap-7.0.7-50.102.1 php7-ldap-debuginfo-7.0.7-50.102.1 php7-mbstring-7.0.7-50.102.1 php7-mbstring-debuginfo-7.0.7-50.102.1 php7-mcrypt-7.0.7-50.102.1 php7-mcrypt-debuginfo-7.0.7-50.102.1 php7-mysql-7.0.7-50.102.1 php7-mysql-debuginfo-7.0.7-50.102.1 php7-odbc-7.0.7-50.102.1 php7-odbc-debuginfo-7.0.7-50.102.1 php7-opcache-7.0.7-50.102.1 php7-opcache-debuginfo-7.0.7-50.102.1 php7-openssl-7.0.7-50.102.1 php7-openssl-debuginfo-7.0.7-50.102.1 php7-pcntl-7.0.7-50.102.1 php7-pcntl-debuginfo-7.0.7-50.102.1 php7-pdo-7.0.7-50.102.1 php7-pdo-debuginfo-7.0.7-50.102.1 php7-pgsql-7.0.7-50.102.1 php7-pgsql-debuginfo-7.0.7-50.102.1 php7-phar-7.0.7-50.102.1 php7-phar-debuginfo-7.0.7-50.102.1 php7-posix-7.0.7-50.102.1 php7-posix-debuginfo-7.0.7-50.102.1 php7-pspell-7.0.7-50.102.1 php7-pspell-debuginfo-7.0.7-50.102.1 php7-shmop-7.0.7-50.102.1 php7-shmop-debuginfo-7.0.7-50.102.1 php7-snmp-7.0.7-50.102.1 php7-snmp-debuginfo-7.0.7-50.102.1 php7-soap-7.0.7-50.102.1 php7-soap-debuginfo-7.0.7-50.102.1 php7-sockets-7.0.7-50.102.1 php7-sockets-debuginfo-7.0.7-50.102.1 php7-sqlite-7.0.7-50.102.1 php7-sqlite-debuginfo-7.0.7-50.102.1 php7-sysvmsg-7.0.7-50.102.1 php7-sysvmsg-debuginfo-7.0.7-50.102.1 php7-sysvsem-7.0.7-50.102.1 php7-sysvsem-debuginfo-7.0.7-50.102.1 php7-sysvshm-7.0.7-50.102.1 php7-sysvshm-debuginfo-7.0.7-50.102.1 php7-tokenizer-7.0.7-50.102.1 php7-tokenizer-debuginfo-7.0.7-50.102.1 php7-wddx-7.0.7-50.102.1 php7-wddx-debuginfo-7.0.7-50.102.1 php7-xmlreader-7.0.7-50.102.1 php7-xmlreader-debuginfo-7.0.7-50.102.1 php7-xmlrpc-7.0.7-50.102.1 php7-xmlrpc-debuginfo-7.0.7-50.102.1 php7-xmlwriter-7.0.7-50.102.1 php7-xmlwriter-debuginfo-7.0.7-50.102.1 php7-xsl-7.0.7-50.102.1 php7-xsl-debuginfo-7.0.7-50.102.1 php7-zip-7.0.7-50.102.1 php7-zip-debuginfo-7.0.7-50.102.1 php7-zlib-7.0.7-50.102.1 php7-zlib-debuginfo-7.0.7-50.102.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.102.1 php7-pear-Archive_Tar-7.0.7-50.102.1 References: https://www.suse.com/security/cve/CVE-2020-7070.html https://bugzilla.suse.com/1173786 https://bugzilla.suse.com/1177352 From sle-security-updates at lists.suse.com Wed Oct 14 10:18:40 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 14 Oct 2020 18:18:40 +0200 (CEST) Subject: SUSE-SU-2020:2923-1: moderate: Security update for libqt5-qtimageformats Message-ID: <20201014161840.C0775FFAA@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtimageformats ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2923-1 Rating: moderate References: #1118598 Cross-References: CVE-2018-19871 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libqt5-qtimageformats fixes the following issues: Security issues fixed: - CVE-2018-19871: Fixed CPU exhaustion in QTgaFile (bsc#1118598) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2923=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libqt5-qtimageformats-5.6.2-3.3.110 libqt5-qtimageformats-debuginfo-5.6.2-3.3.110 libqt5-qtimageformats-debugsource-5.6.2-3.3.110 References: https://www.suse.com/security/cve/CVE-2018-19871.html https://bugzilla.suse.com/1118598 From sle-security-updates at lists.suse.com Wed Oct 14 10:19:36 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 14 Oct 2020 18:19:36 +0200 (CEST) Subject: SUSE-SU-2020:2924-1: moderate: Security update for libqt5-qtsvg Message-ID: <20201014161936.C5795FFAA@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtsvg ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2924-1 Rating: moderate References: #1118599 Cross-References: CVE-2018-19869 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libqt5-qtsvg fixes the following issues: Security issues fixed: - CVE-2018-19869: Fixed Denial of Service when parsing malformed URL reference (bsc#1118599) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2924=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2924=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libqt5-qtsvg-debugsource-5.6.2-3.3.110 libqt5-qtsvg-devel-5.6.2-3.3.110 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): libqt5-qtsvg-private-headers-devel-5.6.2-3.3.110 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libQt5Svg5-5.6.2-3.3.110 libQt5Svg5-debuginfo-5.6.2-3.3.110 libqt5-qtsvg-debugsource-5.6.2-3.3.110 References: https://www.suse.com/security/cve/CVE-2018-19869.html https://bugzilla.suse.com/1118599 From sle-security-updates at lists.suse.com Wed Oct 14 13:14:21 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 14 Oct 2020 21:14:21 +0200 (CEST) Subject: SUSE-SU-2020:2928-1: moderate: Security update for crmsh Message-ID: <20201014191421.60635FFA8@maintenance.suse.de> SUSE Security Update: Security update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2928-1 Rating: moderate References: #1163581 #1176569 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fixed start_delay with start-delay(bsc#1176569) - fix on_fail should be on-fail(bsc#1176569) - config: Try to handle configparser.MissingSectionHeaderError while reading config file - ui_configure: Obscure sensitive data by default(bsc#1163581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2928=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.1.0+git.1602227275.3d680577-3.39.1 crmsh-scripts-4.1.0+git.1602227275.3d680577-3.39.1 References: https://bugzilla.suse.com/1163581 https://bugzilla.suse.com/1176569 From sle-security-updates at lists.suse.com Thu Oct 15 00:05:17 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:05:17 +0200 (CEST) Subject: SUSE-CU-2020:521-1: Security update of harbor/docker-dind Message-ID: <20201015060517.161EFFFAA@maintenance.suse.de> SUSE Container Update Advisory: harbor/docker-dind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:521-1 Container Tags : harbor/docker-dind:2.0.3 , harbor/docker-dind:2.0.3-rev1 , harbor/docker-dind:2.0.3-rev1-build3.6 Container Release : 3.6 Severity : important Type : security References : 1011548 1100369 1109160 1118367 1118368 1128220 1142733 1146991 1153943 1153946 1156205 1157051 1158336 1161168 1161239 1165424 1165580 1170667 1170713 1171313 1171740 1171762 1172195 1172824 1172958 1173273 1173307 1173311 1173470 1173529 1173539 1173983 1174079 1174154 1174240 1174551 1174561 1174736 1174918 1175109 1175110 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container harbor/docker-dind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2638-1 Released: Tue Sep 15 15:41:32 2020 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1165580 This update for cryptsetup fixes the following issues: Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580) - Fix support of larger metadata areas in *LUKS2* header. This release properly supports all specified metadata areas, as documented in *LUKS2* format description. Currently, only default metadata area size is used (in format or convert). Later cryptsetup versions will allow increasing this metadata area size. - If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check if the requested *AEAD* algorithm with specified key size is available in kernel crypto API. This change avoids formatting a device that cannot be later activated. For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) are already mandatory for LUKS2. - Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option. - Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt. - Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested sector size. Previously it was possible, and the device was rejected to activate by kernel later. - Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash algorithm with invalid keyslot preventing the device from activation. - Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used both for data encryption and keyslot encryption in *LUKS1/2* devices. For benchmark, use: # cryptsetup benchmark -c xchacha12,aes-adiantum # cryptsetup benchmark -c xchacha20,aes-adiantum For LUKS format: # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2850-1 Released: Fri Oct 2 12:26:03 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1175110 This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Thu Oct 15 00:05:44 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:05:44 +0200 (CEST) Subject: SUSE-CU-2020:522-1: Security update of harbor/harbor-core Message-ID: <20201015060544.95C0EFFAA@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-core ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:522-1 Container Tags : harbor/harbor-core:2.0.3 , harbor/harbor-core:2.0.3-rev1 , harbor/harbor-core:2.0.3-rev1-build3.7 Container Release : 3.7 Severity : important Type : security References : 1011548 1100369 1109160 1118367 1118368 1128220 1142733 1146991 1153943 1153946 1156205 1157051 1158336 1161168 1161239 1165424 1170667 1170713 1171313 1171740 1171762 1172195 1172824 1172958 1173273 1173307 1173311 1173470 1173529 1173539 1173983 1174079 1174154 1174240 1174551 1174561 1174736 1174918 1175109 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container harbor/harbor-core was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Thu Oct 15 00:06:22 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:06:22 +0200 (CEST) Subject: SUSE-CU-2020:524-1: Security update of harbor/harbor-db Message-ID: <20201015060622.EEE78FFAA@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:524-1 Container Tags : harbor/harbor-db:2.0.3 , harbor/harbor-db:2.0.3-rev1 , harbor/harbor-db:2.0.3-rev1-build4.7 Container Release : 4.7 Severity : important Type : security References : 1011548 1100369 1109160 1118367 1118368 1128220 1142733 1146991 1153943 1153946 1156205 1157051 1158336 1161168 1161239 1165424 1165580 1170667 1170713 1171313 1171740 1171762 1172195 1172824 1172958 1173273 1173307 1173311 1173470 1173529 1173539 1173983 1174079 1174154 1174240 1174551 1174561 1174736 1174918 1175109 1175110 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container harbor/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2638-1 Released: Tue Sep 15 15:41:32 2020 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1165580 This update for cryptsetup fixes the following issues: Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580) - Fix support of larger metadata areas in *LUKS2* header. This release properly supports all specified metadata areas, as documented in *LUKS2* format description. Currently, only default metadata area size is used (in format or convert). Later cryptsetup versions will allow increasing this metadata area size. - If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check if the requested *AEAD* algorithm with specified key size is available in kernel crypto API. This change avoids formatting a device that cannot be later activated. For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) are already mandatory for LUKS2. - Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option. - Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt. - Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested sector size. Previously it was possible, and the device was rejected to activate by kernel later. - Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash algorithm with invalid keyslot preventing the device from activation. - Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used both for data encryption and keyslot encryption in *LUKS1/2* devices. For benchmark, use: # cryptsetup benchmark -c xchacha12,aes-adiantum # cryptsetup benchmark -c xchacha20,aes-adiantum For LUKS format: # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2850-1 Released: Fri Oct 2 12:26:03 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1175110 This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Thu Oct 15 00:07:10 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:07:10 +0200 (CEST) Subject: SUSE-CU-2020:528-1: Security update of harbor/harbor-jobservice Message-ID: <20201015060710.D0894FFAA@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-jobservice ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:528-1 Container Tags : harbor/harbor-jobservice:2.0.3 , harbor/harbor-jobservice:2.0.3-rev1 , harbor/harbor-jobservice:2.0.3-rev1-build3.7 Container Release : 3.7 Severity : important Type : security References : 1011548 1100369 1109160 1118367 1118368 1128220 1142733 1146991 1153943 1153946 1156205 1157051 1158336 1161168 1161239 1165424 1170667 1170713 1171313 1171740 1171762 1172195 1172824 1172958 1173273 1173307 1173311 1173470 1173529 1173539 1173983 1174079 1174154 1174240 1174551 1174561 1174736 1174918 1175109 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container harbor/harbor-jobservice was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Thu Oct 15 00:07:46 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:07:46 +0200 (CEST) Subject: SUSE-CU-2020:530-1: Security update of harbor/harbor-nginx Message-ID: <20201015060746.72E08FFAA@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:530-1 Container Tags : harbor/harbor-nginx:2.0.3 , harbor/harbor-nginx:2.0.3-rev1 , harbor/harbor-nginx:2.0.3-rev1-build3.7 Container Release : 3.7 Severity : important Type : security References : 1011548 1100369 1109160 1118367 1118368 1128220 1142733 1146608 1146991 1153943 1153946 1156205 1157051 1158336 1161168 1161239 1165424 1170667 1170713 1171313 1171740 1171762 1172195 1172491 1172824 1172958 1173273 1173307 1173311 1173470 1173529 1173539 1173983 1174079 1174154 1174240 1174551 1174561 1174736 1174918 1175006 1175109 1175239 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-14973 CVE-2019-6477 CVE-2020-13790 CVE-2020-14363 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container harbor/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2440-1 Released: Tue Sep 1 22:14:33 2020 Summary: Recommended update for libmaxminddb Type: recommended Severity: moderate References: 1175006 This update for libmaxminddb fixes the following issues: - update to 1.4.3: * Use of uninitialized memory in dump_entry_data_list() could have cause a heap buffer flow in mmdblookup [bsc#1175006] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2474-1 Released: Thu Sep 3 12:10:29 2020 Summary: Security update for libX11 Type: security Severity: moderate References: 1175239,CVE-2020-14363 This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2569-1 Released: Tue Sep 8 14:58:49 2020 Summary: Security update for libjpeg-turbo Type: security Severity: moderate References: 1172491,CVE-2020-13790 This update for libjpeg-turbo fixes the following issues: - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2744-1 Released: Thu Sep 24 17:56:23 2020 Summary: Security update for tiff Type: security Severity: moderate References: 1146608,CVE-2019-14973 This update for tiff fixes the following issues: - CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Thu Oct 15 00:09:07 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:09:07 +0200 (CEST) Subject: SUSE-CU-2020:536-1: Security update of harbor/harbor-portal Message-ID: <20201015060907.EC81FFFAA@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:536-1 Container Tags : harbor/harbor-portal:2.0.3 , harbor/harbor-portal:2.0.3-rev1 , harbor/harbor-portal:2.0.3-rev1-build4.2 Container Release : 4.2 Severity : important Type : security References : 1011548 1100369 1109160 1118367 1118368 1128220 1142733 1146608 1146991 1153943 1153946 1156205 1157051 1158336 1161168 1161239 1165424 1170667 1170713 1171313 1171740 1171762 1172195 1172491 1172824 1172958 1173273 1173307 1173311 1173470 1173529 1173539 1173983 1174079 1174154 1174240 1174551 1174561 1174736 1174918 1175006 1175109 1175239 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-14973 CVE-2019-6477 CVE-2020-13790 CVE-2020-14363 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container harbor/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2440-1 Released: Tue Sep 1 22:14:33 2020 Summary: Recommended update for libmaxminddb Type: recommended Severity: moderate References: 1175006 This update for libmaxminddb fixes the following issues: - update to 1.4.3: * Use of uninitialized memory in dump_entry_data_list() could have cause a heap buffer flow in mmdblookup [bsc#1175006] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2474-1 Released: Thu Sep 3 12:10:29 2020 Summary: Security update for libX11 Type: security Severity: moderate References: 1175239,CVE-2020-14363 This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2569-1 Released: Tue Sep 8 14:58:49 2020 Summary: Security update for libjpeg-turbo Type: security Severity: moderate References: 1172491,CVE-2020-13790 This update for libjpeg-turbo fixes the following issues: - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2744-1 Released: Thu Sep 24 17:56:23 2020 Summary: Security update for tiff Type: security Severity: moderate References: 1146608,CVE-2019-14973 This update for tiff fixes the following issues: - CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Thu Oct 15 00:09:42 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:09:42 +0200 (CEST) Subject: SUSE-CU-2020:538-1: Security update of harbor/harbor-redis Message-ID: <20201015060942.DE1E2FFAA@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-redis ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:538-1 Container Tags : harbor/harbor-redis:2.0.3 , harbor/harbor-redis:2.0.3-rev1 , harbor/harbor-redis:2.0.3-rev1-build3.7 Container Release : 3.7 Severity : important Type : security References : 1011548 1100369 1109160 1118367 1118368 1128220 1142733 1146991 1153943 1153946 1156205 1157051 1158336 1161168 1161239 1165424 1170667 1170713 1171313 1171740 1171762 1172195 1172824 1172958 1173273 1173307 1173311 1173470 1173529 1173539 1173983 1174079 1174154 1174240 1174551 1174561 1174736 1174918 1175109 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container harbor/harbor-redis was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Thu Oct 15 00:10:16 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:10:16 +0200 (CEST) Subject: SUSE-CU-2020:540-1: Security update of harbor/harbor-registry Message-ID: <20201015061016.1EFBCFFAA@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:540-1 Container Tags : harbor/harbor-registry:2.0.3 , harbor/harbor-registry:2.0.3-rev1 , harbor/harbor-registry:2.0.3-rev1-build3.8 Container Release : 3.8 Severity : important Type : security References : 1011548 1100369 1109160 1118367 1118368 1128220 1142733 1146991 1153943 1153946 1156205 1157051 1158336 1161168 1161239 1165424 1170667 1170713 1171313 1171740 1171762 1172195 1172824 1172958 1173273 1173307 1173311 1173470 1173529 1173539 1173983 1174079 1174154 1174240 1174551 1174561 1174736 1174918 1175109 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container harbor/harbor-registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Thu Oct 15 00:10:51 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:10:51 +0200 (CEST) Subject: SUSE-CU-2020:542-1: Security update of harbor/harbor-registryctl Message-ID: <20201015061051.B7AEAFFAA@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-registryctl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:542-1 Container Tags : harbor/harbor-registryctl:2.0.3 , harbor/harbor-registryctl:2.0.3-rev1 , harbor/harbor-registryctl:2.0.3-rev1-build3.7 Container Release : 3.7 Severity : important Type : security References : 1011548 1100369 1109160 1118367 1118368 1128220 1142733 1146991 1153943 1153946 1156205 1157051 1158336 1161168 1161239 1165424 1170667 1170713 1171313 1171740 1171762 1172195 1172824 1172958 1173273 1173307 1173311 1173470 1173529 1173539 1173983 1174079 1174154 1174240 1174551 1174561 1174736 1174918 1175109 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container harbor/harbor-registryctl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Thu Oct 15 00:11:26 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:11:26 +0200 (CEST) Subject: SUSE-CU-2020:544-1: Security update of harbor/harbor-test Message-ID: <20201015061126.E2E0CFFAA@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-test ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:544-1 Container Tags : harbor/harbor-test:2.0.3 , harbor/harbor-test:2.0.3-rev1 , harbor/harbor-test:2.0.3-rev1-build4.7 Container Release : 4.7 Severity : important Type : security References : 1011548 1027282 1029377 1029902 1040164 1042670 1070853 1079761 1081750 1083507 1086001 1088004 1088009 1088573 1094814 1094814 1100369 1107030 1107030 1109160 1109663 1109847 1118367 1118368 1120644 1120644 1122191 1122191 1128220 1129346 1129346 1130840 1130840 1133452 1133452 1137942 1138459 1138459 1141853 1141853 1142733 1146991 1149121 1149121 1149792 1149792 1149955 1149955 1149955 1151490 1151490 1153238 1153238 1153943 1153946 1156205 1157051 1158336 1159035 1159622 1161168 1161239 1162224 1162367 1162423 1162825 1165424 1165580 1165894 1165894 1170667 1170713 1171313 1171740 1171762 1172195 1172824 1172958 1173273 1173274 1173307 1173311 1173470 1173529 1173539 1173983 1174079 1174091 1174154 1174240 1174551 1174561 1174736 1174918 1175109 1175110 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1177143 1177479 637176 658604 673071 709442 743787 747125 751718 754447 754677 787526 809831 831629 834601 871152 885662 885882 906079 917607 942751 951166 983582 984751 985177 985348 989523 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2017-3136 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-20406 CVE-2018-20406 CVE-2018-20852 CVE-2018-20852 CVE-2018-5741 CVE-2019-10160 CVE-2019-10160 CVE-2019-15903 CVE-2019-16056 CVE-2019-16056 CVE-2019-16056 CVE-2019-16935 CVE-2019-16935 CVE-2019-20907 CVE-2019-5010 CVE-2019-5010 CVE-2019-6477 CVE-2019-9636 CVE-2019-9636 CVE-2019-9674 CVE-2019-9947 CVE-2019-9947 CVE-2020-14422 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8492 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 PM-1350 SLE-9426 ----------------------------------------------------------------- The container harbor/harbor-test was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2170-1 Released: Mon Oct 8 10:31:14 2018 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1107030 This update for python3 fixes the following issues: - Add -fwrapv to OPTS, which is default for python3 for bugs which are caused by avoiding it. (bsc#1107030) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:215-1 Released: Thu Jan 31 15:59:57 2019 Summary: Security update for python3 Type: security Severity: important References: 1120644,1122191,CVE-2018-20406,CVE-2019-5010 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:971-1 Released: Wed Apr 17 14:43:26 2019 Summary: Security update for python3 Type: security Severity: important References: 1129346,CVE-2019-9636 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1352-1 Released: Fri May 24 14:41:44 2019 Summary: Security update for python3 Type: security Severity: moderate References: 1130840,1133452,CVE-2019-9947 This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2050-1 Released: Tue Aug 6 09:42:37 2019 Summary: Security update for python3 Type: security Severity: important References: 1094814,1138459,1141853,CVE-2018-20852,CVE-2019-10160 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Non-security issue fixed: - Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2802-1 Released: Tue Oct 29 11:39:05 2019 Summary: Security update for python3 Type: security Severity: moderate References: 1149121,1149792,1149955,1151490,1153238,CVE-2019-16056,CVE-2019-16935,PM-1350,SLE-9426 This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Non-security issues fixed: - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490) - Improved locale handling by implementing PEP 538. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:114-1 Released: Thu Jan 16 10:11:52 2020 Summary: Security update for python3 Type: security Severity: important References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:467-1 Released: Tue Feb 25 12:00:39 2020 Summary: Security update for python3 Type: security Severity: moderate References: 1162224,1162367,1162423,1162825,CVE-2019-9674,CVE-2020-8492 This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367). Non-security issue fixed: - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:777-1 Released: Tue Mar 24 18:07:52 2020 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1165894 This update for python3 fixes the following issue: - Rename idle icons to idle3 in order to not conflict with python2 variant of the package (bsc#1165894) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1342-1 Released: Tue May 19 13:27:31 2020 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1149955,1165894,CVE-2019-16056 This update for python3 fixes the following issues: - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1822-1 Released: Thu Jul 2 11:30:42 2020 Summary: Security update for python3 Type: security Severity: important References: 1173274,CVE-2020-14422 This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2277-1 Released: Wed Aug 19 13:24:03 2020 Summary: Security update for python3 Type: security Severity: moderate References: 1174091,CVE-2019-20907 This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2638-1 Released: Tue Sep 15 15:41:32 2020 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1165580 This update for cryptsetup fixes the following issues: Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580) - Fix support of larger metadata areas in *LUKS2* header. This release properly supports all specified metadata areas, as documented in *LUKS2* format description. Currently, only default metadata area size is used (in format or convert). Later cryptsetup versions will allow increasing this metadata area size. - If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check if the requested *AEAD* algorithm with specified key size is available in kernel crypto API. This change avoids formatting a device that cannot be later activated. For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) are already mandatory for LUKS2. - Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option. - Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt. - Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested sector size. Previously it was possible, and the device was rejected to activate by kernel later. - Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash algorithm with invalid keyslot preventing the device from activation. - Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used both for data encryption and keyslot encryption in *LUKS1/2* devices. For benchmark, use: # cryptsetup benchmark -c xchacha12,aes-adiantum # cryptsetup benchmark -c xchacha20,aes-adiantum For LUKS format: # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2850-1 Released: Fri Oct 2 12:26:03 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1175110 This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Thu Oct 15 00:12:04 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:12:04 +0200 (CEST) Subject: SUSE-CU-2020:546-1: Security update of harbor/harbor-trivy-adapter Message-ID: <20201015061204.756D1FFAA@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:546-1 Container Tags : harbor/harbor-trivy-adapter:2.0.3 , harbor/harbor-trivy-adapter:2.0.3-rev1 , harbor/harbor-trivy-adapter:2.0.3-rev1-build3.7 Container Release : 3.7 Severity : important Type : security References : 1011548 1100369 1109160 1118367 1118368 1128220 1142733 1146991 1153943 1153946 1156205 1157051 1158336 1161168 1161239 1165424 1170667 1170713 1171313 1171740 1171762 1172195 1172824 1172958 1173273 1173307 1173311 1173470 1173529 1173539 1173983 1174079 1174154 1174240 1174551 1174561 1174736 1174918 1175109 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container harbor/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. From sle-security-updates at lists.suse.com Thu Oct 15 00:22:15 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:22:15 +0200 (CEST) Subject: SUSE-CU-2020:548-1: Security update of suse/sles12sp3 Message-ID: <20201015062215.F255DFFAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:548-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.215 , suse/sles12sp3:latest Container Release : 24.215 Severity : important Type : security References : 1170347 1176410 1176759 1177143 CVE-2020-25219 CVE-2020-26154 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2897-1 Released: Tue Oct 13 14:00:25 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - This update extends the suse build key (bsc#1176759) - The SUSE container key is different from the build key. (PM-1845 bsc#1170347) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2900-1 Released: Tue Oct 13 14:20:15 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). From sle-security-updates at lists.suse.com Thu Oct 15 00:33:21 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:33:21 +0200 (CEST) Subject: SUSE-CU-2020:549-1: Security update of suse/sles12sp4 Message-ID: <20201015063321.0C090FFAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:549-1 Container Tags : suse/sles12sp4:26.248 , suse/sles12sp4:latest Container Release : 26.248 Severity : important Type : security References : 1170347 1176410 1176759 1177143 CVE-2020-25219 CVE-2020-26154 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2897-1 Released: Tue Oct 13 14:00:25 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - This update extends the suse build key (bsc#1176759) - The SUSE container key is different from the build key. (PM-1845 bsc#1170347) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2900-1 Released: Tue Oct 13 14:20:15 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). From sle-security-updates at lists.suse.com Thu Oct 15 00:39:19 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 08:39:19 +0200 (CEST) Subject: SUSE-CU-2020:550-1: Security update of suse/sles12sp5 Message-ID: <20201015063919.C0E1BFFAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:550-1 Container Tags : suse/sles12sp5:6.5.74 , suse/sles12sp5:latest Container Release : 6.5.74 Severity : important Type : security References : 1170347 1176410 1176759 1177143 CVE-2020-25219 CVE-2020-26154 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2897-1 Released: Tue Oct 13 14:00:25 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - This update extends the suse build key (bsc#1176759) - The SUSE container key is different from the build key. (PM-1845 bsc#1170347) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2900-1 Released: Tue Oct 13 14:20:15 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). From sle-security-updates at lists.suse.com Thu Oct 15 07:15:13 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 15:15:13 +0200 (CEST) Subject: SUSE-SU-2020:2930-1: moderate: Security update for crmsh Message-ID: <20201015131513.7151DFFA6@maintenance.suse.de> SUSE Security Update: Security update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2930-1 Rating: moderate References: #1163581 #1176569 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fixed start_delay with start-delay(bsc#1176569) - fix on_fail should be on-fail(bsc#1176569) - config: Try to handle configparser.MissingSectionHeaderError while reading config file - ui_configure: Obscure sensitive data by default(bsc#1163581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-2930=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): crmsh-3.0.4+git.1601025003.13ca7d95-13.47.2 crmsh-scripts-3.0.4+git.1601025003.13ca7d95-13.47.2 References: https://bugzilla.suse.com/1163581 https://bugzilla.suse.com/1176569 From sle-security-updates at lists.suse.com Thu Oct 15 07:16:13 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 15:16:13 +0200 (CEST) Subject: SUSE-SU-2020:2931-1: moderate: Security update for bcm43xx-firmware Message-ID: <20201015131613.7EFCEFFA6@maintenance.suse.de> SUSE Security Update: Security update for bcm43xx-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2931-1 Rating: moderate References: #1176631 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for bcm43xx-firmware fixes the following issues: - Update bluetooth firmware to address Sweyntooth and Spectra issues (bsc#1176631): Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2931=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2931=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): bcm43xx-firmware-20180314-4.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): bcm43xx-firmware-20180314-4.3.1 References: https://bugzilla.suse.com/1176631 From sle-security-updates at lists.suse.com Thu Oct 15 07:17:09 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 15:17:09 +0200 (CEST) Subject: SUSE-SU-2020:2929-1: critical: Security update for rubygem-activesupport-4_2 Message-ID: <20201015131709.0FADFFFA6@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activesupport-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2929-1 Rating: critical References: #1172186 Cross-References: CVE-2020-8165 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activesupport-4_2 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution (bsc#1172186) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2929=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2929=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2929=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-activesupport-4_2-4.2.9-7.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-activesupport-4_2-4.2.9-7.9.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-activesupport-4_2-4.2.9-7.9.1 References: https://www.suse.com/security/cve/CVE-2020-8165.html https://bugzilla.suse.com/1172186 From sle-security-updates at lists.suse.com Thu Oct 15 13:16:16 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Oct 2020 21:16:16 +0200 (CEST) Subject: SUSE-SU-2020:2939-1: moderate: Security update for crmsh Message-ID: <20201015191616.38845FFA8@maintenance.suse.de> SUSE Security Update: Security update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2939-1 Rating: moderate References: #1148873 #1163581 #1176441 #1176569 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fixed start_delay with start-delay(bsc#1176569) - fix on_fail should be on-fail(bsc#1176569) - config: Try to handle configparser.MissingSectionHeaderError while reading config file - ui_configure: Obscure sensitive data by default(bsc#1163581 - hb_report: collect archived logs(bsc#1148873, bsc#1176441) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2939=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.1.0+git.1602227275.3d680577-3.44.1 crmsh-scripts-4.1.0+git.1602227275.3d680577-3.44.1 References: https://bugzilla.suse.com/1148873 https://bugzilla.suse.com/1163581 https://bugzilla.suse.com/1176441 https://bugzilla.suse.com/1176569 From sle-security-updates at lists.suse.com Fri Oct 16 07:18:48 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Oct 2020 15:18:48 +0200 (CEST) Subject: SUSE-SU-2020:2941-1: important: Security update for php7 Message-ID: <20201016131848.20C95FFA8@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2941-1 Rating: important References: #1177351 #1177352 Cross-References: CVE-2020-7069 CVE-2020-7070 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php7 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV was used (bsc#1177351). - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2941=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2941=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.11.1 apache2-mod_php7-debuginfo-7.4.6-3.11.1 php7-7.4.6-3.11.1 php7-bcmath-7.4.6-3.11.1 php7-bcmath-debuginfo-7.4.6-3.11.1 php7-bz2-7.4.6-3.11.1 php7-bz2-debuginfo-7.4.6-3.11.1 php7-calendar-7.4.6-3.11.1 php7-calendar-debuginfo-7.4.6-3.11.1 php7-ctype-7.4.6-3.11.1 php7-ctype-debuginfo-7.4.6-3.11.1 php7-curl-7.4.6-3.11.1 php7-curl-debuginfo-7.4.6-3.11.1 php7-dba-7.4.6-3.11.1 php7-dba-debuginfo-7.4.6-3.11.1 php7-debuginfo-7.4.6-3.11.1 php7-debugsource-7.4.6-3.11.1 php7-devel-7.4.6-3.11.1 php7-dom-7.4.6-3.11.1 php7-dom-debuginfo-7.4.6-3.11.1 php7-enchant-7.4.6-3.11.1 php7-enchant-debuginfo-7.4.6-3.11.1 php7-exif-7.4.6-3.11.1 php7-exif-debuginfo-7.4.6-3.11.1 php7-fastcgi-7.4.6-3.11.1 php7-fastcgi-debuginfo-7.4.6-3.11.1 php7-fileinfo-7.4.6-3.11.1 php7-fileinfo-debuginfo-7.4.6-3.11.1 php7-fpm-7.4.6-3.11.1 php7-fpm-debuginfo-7.4.6-3.11.1 php7-ftp-7.4.6-3.11.1 php7-ftp-debuginfo-7.4.6-3.11.1 php7-gd-7.4.6-3.11.1 php7-gd-debuginfo-7.4.6-3.11.1 php7-gettext-7.4.6-3.11.1 php7-gettext-debuginfo-7.4.6-3.11.1 php7-gmp-7.4.6-3.11.1 php7-gmp-debuginfo-7.4.6-3.11.1 php7-iconv-7.4.6-3.11.1 php7-iconv-debuginfo-7.4.6-3.11.1 php7-intl-7.4.6-3.11.1 php7-intl-debuginfo-7.4.6-3.11.1 php7-json-7.4.6-3.11.1 php7-json-debuginfo-7.4.6-3.11.1 php7-ldap-7.4.6-3.11.1 php7-ldap-debuginfo-7.4.6-3.11.1 php7-mbstring-7.4.6-3.11.1 php7-mbstring-debuginfo-7.4.6-3.11.1 php7-mysql-7.4.6-3.11.1 php7-mysql-debuginfo-7.4.6-3.11.1 php7-odbc-7.4.6-3.11.1 php7-odbc-debuginfo-7.4.6-3.11.1 php7-opcache-7.4.6-3.11.1 php7-opcache-debuginfo-7.4.6-3.11.1 php7-openssl-7.4.6-3.11.1 php7-openssl-debuginfo-7.4.6-3.11.1 php7-pcntl-7.4.6-3.11.1 php7-pcntl-debuginfo-7.4.6-3.11.1 php7-pdo-7.4.6-3.11.1 php7-pdo-debuginfo-7.4.6-3.11.1 php7-pgsql-7.4.6-3.11.1 php7-pgsql-debuginfo-7.4.6-3.11.1 php7-phar-7.4.6-3.11.1 php7-phar-debuginfo-7.4.6-3.11.1 php7-posix-7.4.6-3.11.1 php7-posix-debuginfo-7.4.6-3.11.1 php7-readline-7.4.6-3.11.1 php7-readline-debuginfo-7.4.6-3.11.1 php7-shmop-7.4.6-3.11.1 php7-shmop-debuginfo-7.4.6-3.11.1 php7-snmp-7.4.6-3.11.1 php7-snmp-debuginfo-7.4.6-3.11.1 php7-soap-7.4.6-3.11.1 php7-soap-debuginfo-7.4.6-3.11.1 php7-sockets-7.4.6-3.11.1 php7-sockets-debuginfo-7.4.6-3.11.1 php7-sodium-7.4.6-3.11.1 php7-sodium-debuginfo-7.4.6-3.11.1 php7-sqlite-7.4.6-3.11.1 php7-sqlite-debuginfo-7.4.6-3.11.1 php7-sysvmsg-7.4.6-3.11.1 php7-sysvmsg-debuginfo-7.4.6-3.11.1 php7-sysvsem-7.4.6-3.11.1 php7-sysvsem-debuginfo-7.4.6-3.11.1 php7-sysvshm-7.4.6-3.11.1 php7-sysvshm-debuginfo-7.4.6-3.11.1 php7-tidy-7.4.6-3.11.1 php7-tidy-debuginfo-7.4.6-3.11.1 php7-tokenizer-7.4.6-3.11.1 php7-tokenizer-debuginfo-7.4.6-3.11.1 php7-xmlreader-7.4.6-3.11.1 php7-xmlreader-debuginfo-7.4.6-3.11.1 php7-xmlrpc-7.4.6-3.11.1 php7-xmlrpc-debuginfo-7.4.6-3.11.1 php7-xmlwriter-7.4.6-3.11.1 php7-xmlwriter-debuginfo-7.4.6-3.11.1 php7-xsl-7.4.6-3.11.1 php7-xsl-debuginfo-7.4.6-3.11.1 php7-zip-7.4.6-3.11.1 php7-zip-debuginfo-7.4.6-3.11.1 php7-zlib-7.4.6-3.11.1 php7-zlib-debuginfo-7.4.6-3.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-3.11.1 php7-debugsource-7.4.6-3.11.1 php7-embed-7.4.6-3.11.1 php7-embed-debuginfo-7.4.6-3.11.1 References: https://www.suse.com/security/cve/CVE-2020-7069.html https://www.suse.com/security/cve/CVE-2020-7070.html https://bugzilla.suse.com/1177351 https://bugzilla.suse.com/1177352 From sle-security-updates at lists.suse.com Fri Oct 16 07:19:50 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Oct 2020 15:19:50 +0200 (CEST) Subject: SUSE-SU-2020:2943-1: important: Security update for php72 Message-ID: <20201016131950.9BD98FFA8@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2943-1 Rating: important References: #1173786 #1177351 #1177352 Cross-References: CVE-2020-7069 CVE-2020-7070 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for php72 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV was used (bsc#1177351). - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). - Added tmpfiles.d for php-fpm to provide a base for a socket (bsc#1173786) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2943=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2943=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.54.1 php72-debugsource-7.2.5-1.54.1 php72-devel-7.2.5-1.54.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.54.1 apache2-mod_php72-debuginfo-7.2.5-1.54.1 php72-7.2.5-1.54.1 php72-bcmath-7.2.5-1.54.1 php72-bcmath-debuginfo-7.2.5-1.54.1 php72-bz2-7.2.5-1.54.1 php72-bz2-debuginfo-7.2.5-1.54.1 php72-calendar-7.2.5-1.54.1 php72-calendar-debuginfo-7.2.5-1.54.1 php72-ctype-7.2.5-1.54.1 php72-ctype-debuginfo-7.2.5-1.54.1 php72-curl-7.2.5-1.54.1 php72-curl-debuginfo-7.2.5-1.54.1 php72-dba-7.2.5-1.54.1 php72-dba-debuginfo-7.2.5-1.54.1 php72-debuginfo-7.2.5-1.54.1 php72-debugsource-7.2.5-1.54.1 php72-dom-7.2.5-1.54.1 php72-dom-debuginfo-7.2.5-1.54.1 php72-enchant-7.2.5-1.54.1 php72-enchant-debuginfo-7.2.5-1.54.1 php72-exif-7.2.5-1.54.1 php72-exif-debuginfo-7.2.5-1.54.1 php72-fastcgi-7.2.5-1.54.1 php72-fastcgi-debuginfo-7.2.5-1.54.1 php72-fileinfo-7.2.5-1.54.1 php72-fileinfo-debuginfo-7.2.5-1.54.1 php72-fpm-7.2.5-1.54.1 php72-fpm-debuginfo-7.2.5-1.54.1 php72-ftp-7.2.5-1.54.1 php72-ftp-debuginfo-7.2.5-1.54.1 php72-gd-7.2.5-1.54.1 php72-gd-debuginfo-7.2.5-1.54.1 php72-gettext-7.2.5-1.54.1 php72-gettext-debuginfo-7.2.5-1.54.1 php72-gmp-7.2.5-1.54.1 php72-gmp-debuginfo-7.2.5-1.54.1 php72-iconv-7.2.5-1.54.1 php72-iconv-debuginfo-7.2.5-1.54.1 php72-imap-7.2.5-1.54.1 php72-imap-debuginfo-7.2.5-1.54.1 php72-intl-7.2.5-1.54.1 php72-intl-debuginfo-7.2.5-1.54.1 php72-json-7.2.5-1.54.1 php72-json-debuginfo-7.2.5-1.54.1 php72-ldap-7.2.5-1.54.1 php72-ldap-debuginfo-7.2.5-1.54.1 php72-mbstring-7.2.5-1.54.1 php72-mbstring-debuginfo-7.2.5-1.54.1 php72-mysql-7.2.5-1.54.1 php72-mysql-debuginfo-7.2.5-1.54.1 php72-odbc-7.2.5-1.54.1 php72-odbc-debuginfo-7.2.5-1.54.1 php72-opcache-7.2.5-1.54.1 php72-opcache-debuginfo-7.2.5-1.54.1 php72-openssl-7.2.5-1.54.1 php72-openssl-debuginfo-7.2.5-1.54.1 php72-pcntl-7.2.5-1.54.1 php72-pcntl-debuginfo-7.2.5-1.54.1 php72-pdo-7.2.5-1.54.1 php72-pdo-debuginfo-7.2.5-1.54.1 php72-pgsql-7.2.5-1.54.1 php72-pgsql-debuginfo-7.2.5-1.54.1 php72-phar-7.2.5-1.54.1 php72-phar-debuginfo-7.2.5-1.54.1 php72-posix-7.2.5-1.54.1 php72-posix-debuginfo-7.2.5-1.54.1 php72-pspell-7.2.5-1.54.1 php72-pspell-debuginfo-7.2.5-1.54.1 php72-readline-7.2.5-1.54.1 php72-readline-debuginfo-7.2.5-1.54.1 php72-shmop-7.2.5-1.54.1 php72-shmop-debuginfo-7.2.5-1.54.1 php72-snmp-7.2.5-1.54.1 php72-snmp-debuginfo-7.2.5-1.54.1 php72-soap-7.2.5-1.54.1 php72-soap-debuginfo-7.2.5-1.54.1 php72-sockets-7.2.5-1.54.1 php72-sockets-debuginfo-7.2.5-1.54.1 php72-sodium-7.2.5-1.54.1 php72-sodium-debuginfo-7.2.5-1.54.1 php72-sqlite-7.2.5-1.54.1 php72-sqlite-debuginfo-7.2.5-1.54.1 php72-sysvmsg-7.2.5-1.54.1 php72-sysvmsg-debuginfo-7.2.5-1.54.1 php72-sysvsem-7.2.5-1.54.1 php72-sysvsem-debuginfo-7.2.5-1.54.1 php72-sysvshm-7.2.5-1.54.1 php72-sysvshm-debuginfo-7.2.5-1.54.1 php72-tidy-7.2.5-1.54.1 php72-tidy-debuginfo-7.2.5-1.54.1 php72-tokenizer-7.2.5-1.54.1 php72-tokenizer-debuginfo-7.2.5-1.54.1 php72-wddx-7.2.5-1.54.1 php72-wddx-debuginfo-7.2.5-1.54.1 php72-xmlreader-7.2.5-1.54.1 php72-xmlreader-debuginfo-7.2.5-1.54.1 php72-xmlrpc-7.2.5-1.54.1 php72-xmlrpc-debuginfo-7.2.5-1.54.1 php72-xmlwriter-7.2.5-1.54.1 php72-xmlwriter-debuginfo-7.2.5-1.54.1 php72-xsl-7.2.5-1.54.1 php72-xsl-debuginfo-7.2.5-1.54.1 php72-zip-7.2.5-1.54.1 php72-zip-debuginfo-7.2.5-1.54.1 php72-zlib-7.2.5-1.54.1 php72-zlib-debuginfo-7.2.5-1.54.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.54.1 php72-pear-Archive_Tar-7.2.5-1.54.1 References: https://www.suse.com/security/cve/CVE-2020-7069.html https://www.suse.com/security/cve/CVE-2020-7070.html https://bugzilla.suse.com/1173786 https://bugzilla.suse.com/1177351 https://bugzilla.suse.com/1177352 From sle-security-updates at lists.suse.com Fri Oct 16 07:20:57 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Oct 2020 15:20:57 +0200 (CEST) Subject: SUSE-SU-2020:2942-1: Security update for blktrace Message-ID: <20201016132057.84580FFA8@maintenance.suse.de> SUSE Security Update: Security update for blktrace ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2942-1 Rating: low References: #1091942 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: blktrace was updated to fix a security issue: - CVE-2018-10689: Prevent buffer overflow in the dev_map_read function because the device and devno arrays were too small (bsc#1091942) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2942=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): blktrace-1.0.5-8.5.74 blktrace-debuginfo-1.0.5-8.5.74 blktrace-debugsource-1.0.5-8.5.74 References: https://bugzilla.suse.com/1091942 From sle-security-updates at lists.suse.com Fri Oct 16 13:22:27 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Oct 2020 21:22:27 +0200 (CEST) Subject: SUSE-SU-2020:2947-1: moderate: Security update for gcc10, nvptx-tools Message-ID: <20201016192227.1F61AFFAB@maintenance.suse.de> SUSE Security Update: Security update for gcc10, nvptx-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2947-1 Rating: moderate References: #1172798 #1172846 #1173972 #1174753 #1174817 #1175168 ECO-2373 SLE-12297 Cross-References: CVE-2020-13844 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability, contains two features and has 5 fixes is now available. Description: This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with "-10" suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2947=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2947=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2947=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2947=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2947=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2947=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2947=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2947=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): cpp10-10.2.1+git583-1.3.4 cpp10-debuginfo-10.2.1+git583-1.3.4 gcc10-10.2.1+git583-1.3.4 gcc10-ada-10.2.1+git583-1.3.4 gcc10-ada-debuginfo-10.2.1+git583-1.3.4 gcc10-c++-10.2.1+git583-1.3.4 gcc10-c++-debuginfo-10.2.1+git583-1.3.4 gcc10-debuginfo-10.2.1+git583-1.3.4 gcc10-debugsource-10.2.1+git583-1.3.4 gcc10-fortran-10.2.1+git583-1.3.4 gcc10-fortran-debuginfo-10.2.1+git583-1.3.4 gcc10-go-10.2.1+git583-1.3.4 gcc10-go-debuginfo-10.2.1+git583-1.3.4 gcc10-locale-10.2.1+git583-1.3.4 libada10-10.2.1+git583-1.3.4 libada10-debuginfo-10.2.1+git583-1.3.4 libasan6-10.2.1+git583-1.3.4 libasan6-debuginfo-10.2.1+git583-1.3.4 libatomic1-10.2.1+git583-1.3.4 libatomic1-debuginfo-10.2.1+git583-1.3.4 libgcc_s1-10.2.1+git583-1.3.4 libgcc_s1-debuginfo-10.2.1+git583-1.3.4 libgfortran5-10.2.1+git583-1.3.4 libgfortran5-debuginfo-10.2.1+git583-1.3.4 libgo16-10.2.1+git583-1.3.4 libgo16-debuginfo-10.2.1+git583-1.3.4 libgomp1-10.2.1+git583-1.3.4 libgomp1-debuginfo-10.2.1+git583-1.3.4 libitm1-10.2.1+git583-1.3.4 libitm1-debuginfo-10.2.1+git583-1.3.4 liblsan0-10.2.1+git583-1.3.4 liblsan0-debuginfo-10.2.1+git583-1.3.4 libquadmath0-10.2.1+git583-1.3.4 libquadmath0-debuginfo-10.2.1+git583-1.3.4 libstdc++6-10.2.1+git583-1.3.4 libstdc++6-debuginfo-10.2.1+git583-1.3.4 libstdc++6-devel-gcc10-10.2.1+git583-1.3.4 libstdc++6-locale-10.2.1+git583-1.3.4 libstdc++6-pp-gcc10-10.2.1+git583-1.3.4 libtsan0-10.2.1+git583-1.3.4 libtsan0-debuginfo-10.2.1+git583-1.3.4 libubsan1-10.2.1+git583-1.3.4 libubsan1-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Server for SAP 15 (x86_64): cross-nvptx-gcc10-10.2.1+git583-1.3.2 cross-nvptx-newlib10-devel-10.2.1+git583-1.3.2 gcc10-32bit-10.2.1+git583-1.3.4 gcc10-ada-32bit-10.2.1+git583-1.3.4 gcc10-c++-32bit-10.2.1+git583-1.3.4 gcc10-fortran-32bit-10.2.1+git583-1.3.4 gcc10-go-32bit-10.2.1+git583-1.3.4 libada10-32bit-10.2.1+git583-1.3.4 libada10-32bit-debuginfo-10.2.1+git583-1.3.4 libasan6-32bit-10.2.1+git583-1.3.4 libasan6-32bit-debuginfo-10.2.1+git583-1.3.4 libatomic1-32bit-10.2.1+git583-1.3.4 libatomic1-32bit-debuginfo-10.2.1+git583-1.3.4 libgcc_s1-32bit-10.2.1+git583-1.3.4 libgcc_s1-32bit-debuginfo-10.2.1+git583-1.3.4 libgfortran5-32bit-10.2.1+git583-1.3.4 libgfortran5-32bit-debuginfo-10.2.1+git583-1.3.4 libgo16-32bit-10.2.1+git583-1.3.4 libgo16-32bit-debuginfo-10.2.1+git583-1.3.4 libgomp1-32bit-10.2.1+git583-1.3.4 libgomp1-32bit-debuginfo-10.2.1+git583-1.3.4 libitm1-32bit-10.2.1+git583-1.3.4 libitm1-32bit-debuginfo-10.2.1+git583-1.3.4 libquadmath0-32bit-10.2.1+git583-1.3.4 libquadmath0-32bit-debuginfo-10.2.1+git583-1.3.4 libstdc++6-32bit-10.2.1+git583-1.3.4 libstdc++6-32bit-debuginfo-10.2.1+git583-1.3.4 libstdc++6-devel-gcc10-32bit-10.2.1+git583-1.3.4 libstdc++6-pp-gcc10-32bit-10.2.1+git583-1.3.4 libubsan1-32bit-10.2.1+git583-1.3.4 libubsan1-32bit-debuginfo-10.2.1+git583-1.3.4 nvptx-tools-1.0-4.3.2 nvptx-tools-debuginfo-1.0-4.3.2 nvptx-tools-debugsource-1.0-4.3.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): gcc10-info-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): cpp10-10.2.1+git583-1.3.4 cpp10-debuginfo-10.2.1+git583-1.3.4 gcc10-10.2.1+git583-1.3.4 gcc10-ada-10.2.1+git583-1.3.4 gcc10-ada-debuginfo-10.2.1+git583-1.3.4 gcc10-c++-10.2.1+git583-1.3.4 gcc10-c++-debuginfo-10.2.1+git583-1.3.4 gcc10-debuginfo-10.2.1+git583-1.3.4 gcc10-debugsource-10.2.1+git583-1.3.4 gcc10-fortran-10.2.1+git583-1.3.4 gcc10-fortran-debuginfo-10.2.1+git583-1.3.4 gcc10-go-10.2.1+git583-1.3.4 gcc10-go-debuginfo-10.2.1+git583-1.3.4 gcc10-locale-10.2.1+git583-1.3.4 libada10-10.2.1+git583-1.3.4 libada10-debuginfo-10.2.1+git583-1.3.4 libasan6-10.2.1+git583-1.3.4 libasan6-debuginfo-10.2.1+git583-1.3.4 libatomic1-10.2.1+git583-1.3.4 libatomic1-debuginfo-10.2.1+git583-1.3.4 libgcc_s1-10.2.1+git583-1.3.4 libgcc_s1-debuginfo-10.2.1+git583-1.3.4 libgfortran5-10.2.1+git583-1.3.4 libgfortran5-debuginfo-10.2.1+git583-1.3.4 libgo16-10.2.1+git583-1.3.4 libgo16-debuginfo-10.2.1+git583-1.3.4 libgomp1-10.2.1+git583-1.3.4 libgomp1-debuginfo-10.2.1+git583-1.3.4 libitm1-10.2.1+git583-1.3.4 libitm1-debuginfo-10.2.1+git583-1.3.4 libstdc++6-10.2.1+git583-1.3.4 libstdc++6-debuginfo-10.2.1+git583-1.3.4 libstdc++6-devel-gcc10-10.2.1+git583-1.3.4 libstdc++6-locale-10.2.1+git583-1.3.4 libstdc++6-pp-gcc10-10.2.1+git583-1.3.4 libubsan1-10.2.1+git583-1.3.4 libubsan1-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Server 15-LTSS (aarch64): liblsan0-10.2.1+git583-1.3.4 liblsan0-debuginfo-10.2.1+git583-1.3.4 libtsan0-10.2.1+git583-1.3.4 libtsan0-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Server 15-LTSS (noarch): gcc10-info-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Server 15-LTSS (s390x): gcc10-32bit-10.2.1+git583-1.3.4 gcc10-ada-32bit-10.2.1+git583-1.3.4 gcc10-c++-32bit-10.2.1+git583-1.3.4 gcc10-fortran-32bit-10.2.1+git583-1.3.4 gcc10-go-32bit-10.2.1+git583-1.3.4 libada10-32bit-10.2.1+git583-1.3.4 libada10-32bit-debuginfo-10.2.1+git583-1.3.4 libasan6-32bit-10.2.1+git583-1.3.4 libasan6-32bit-debuginfo-10.2.1+git583-1.3.4 libatomic1-32bit-10.2.1+git583-1.3.4 libatomic1-32bit-debuginfo-10.2.1+git583-1.3.4 libgcc_s1-32bit-10.2.1+git583-1.3.4 libgcc_s1-32bit-debuginfo-10.2.1+git583-1.3.4 libgfortran5-32bit-10.2.1+git583-1.3.4 libgfortran5-32bit-debuginfo-10.2.1+git583-1.3.4 libgo16-32bit-10.2.1+git583-1.3.4 libgo16-32bit-debuginfo-10.2.1+git583-1.3.4 libgomp1-32bit-10.2.1+git583-1.3.4 libgomp1-32bit-debuginfo-10.2.1+git583-1.3.4 libitm1-32bit-10.2.1+git583-1.3.4 libitm1-32bit-debuginfo-10.2.1+git583-1.3.4 libstdc++6-32bit-10.2.1+git583-1.3.4 libstdc++6-32bit-debuginfo-10.2.1+git583-1.3.4 libstdc++6-devel-gcc10-32bit-10.2.1+git583-1.3.4 libstdc++6-pp-gcc10-32bit-10.2.1+git583-1.3.4 libubsan1-32bit-10.2.1+git583-1.3.4 libubsan1-32bit-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): cpp10-10.2.1+git583-1.3.4 cpp10-debuginfo-10.2.1+git583-1.3.4 gcc10-10.2.1+git583-1.3.4 gcc10-ada-10.2.1+git583-1.3.4 gcc10-ada-debuginfo-10.2.1+git583-1.3.4 gcc10-c++-10.2.1+git583-1.3.4 gcc10-c++-debuginfo-10.2.1+git583-1.3.4 gcc10-debuginfo-10.2.1+git583-1.3.4 gcc10-debugsource-10.2.1+git583-1.3.4 gcc10-fortran-10.2.1+git583-1.3.4 gcc10-fortran-debuginfo-10.2.1+git583-1.3.4 gcc10-go-10.2.1+git583-1.3.4 gcc10-go-debuginfo-10.2.1+git583-1.3.4 gcc10-locale-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): nvptx-tools-1.0-4.3.2 nvptx-tools-debuginfo-1.0-4.3.2 nvptx-tools-debugsource-1.0-4.3.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (s390x x86_64): gcc10-32bit-10.2.1+git583-1.3.4 gcc10-c++-32bit-10.2.1+git583-1.3.4 gcc10-fortran-32bit-10.2.1+git583-1.3.4 gcc10-go-32bit-10.2.1+git583-1.3.4 libstdc++6-devel-gcc10-32bit-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64): cross-nvptx-gcc10-10.2.1+git583-1.3.2 cross-nvptx-newlib10-devel-10.2.1+git583-1.3.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): gcc10-info-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): gcc10-ada-32bit-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): cpp10-10.2.1+git583-1.3.4 cpp10-debuginfo-10.2.1+git583-1.3.4 gcc10-10.2.1+git583-1.3.4 gcc10-ada-10.2.1+git583-1.3.4 gcc10-ada-debuginfo-10.2.1+git583-1.3.4 gcc10-c++-10.2.1+git583-1.3.4 gcc10-c++-debuginfo-10.2.1+git583-1.3.4 gcc10-debuginfo-10.2.1+git583-1.3.4 gcc10-debugsource-10.2.1+git583-1.3.4 gcc10-fortran-10.2.1+git583-1.3.4 gcc10-fortran-debuginfo-10.2.1+git583-1.3.4 gcc10-go-10.2.1+git583-1.3.4 gcc10-go-debuginfo-10.2.1+git583-1.3.4 gcc10-locale-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x): libstdc++6-devel-gcc10-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 x86_64): cross-nvptx-gcc10-10.2.1+git583-1.3.2 cross-nvptx-newlib10-devel-10.2.1+git583-1.3.2 nvptx-tools-1.0-4.3.2 nvptx-tools-debuginfo-1.0-4.3.2 nvptx-tools-debugsource-1.0-4.3.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (s390x x86_64): gcc10-32bit-10.2.1+git583-1.3.4 gcc10-ada-32bit-10.2.1+git583-1.3.4 gcc10-c++-32bit-10.2.1+git583-1.3.4 gcc10-fortran-32bit-10.2.1+git583-1.3.4 gcc10-go-32bit-10.2.1+git583-1.3.4 libstdc++6-devel-gcc10-32bit-10.2.1+git583-1.3.4 libstdc++6-pp-gcc10-32bit-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): gcc10-info-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): libubsan1-32bit-10.2.1+git583-1.3.4 libubsan1-32bit-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (s390x): libstdc++6-pp-gcc10-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gcc10-debuginfo-10.2.1+git583-1.3.4 gcc10-debugsource-10.2.1+git583-1.3.4 libada10-10.2.1+git583-1.3.4 libada10-debuginfo-10.2.1+git583-1.3.4 libasan6-10.2.1+git583-1.3.4 libasan6-debuginfo-10.2.1+git583-1.3.4 libatomic1-10.2.1+git583-1.3.4 libatomic1-debuginfo-10.2.1+git583-1.3.4 libgcc_s1-10.2.1+git583-1.3.4 libgcc_s1-debuginfo-10.2.1+git583-1.3.4 libgfortran5-10.2.1+git583-1.3.4 libgfortran5-debuginfo-10.2.1+git583-1.3.4 libgo16-10.2.1+git583-1.3.4 libgo16-debuginfo-10.2.1+git583-1.3.4 libgomp1-10.2.1+git583-1.3.4 libgomp1-debuginfo-10.2.1+git583-1.3.4 libitm1-10.2.1+git583-1.3.4 libitm1-debuginfo-10.2.1+git583-1.3.4 libstdc++6-10.2.1+git583-1.3.4 libstdc++6-debuginfo-10.2.1+git583-1.3.4 libstdc++6-devel-gcc10-10.2.1+git583-1.3.4 libstdc++6-locale-10.2.1+git583-1.3.4 libstdc++6-pp-gcc10-10.2.1+git583-1.3.4 libubsan1-10.2.1+git583-1.3.4 libubsan1-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le x86_64): liblsan0-10.2.1+git583-1.3.4 liblsan0-debuginfo-10.2.1+git583-1.3.4 libtsan0-10.2.1+git583-1.3.4 libtsan0-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le x86_64): libquadmath0-10.2.1+git583-1.3.4 libquadmath0-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x x86_64): libasan6-32bit-10.2.1+git583-1.3.4 libasan6-32bit-debuginfo-10.2.1+git583-1.3.4 libatomic1-32bit-10.2.1+git583-1.3.4 libatomic1-32bit-debuginfo-10.2.1+git583-1.3.4 libgcc_s1-32bit-10.2.1+git583-1.3.4 libgcc_s1-32bit-debuginfo-10.2.1+git583-1.3.4 libgfortran5-32bit-10.2.1+git583-1.3.4 libgfortran5-32bit-debuginfo-10.2.1+git583-1.3.4 libgo16-32bit-10.2.1+git583-1.3.4 libgo16-32bit-debuginfo-10.2.1+git583-1.3.4 libgomp1-32bit-10.2.1+git583-1.3.4 libgomp1-32bit-debuginfo-10.2.1+git583-1.3.4 libitm1-32bit-10.2.1+git583-1.3.4 libitm1-32bit-debuginfo-10.2.1+git583-1.3.4 libstdc++6-32bit-10.2.1+git583-1.3.4 libstdc++6-32bit-debuginfo-10.2.1+git583-1.3.4 libubsan1-32bit-10.2.1+git583-1.3.4 libubsan1-32bit-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libada10-32bit-10.2.1+git583-1.3.4 libada10-32bit-debuginfo-10.2.1+git583-1.3.4 libquadmath0-32bit-10.2.1+git583-1.3.4 libquadmath0-32bit-debuginfo-10.2.1+git583-1.3.4 libstdc++6-pp-gcc10-32bit-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): gcc10-debuginfo-10.2.1+git583-1.3.4 gcc10-debugsource-10.2.1+git583-1.3.4 libada10-10.2.1+git583-1.3.4 libada10-debuginfo-10.2.1+git583-1.3.4 libasan6-10.2.1+git583-1.3.4 libasan6-debuginfo-10.2.1+git583-1.3.4 libatomic1-10.2.1+git583-1.3.4 libatomic1-debuginfo-10.2.1+git583-1.3.4 libgcc_s1-10.2.1+git583-1.3.4 libgcc_s1-debuginfo-10.2.1+git583-1.3.4 libgfortran5-10.2.1+git583-1.3.4 libgfortran5-debuginfo-10.2.1+git583-1.3.4 libgo16-10.2.1+git583-1.3.4 libgo16-debuginfo-10.2.1+git583-1.3.4 libgomp1-10.2.1+git583-1.3.4 libgomp1-debuginfo-10.2.1+git583-1.3.4 libitm1-10.2.1+git583-1.3.4 libitm1-debuginfo-10.2.1+git583-1.3.4 libstdc++6-10.2.1+git583-1.3.4 libstdc++6-debuginfo-10.2.1+git583-1.3.4 libstdc++6-devel-gcc10-10.2.1+git583-1.3.4 libstdc++6-locale-10.2.1+git583-1.3.4 libstdc++6-pp-gcc10-10.2.1+git583-1.3.4 libubsan1-10.2.1+git583-1.3.4 libubsan1-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le x86_64): liblsan0-10.2.1+git583-1.3.4 liblsan0-debuginfo-10.2.1+git583-1.3.4 libtsan0-10.2.1+git583-1.3.4 libtsan0-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le x86_64): libquadmath0-10.2.1+git583-1.3.4 libquadmath0-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x x86_64): libada10-32bit-10.2.1+git583-1.3.4 libada10-32bit-debuginfo-10.2.1+git583-1.3.4 libasan6-32bit-10.2.1+git583-1.3.4 libasan6-32bit-debuginfo-10.2.1+git583-1.3.4 libatomic1-32bit-10.2.1+git583-1.3.4 libatomic1-32bit-debuginfo-10.2.1+git583-1.3.4 libgcc_s1-32bit-10.2.1+git583-1.3.4 libgcc_s1-32bit-debuginfo-10.2.1+git583-1.3.4 libgfortran5-32bit-10.2.1+git583-1.3.4 libgfortran5-32bit-debuginfo-10.2.1+git583-1.3.4 libgo16-32bit-10.2.1+git583-1.3.4 libgo16-32bit-debuginfo-10.2.1+git583-1.3.4 libgomp1-32bit-10.2.1+git583-1.3.4 libgomp1-32bit-debuginfo-10.2.1+git583-1.3.4 libitm1-32bit-10.2.1+git583-1.3.4 libitm1-32bit-debuginfo-10.2.1+git583-1.3.4 libstdc++6-32bit-10.2.1+git583-1.3.4 libstdc++6-32bit-debuginfo-10.2.1+git583-1.3.4 libubsan1-32bit-10.2.1+git583-1.3.4 libubsan1-32bit-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libquadmath0-32bit-10.2.1+git583-1.3.4 libquadmath0-32bit-debuginfo-10.2.1+git583-1.3.4 libstdc++6-pp-gcc10-32bit-10.2.1+git583-1.3.4 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): cpp10-10.2.1+git583-1.3.4 cpp10-debuginfo-10.2.1+git583-1.3.4 gcc10-10.2.1+git583-1.3.4 gcc10-ada-10.2.1+git583-1.3.4 gcc10-ada-debuginfo-10.2.1+git583-1.3.4 gcc10-c++-10.2.1+git583-1.3.4 gcc10-c++-debuginfo-10.2.1+git583-1.3.4 gcc10-debuginfo-10.2.1+git583-1.3.4 gcc10-debugsource-10.2.1+git583-1.3.4 gcc10-fortran-10.2.1+git583-1.3.4 gcc10-fortran-debuginfo-10.2.1+git583-1.3.4 gcc10-go-10.2.1+git583-1.3.4 gcc10-go-debuginfo-10.2.1+git583-1.3.4 gcc10-locale-10.2.1+git583-1.3.4 libada10-10.2.1+git583-1.3.4 libada10-debuginfo-10.2.1+git583-1.3.4 libasan6-10.2.1+git583-1.3.4 libasan6-debuginfo-10.2.1+git583-1.3.4 libatomic1-10.2.1+git583-1.3.4 libatomic1-debuginfo-10.2.1+git583-1.3.4 libgcc_s1-10.2.1+git583-1.3.4 libgcc_s1-debuginfo-10.2.1+git583-1.3.4 libgfortran5-10.2.1+git583-1.3.4 libgfortran5-debuginfo-10.2.1+git583-1.3.4 libgo16-10.2.1+git583-1.3.4 libgo16-debuginfo-10.2.1+git583-1.3.4 libgomp1-10.2.1+git583-1.3.4 libgomp1-debuginfo-10.2.1+git583-1.3.4 libitm1-10.2.1+git583-1.3.4 libitm1-debuginfo-10.2.1+git583-1.3.4 liblsan0-10.2.1+git583-1.3.4 liblsan0-debuginfo-10.2.1+git583-1.3.4 libstdc++6-10.2.1+git583-1.3.4 libstdc++6-debuginfo-10.2.1+git583-1.3.4 libstdc++6-devel-gcc10-10.2.1+git583-1.3.4 libstdc++6-locale-10.2.1+git583-1.3.4 libstdc++6-pp-gcc10-10.2.1+git583-1.3.4 libtsan0-10.2.1+git583-1.3.4 libtsan0-debuginfo-10.2.1+git583-1.3.4 libubsan1-10.2.1+git583-1.3.4 libubsan1-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): cross-nvptx-gcc10-10.2.1+git583-1.3.2 cross-nvptx-newlib10-devel-10.2.1+git583-1.3.2 gcc10-32bit-10.2.1+git583-1.3.4 gcc10-ada-32bit-10.2.1+git583-1.3.4 gcc10-c++-32bit-10.2.1+git583-1.3.4 gcc10-fortran-32bit-10.2.1+git583-1.3.4 gcc10-go-32bit-10.2.1+git583-1.3.4 libada10-32bit-10.2.1+git583-1.3.4 libada10-32bit-debuginfo-10.2.1+git583-1.3.4 libasan6-32bit-10.2.1+git583-1.3.4 libasan6-32bit-debuginfo-10.2.1+git583-1.3.4 libatomic1-32bit-10.2.1+git583-1.3.4 libatomic1-32bit-debuginfo-10.2.1+git583-1.3.4 libgcc_s1-32bit-10.2.1+git583-1.3.4 libgcc_s1-32bit-debuginfo-10.2.1+git583-1.3.4 libgfortran5-32bit-10.2.1+git583-1.3.4 libgfortran5-32bit-debuginfo-10.2.1+git583-1.3.4 libgo16-32bit-10.2.1+git583-1.3.4 libgo16-32bit-debuginfo-10.2.1+git583-1.3.4 libgomp1-32bit-10.2.1+git583-1.3.4 libgomp1-32bit-debuginfo-10.2.1+git583-1.3.4 libitm1-32bit-10.2.1+git583-1.3.4 libitm1-32bit-debuginfo-10.2.1+git583-1.3.4 libquadmath0-10.2.1+git583-1.3.4 libquadmath0-32bit-10.2.1+git583-1.3.4 libquadmath0-32bit-debuginfo-10.2.1+git583-1.3.4 libquadmath0-debuginfo-10.2.1+git583-1.3.4 libstdc++6-32bit-10.2.1+git583-1.3.4 libstdc++6-32bit-debuginfo-10.2.1+git583-1.3.4 libstdc++6-devel-gcc10-32bit-10.2.1+git583-1.3.4 libstdc++6-pp-gcc10-32bit-10.2.1+git583-1.3.4 libubsan1-32bit-10.2.1+git583-1.3.4 libubsan1-32bit-debuginfo-10.2.1+git583-1.3.4 nvptx-tools-1.0-4.3.2 nvptx-tools-debuginfo-1.0-4.3.2 nvptx-tools-debugsource-1.0-4.3.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): gcc10-info-10.2.1+git583-1.3.4 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): cpp10-10.2.1+git583-1.3.4 cpp10-debuginfo-10.2.1+git583-1.3.4 gcc10-10.2.1+git583-1.3.4 gcc10-ada-10.2.1+git583-1.3.4 gcc10-ada-debuginfo-10.2.1+git583-1.3.4 gcc10-c++-10.2.1+git583-1.3.4 gcc10-c++-debuginfo-10.2.1+git583-1.3.4 gcc10-debuginfo-10.2.1+git583-1.3.4 gcc10-debugsource-10.2.1+git583-1.3.4 gcc10-fortran-10.2.1+git583-1.3.4 gcc10-fortran-debuginfo-10.2.1+git583-1.3.4 gcc10-go-10.2.1+git583-1.3.4 gcc10-go-debuginfo-10.2.1+git583-1.3.4 gcc10-locale-10.2.1+git583-1.3.4 libada10-10.2.1+git583-1.3.4 libada10-debuginfo-10.2.1+git583-1.3.4 libasan6-10.2.1+git583-1.3.4 libasan6-debuginfo-10.2.1+git583-1.3.4 libatomic1-10.2.1+git583-1.3.4 libatomic1-debuginfo-10.2.1+git583-1.3.4 libgcc_s1-10.2.1+git583-1.3.4 libgcc_s1-debuginfo-10.2.1+git583-1.3.4 libgfortran5-10.2.1+git583-1.3.4 libgfortran5-debuginfo-10.2.1+git583-1.3.4 libgo16-10.2.1+git583-1.3.4 libgo16-debuginfo-10.2.1+git583-1.3.4 libgomp1-10.2.1+git583-1.3.4 libgomp1-debuginfo-10.2.1+git583-1.3.4 libitm1-10.2.1+git583-1.3.4 libitm1-debuginfo-10.2.1+git583-1.3.4 liblsan0-10.2.1+git583-1.3.4 liblsan0-debuginfo-10.2.1+git583-1.3.4 libstdc++6-10.2.1+git583-1.3.4 libstdc++6-debuginfo-10.2.1+git583-1.3.4 libstdc++6-devel-gcc10-10.2.1+git583-1.3.4 libstdc++6-pp-gcc10-10.2.1+git583-1.3.4 libtsan0-10.2.1+git583-1.3.4 libtsan0-debuginfo-10.2.1+git583-1.3.4 libubsan1-10.2.1+git583-1.3.4 libubsan1-debuginfo-10.2.1+git583-1.3.4 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): cross-nvptx-gcc10-10.2.1+git583-1.3.2 cross-nvptx-newlib10-devel-10.2.1+git583-1.3.2 gcc10-32bit-10.2.1+git583-1.3.4 gcc10-ada-32bit-10.2.1+git583-1.3.4 gcc10-c++-32bit-10.2.1+git583-1.3.4 gcc10-fortran-32bit-10.2.1+git583-1.3.4 gcc10-go-32bit-10.2.1+git583-1.3.4 libada10-32bit-10.2.1+git583-1.3.4 libada10-32bit-debuginfo-10.2.1+git583-1.3.4 libasan6-32bit-10.2.1+git583-1.3.4 libasan6-32bit-debuginfo-10.2.1+git583-1.3.4 libatomic1-32bit-10.2.1+git583-1.3.4 libatomic1-32bit-debuginfo-10.2.1+git583-1.3.4 libgcc_s1-32bit-10.2.1+git583-1.3.4 libgcc_s1-32bit-debuginfo-10.2.1+git583-1.3.4 libgfortran5-32bit-10.2.1+git583-1.3.4 libgfortran5-32bit-debuginfo-10.2.1+git583-1.3.4 libgo16-32bit-10.2.1+git583-1.3.4 libgo16-32bit-debuginfo-10.2.1+git583-1.3.4 libgomp1-32bit-10.2.1+git583-1.3.4 libgomp1-32bit-debuginfo-10.2.1+git583-1.3.4 libitm1-32bit-10.2.1+git583-1.3.4 libitm1-32bit-debuginfo-10.2.1+git583-1.3.4 libquadmath0-10.2.1+git583-1.3.4 libquadmath0-32bit-10.2.1+git583-1.3.4 libquadmath0-32bit-debuginfo-10.2.1+git583-1.3.4 libquadmath0-debuginfo-10.2.1+git583-1.3.4 libstdc++6-32bit-10.2.1+git583-1.3.4 libstdc++6-32bit-debuginfo-10.2.1+git583-1.3.4 libstdc++6-devel-gcc10-32bit-10.2.1+git583-1.3.4 libstdc++6-locale-10.2.1+git583-1.3.4 libstdc++6-pp-gcc10-32bit-10.2.1+git583-1.3.4 libubsan1-32bit-10.2.1+git583-1.3.4 libubsan1-32bit-debuginfo-10.2.1+git583-1.3.4 nvptx-tools-1.0-4.3.2 nvptx-tools-debuginfo-1.0-4.3.2 nvptx-tools-debugsource-1.0-4.3.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): gcc10-info-10.2.1+git583-1.3.4 References: https://www.suse.com/security/cve/CVE-2020-13844.html https://bugzilla.suse.com/1172798 https://bugzilla.suse.com/1172846 https://bugzilla.suse.com/1173972 https://bugzilla.suse.com/1174753 https://bugzilla.suse.com/1174817 https://bugzilla.suse.com/1175168 From sle-security-updates at lists.suse.com Fri Oct 16 13:23:58 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Oct 2020 21:23:58 +0200 (CEST) Subject: SUSE-SU-2020:2951-1: moderate: Security update for transfig Message-ID: <20201016192358.93590FFA8@maintenance.suse.de> SUSE Security Update: Security update for transfig ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2951-1 Rating: moderate References: #1143650 Cross-References: CVE-2019-14275 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for transfig fixes the following issues: Security issue fixed: - CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function (bsc#1143650). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2951=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2951=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): transfig-3.2.6a-4.9.113 transfig-debuginfo-3.2.6a-4.9.113 transfig-debugsource-3.2.6a-4.9.113 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): transfig-3.2.6a-4.9.113 transfig-debuginfo-3.2.6a-4.9.113 transfig-debugsource-3.2.6a-4.9.113 References: https://www.suse.com/security/cve/CVE-2019-14275.html https://bugzilla.suse.com/1143650 From sle-security-updates at lists.suse.com Sat Oct 17 00:20:12 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 17 Oct 2020 08:20:12 +0200 (CEST) Subject: SUSE-CU-2020:551-1: Security update of suse/sle15 Message-ID: <20201017062012.E988BFFAB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:551-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.281 Container Release : 4.22.281 Severity : moderate Type : security References : 1172798 1172846 1173972 1174753 1174817 1175168 CVE-2020-13844 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 From sle-security-updates at lists.suse.com Sat Oct 17 00:31:21 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 17 Oct 2020 08:31:21 +0200 (CEST) Subject: SUSE-CU-2020:552-1: Security update of suse/sle15 Message-ID: <20201017063121.CD944FFAB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:552-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.325 Container Release : 6.2.325 Severity : moderate Type : security References : 1172798 1172846 1173972 1174753 1174817 1175168 CVE-2020-13844 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 From sle-security-updates at lists.suse.com Sat Oct 17 00:35:02 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 17 Oct 2020 08:35:02 +0200 (CEST) Subject: SUSE-CU-2020:553-1: Security update of suse/sle15 Message-ID: <20201017063502.BE2D4FFAB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:553-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.770 Container Release : 8.2.770 Severity : moderate Type : security References : 1172798 1172846 1173972 1174753 1174817 1175168 CVE-2020-13844 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 From sle-security-updates at lists.suse.com Mon Oct 19 03:42:32 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Oct 2020 11:42:32 +0200 (CEST) Subject: SUSE-IU-2020:108-1: Security update of suse-sles-15-sp2-chost-byos-v20201016-gen2 Message-ID: <20201019094232.A9DC3FFA2@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20201016-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2020:108-1 Image Tags : suse-sles-15-sp2-chost-byos-v20201016-gen2:20201016 Image Release : Severity : important Type : security References : 1011548 1027519 1055186 1058115 1065600 1065729 1094244 1100369 1109160 1116957 1118367 1118368 1125043 1128220 1136666 1139837 1152148 1152472 1152489 1152930 1153274 1153943 1153946 1154353 1155518 1155798 1156205 1156395 1157051 1161168 1161239 1161923 1165424 1165786 1167527 1170232 1170347 1170667 1170713 1170774 1171000 1171068 1171073 1171313 1171558 1171688 1171740 1171742 1171762 1172157 1172419 1172429 1172757 1172873 1172958 1173017 1173060 1173060 1173064 1173104 1173115 1173267 1173273 1173307 1173311 1173433 1173470 1173529 1173746 1173799 1173983 1174029 1174079 1174110 1174111 1174240 1174358 1174386 1174477 1174484 1174486 1174561 1174641 1174863 1174899 1174918 1175110 1175263 1175281 1175342 1175370 1175441 1175443 1175568 1175592 1175667 1175718 1175749 1175787 1175844 1175882 1175952 1175989 1175996 1175997 1175998 1175999 1176000 1176001 1176019 1176022 1176038 1176063 1176086 1176092 1176137 1176181 1176235 1176236 1176237 1176242 1176278 1176339 1176341 1176343 1176344 1176345 1176346 1176347 1176348 1176349 1176350 1176357 1176358 1176359 1176360 1176361 1176362 1176363 1176364 1176365 1176366 1176367 1176381 1176410 1176423 1176449 1176482 1176486 1176494 1176507 1176536 1176537 1176538 1176539 1176540 1176541 1176542 1176544 1176545 1176546 1176548 1176558 1176559 1176579 1176587 1176588 1176644 1176659 1176670 1176671 1176674 1176698 1176699 1176700 1176721 1176722 1176725 1176732 1176759 1176763 1176775 1176788 1176789 1176833 1176869 1176877 1176925 1176962 1176980 1176990 1177021 1177030 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14342 CVE-2020-14364 CVE-2020-14385 CVE-2020-14390 CVE-2020-1472 CVE-2020-15863 CVE-2020-16092 CVE-2020-24352 CVE-2020-24659 CVE-2020-25212 CVE-2020-25219 CVE-2020-25284 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25598 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 CVE-2020-26088 CVE-2020-26154 CVE-2020-8027 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20201016-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2729-1 Released: Wed Sep 23 16:00:48 2020 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1152930,1174477,CVE-2020-14342 This update for cifs-utils fixes the following issues: - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477). - Fixed an invalid free in mount.cifs; (bsc#1152930). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2730-1 Released: Wed Sep 23 16:35:31 2020 Summary: Security update for samba Type: security Severity: important References: 1176579,CVE-2020-1472 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Update to samba 4.11.13 + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403); + dsdb: Allow 'password hash userPassword schemes = CryptSHA256' to work on RHEL7; (bso#14424); + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450); + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + lib/util: do not install 'test_util_paths'; (bso#14370); + lib:util: Fix smbclient -l basename dir; (bso#14345); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + util: Allow symlinks in directory_create_or_exist; (bso#14166); + docs: Fix documentation for require_membership_of of pam_winbind; (bso#14358); + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2757-1 Released: Fri Sep 25 19:45:40 2020 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1173104 This update for nfs-utils fixes the following issue: - Some scripts are requiring Python2 while it is not installed by default and they can work with Python3. (bsc#1173104) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2779-1 Released: Tue Sep 29 11:27:35 2020 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1173433 This update for rsyslog fixes the following issues: - Fix the URL for bug reporting. (bsc#1173433) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2781-1 Released: Tue Sep 29 11:29:34 2020 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1173799 This update for openssh fixes the following issues: - This uses OpenSSL's RAND_bytes() directly instead of the internal ChaCha20-based implementation to obtain random bytes for Ed25519 curve computations. This is required for FIPS compliance. (bsc#1173799). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2791-1 Released: Tue Sep 29 14:13:44 2020 Summary: Security update for xen Type: security Severity: important References: 1027519,1176339,1176341,1176343,1176344,1176345,1176346,1176347,1176348,1176349,1176350,CVE-2020-25595,CVE-2020-25596,CVE-2020-25597,CVE-2020-25598,CVE-2020-25599,CVE-2020-25600,CVE-2020-25601,CVE-2020-25602,CVE-2020-25603,CVE-2020-25604 This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333) - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - Various other fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2796-1 Released: Tue Sep 29 14:30:55 2020 Summary: Recommended update for hyper-v Type: recommended Severity: moderate References: 1116957 This update for hyper-v fixes the following issues: - Fixes an issue when hyper-v services not running after booting from SLES12SP3 ISO. (bsc#1116957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2825-1 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2850-1 Released: Fri Oct 2 12:26:03 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1175110 This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2863-1 Released: Tue Oct 6 09:28:41 2020 Summary: Recommended update for efivar Type: recommended Severity: moderate References: 1175989 This update for efivar fixes the following issues: - Fixed an issue when segmentation fault are caused on non-EFI systems. (bsc#1175989) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2877-1 Released: Wed Oct 7 14:43:20 2020 Summary: Security update for qemu Type: security Severity: important References: 1174386,1174641,1174863,1175370,1175441,1176494,CVE-2020-14364,CVE-2020-15863,CVE-2020-16092,CVE-2020-24352 This update for qemu fixes the following issues: - CVE-2020-14364: Fixed an OOB access while processing USB packets (bsc#1175441,bsc#1176494). - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs (bsc#1174641). - CVE-2020-15863: Fixed a buffer overflow in the XGMAC device (bsc#1174386). - CVE-2020-24352: Fixed an out-of-bounds read/write in ati-vga device emulation in ati_2d_blt (bsc#1175370). - Allow to IPL secure guests with -no-reboot (bsc#1174863) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2879-1 Released: Thu Oct 8 15:05:03 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055186,1058115,1065600,1065729,1094244,1136666,1152148,1152472,1152489,1153274,1154353,1155518,1155798,1156395,1167527,1170232,1170774,1171000,1171068,1171073,1171558,1171688,1171742,1172419,1172757,1172873,1173017,1173060,1173115,1173267,1173746,1174029,1174110,1174111,1174358,1174484,1174486,1174899,1175263,1175667,1175718,1175749,1175787,1175882,1175952,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176137,1176235,1176236,1176237,1176242,1176278,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176423,1176449,1176482,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176544,1176545,1176546,1176548,1176558,1176559,1176587,1176588,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176869,1176877,1176925,1176962,1176980,1176990,1177021,1177030,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14385,CV E-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-26088 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14385: Fixed a failure of the file system metadata validator in XFS which could have caused an inode with a valid, user-creatable extended attribute to be flagged as corrupt (bsc#1176137). The following non-security bugs were fixed: - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA: firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda: fixup headset for ASUS GX502 laptop (git-fixes). - ALSA: hda: hdmi - add Rocketlake support (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - ALSA: hda/realtek - The Mic on a RedmiBook does not work (git-fixes). - ALSA: hda/tegra: Program WAKEEN register for Tegra (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for UR22C (git-fixes). - ALSA: usb-audio: Disable autosuspend for Lenovo ThinkStation P620 (git-fixes). - arm64: paravirt: Initialize steal time when cpu is online (bsc#1176833). - ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt (git-fixes). - ASoC: img-parallel-out: Fix a reference count leak (git-fixes). - ASoC: meson: axg-toddr: fix channel order on g12 platforms (git-fixes). - ASoC: qcom: common: Fix refcount imbalance on error (git-fixes). - ASoC: qcom: Set card->owner to avoid warnings (git-fixes). - ASoC: SOF: Intel: add PCI ID for CometLake-S (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ata: ahci: use ata_link_info() instead of ata_link_printk() (jsc#SLE-14459). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: Fix own OGM check in aggregated OGMs (git-fixes). - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: btrtl: Add support for RTL8761B (bsc#1177021). - bnxt: do not enable NAPI until rings are ready (git-fixes). - bnxt_en: Check for zero dir entries in NVRAM (git-fixes). - bnxt_en: Do not query FW when netif_running() is false (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bnxt_en: fix HWRM error when querying VF temperature (git-fixes). - bnxt_en: Fix PCI AER error recovery flow (git-fixes). - bnxt_en: Fix possible crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix race when modifying pause settings (networking-stable-20_07_29). - bonding: check error value of register_netdevice() immediately (networking-stable-20_07_29). - bonding: check return value of register_netdevice() in bond_newlink() (networking-stable-20_07_29). - bonding: fix a potential double-unregister (git-fixes). - bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1155518). - bpf: map_seq_next should always increase position index (bsc#1155518). - btrfs: add a leak check for roots (bsc#1176019). - btrfs: add __cold attribute to more functions (bsc#1176019). - btrfs: add dedicated members for start and length of a block group (bsc#1176019). - btrfs: Add read_backup_root (bsc#1176019). - btrfs: block-group: Refactor btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: Reuse the item key from caller of read_one_block_group() (bsc#1176019). - btrfs: Cleanup and simplify find_newest_super_backup (bsc#1176019). - btrfs: clear DEAD_RELOC_TREE before dropping the reloc root (bsc#1176019). - btrfs: do not init a reloc root if we are not relocating (bsc#1176019). - btrfs: Do not use objectid_mutex during mount (bsc#1176019). - btrfs: drop block from cache on error in relocation (bsc#1176019). - btrfs: drop create parameter to btrfs_get_extent() (bsc#1176019). - btrfs: drop unused parameter is_new from btrfs_iget (bsc#1176019). - btrfs: export and rename free_fs_info (bsc#1176019). - btrfs: export and use btrfs_read_tree_root for tree-log (bsc#1176019). - btrfs: Factor out tree roots initialization during mount (bsc#1176019). - btrfs: fix setting last_trans for reloc roots (bsc#1176019). - btrfs: free more things in btrfs_free_fs_info (bsc#1176019). - btrfs: free the reloc_control in a consistent way (bsc#1176019). - btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root (bsc#1176019). - btrfs: hold a ref for the root in btrfs_find_orphan_roots (bsc#1176019). - btrfs: hold a ref on fs roots while they're in the radix tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_check_uuid_tree_entry (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_send (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_log_trees (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_relocation (bsc#1176019). - btrfs: hold a ref on the root in __btrfs_run_defrag_inode (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree_user (bsc#1176019). - btrfs: hold a ref on the root in build_backref_tree (bsc#1176019). - btrfs: hold a ref on the root in create_pending_snapshot (bsc#1176019). - btrfs: hold a ref on the root in create_reloc_inode (bsc#1176019). - btrfs: hold a ref on the root in create_subvol (bsc#1176019). - btrfs: hold a ref on the root in find_data_references (bsc#1176019). - btrfs: hold a ref on the root in fixup_tree_root_location (bsc#1176019). - btrfs: hold a ref on the root in get_subvol_name_from_objectid (bsc#1176019). - btrfs: hold a ref on the root in merge_reloc_roots (bsc#1176019). - btrfs: hold a ref on the root in open_ctree (bsc#1176019). - btrfs: hold a ref on the root in prepare_to_merge (bsc#1176019). - btrfs: hold a ref on the root in record_reloc_root_in_trans (bsc#1176019). - btrfs: hold a ref on the root in resolve_indirect_ref (bsc#1176019). - btrfs: hold a ref on the root in scrub_print_warning_inode (bsc#1176019). - btrfs: hold a ref on the root in search_ioctl (bsc#1176019). - btrfs: hold a ref on the root->reloc_root (bsc#1176019). - btrfs: hold a root ref in btrfs_get_dentry (bsc#1176019). - btrfs: hold ref on root in btrfs_ioctl_default_subvol (bsc#1176019). - btrfs: implement full reflink support for inline extents (bsc#1176019). - btrfs: make btrfs_find_orphan_roots use btrfs_get_fs_root (bsc#1176019). - btrfs: make relocation use btrfs_read_tree_root() (bsc#1176019). - btrfs: make the fs root init functions static (bsc#1176019). - btrfs: make the init of static elements in fs_info separate (bsc#1176019). - btrfs: move all reflink implementation code into its own file (bsc#1176019). - btrfs: move block_group_item::flags to block group (bsc#1176019). - btrfs: move block_group_item::used to block group (bsc#1176019). - btrfs: move fs_info init work into it's own helper function (bsc#1176019). - btrfs: move fs root init stuff into btrfs_init_fs_root (bsc#1176019). - btrfs: open code btrfs_read_fs_root_no_name (bsc#1176019). - btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root (bsc#1176019). - btrfs: push grab_fs_root into read_fs_root (bsc#1176019). - btrfs: push __setup_root into btrfs_alloc_root (bsc#1176019). - btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1176019). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1176019). - btrfs: Remove block_rsv parameter from btrfs_drop_snapshot (bsc#1176019). - btrfs: remove btrfs_read_fs_root, not used anymore (bsc#1176019). - btrfs: remove embedded block_group_cache::item (bsc#1176019). - btrfs: Remove newest_gen argument from find_oldest_super_backup (bsc#1176019). - btrfs: Remove unused next_root_backup function (bsc#1176019). - btrfs: rename block_group_item on-stack accessors to follow naming (bsc#1176019). - btrfs: rename btrfs_block_group_cache (bsc#1176019). - btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root (bsc#1176019). - btrfs: rename extent buffer block group item accessors (bsc#1176019). - btrfs: Rename find_oldest_super_backup to init_backup_root_slot (bsc#1176019). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: reset tree root pointer after error in init_tree_roots (bsc#1176019). - btrfs: simplify inline extent handling when doing reflinks (bsc#1176019). - btrfs: stop clearing EXTENT_DIRTY in inode I/O tree (bsc#1176019). - btrfs: Streamline btrfs_fs_info::backup_root_index semantics (bsc#1176019). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - btrfs: unset reloc control if we fail to recover (bsc#1176019). - btrfs: use bool argument in free_root_pointers() (bsc#1176019). - btrfs: use btrfs_block_group_cache_done in update_block_group (bsc#1176019). - btrfs: use btrfs_put_fs_root to free roots always (bsc#1176019). - ceph: do not allow setlease on cephfs (bsc#1176537). - ceph: fix potential mdsc use-after-free crash (bsc#1176538). - ceph: fix use-after-free for fsc->mdsc (bsc#1176539). - ceph: handle zero-length feature mask in session messages (bsc#1176540). - ceph: set sec_context xattr on symlink creation (bsc#1176541). - ceph: use frag's MDS in either mode (bsc#1176542). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: davinci: Use the correct size when allocating memory (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - crypto: ecdh - check validity of Z before export (bsc#1175718). - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718). - crypto: dh - check validity of Z before export (bsc#1175718). - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718). - cxgb4: fix thermal zone device registration (git-fixes). - dax: do not print error message for non-persistent memory block device (bsc#1171073). - dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#1171073). - debugfs: Fix module state check condition (bsc#1173746). - debugfs: Fix module state check condition (git-fixes). - dev: Defer free of skbs in flush_backlog (networking-stable-20_07_29). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - dmaengine: acpi: Put the CSRT table after using it (git-fixes). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: dw-edma: Fix scatter-gather address calculation (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dm: do not call report zones for more than the user requested (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (networking-stable-20_08_08). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996). - driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (bsc#1176486 ltc#188130). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - Drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amd/display: Switch to immediate mode for updating infopackets (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu/gfx10: refine mgcg setting (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct the thermal alert temperature limit settings (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega20 swctf limit setting (git-fixes). - drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading (git-fixes). - drm/amd/powerplay: correct Vega20 cached smu feature state (git-fixes). - drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1152472) * context changes - drm/mgag200: Remove declaration of mgag200_mmap() from header file (bsc#1152472) * context changes - drm/msm/a6xx: fix crashdec section name typo (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm/gpu: make ringbuffer readonly (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/sched: Fix passing zero to 'PTR_ERR' warning v2 (git-fixes). - drm/sun4i: add missing put_device() call in (bsc#1152472) - drm/sun4i: backend: Disable alpha on the lowest plane on the A20 (bsc#1152472) - drm/sun4i: backend: Support alpha property on lowest plane (bsc#1152472) - drm/sun4i: Fix dsi dcs long write function (bsc#1152472) - drm/virtio: fix missing dma_fence_put() in (bsc#1152489) * context changes - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - EDAC/amd64: Add AMD family 17h model 60h PCI IDs (bsc#1152489). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1152489). - EDAC: Fix reference count leaks (bsc#1152489). - efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc#1174111). - efi: avoid error message when booting under Xen (bsc#1172419). - efi/efivars: Expose RT service availability via efivars abstraction (bsc#1174029, bsc#1174110, bsc#1174111). - efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#1173267). - efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Register EFI rtc platform device only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Store mask of supported runtime services in struct efi (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use more granular check for availability for variable services (bsc#1174029, bsc#1174110, bsc#1174111). - enetc: Remove the mdio bus on PF probe bailout (networking-stable-20_07_29). - epoll: atomically remove wait entry on wake up (bsc#1176236). - epoll: call final ep_events_available() check under the lock (bsc#1176237). - ext4: handle read only external journal device (bsc#1176063). - fbcon: prevent user font height or width change from causing potential out-of-bounds access (git-fixes). - felix: Fix initialization of ioremap resources (bsc#1175997). - Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600). - HID: core: Add printk_once variants to hid_warn() etc (bsc#1176775). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: core: fix dmesg flooding if report field larger than 32bit (bsc#1176775). - HID: core: reformat and reduce hid_printk macros (bsc#1176775). - HID: core: Sanitize event code and type when mapping input (git-fixes). - HID: elan: Fix memleak in elan_input_configured (git-fixes). - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands (git-fixes). - HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller (git-fixes). - HID: quirks: add NOGET quirk for Logitech GROUP (git-fixes). - HID: quirks: Always poll three more Lenovo PixArt mice (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:accel:mma8452: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio:adc:ti-adc084s021 Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio:chemical:ccs811: Fix timestamp alignment and prevent data leak (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - iio:proximity:mb1232: Fix timestamp alignment and prevent data leak (git-fixes). - include/asm-generic/vmlinux.lds.h: align ro_after_init (git-fixes). - include/linux/bitops.h: avoid clang shift-count-overflow warnings (git-fixes). - include/linux/poison.h: remove obsolete comment (git-fixes). - infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - initramfs: remove clean_rootfs (git-fixes). - initramfs: remove the populate_initrd_image and clean_rootfs stubs (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - integrity: Check properly whether EFI GetVariable() is available (bsc#1174029, bsc#1174110, bsc#1174111). - iommu/amd: Do not force direct mapping when SME is active (bsc#1174358). - iommu/amd: Do not use IOMMUv2 functionality when SME is active (bsc#1174358). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176357). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176358). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176359). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176360). - iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361). - iommu/vt-d: Handle 36bit addressing for x86-32 (bsc#1176362). - iommu/vt-d: Handle non-page aligned address (bsc#1176367). - iommu/vt-d: Remove global page support in devTLB flush (bsc#1176363). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176364). - iommu/vt-d: Support flushing more translation cache types (bsc#1176365). - ipv4: Silence suspicious RCU usage warning (networking-stable-20_08_08). - ipv6: fix memory leaks on IPV6_ADDRFORM path (networking-stable-20_08_08). - ipv6: Fix nexthop refcnt leak when creating ipv6 route info (networking-stable-20_08_08). - irqdomain/treewide: Free firmware node after domain removal (git-fixes). - irqdomain/treewide: Keep firmware node unconditionally allocated (git-fixes). - kABI: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111). - kABI: net: dsa: microchip: call phy_remove_link_mode during probe (kabi). - kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/ - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - libbpf: Fix readelf output parsing on powerpc with recent binutils (bsc#1155518). - libbpf: Fix readelf output parsing for Fedora (bsc#1155518). - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks (jsc#SLE-14459). - lib/mpi: Add mpi_sub_ui() (bsc#1175718). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: cedrus: Add missing v4l2_ctrl_request_hdl_put() (git-fixes). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: gpio-ir-tx: improve precision of transmitted signal due to scheduling (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - mei: fix CNL itouch device number to match the spec (bsc#1175952). - mei: me: disable mei interface on LBG servers (bsc#1175952). - mei: me: disable mei interface on Mehlow server platforms (bsc#1175952). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mlx4: disable device on shutdown (git-fixes). - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (networking-stable-20_07_29). - mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings (git-fixes). - mmc: mediatek: add optional module reset property (git-fixes). - mmc: sdhci-acpi: Clear amd_sdhci_host on reset (git-fixes). - mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-of-esdhc: Do not walk device-tree on every interrupt (git-fixes). - mmc: sdio: Use mmc_pre_req() / mmc_post_req() (git-fixes). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/pgalloc)). - mm/page_alloc: silence a KASAN false positive (git fixes (mm/pgalloc)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/shuffle: do not move pages between zones and do not read garbage memmaps (git fixes (mm/pgalloc)). - mm/sparse: rename pfn_present() to pfn_in_present_section() (git fixes (mm/pgalloc)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998). - net: dsa: microchip: call phy_remove_link_mode during probe (networking-stable-20_07_29). - net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999). - net: enetc: fix an issue about leak system resources (bsc#1176000). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix MTU warnings (networking-stable-20_08_08). - netfilter: ipset: Fix forceadd evaluation path (bsc#1176587). - net: Fix potential memory leak in proto_register() (networking-stable-20_08_15). - net: gre: recompute gre csum for sctp over gre tunnels (networking-stable-20_08_08). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge (bsc#1176001). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net: sched: initialize with 0 before setting erspan md->u (bsc#1154353). - net: Set fput_needed iff FDPUT_FPUT is set (networking-stable-20_08_15). - net/smc: put slot when connection is killed (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (networking-stable-20_08_08). - net/tls: Fix kmap usage (networking-stable-20_08_15). - net: udp: Fix wrong clean up for IS_UDPLITE macro (networking-stable-20_07_29). - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (networking-stable-20_08_08). - PCI: Add device even if driver attach failed (git-fixes). - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes). - platform/x86: dcdbas: Check SMBIOS for protected buffer address (jsc#SLE-14407). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64: mark emergency stacks valid to unwind (bsc#1156395). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: machine check interrupt update NMI accounting (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Do not flush caches when adding memory (bsc#1176980 ltc#187962). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm/radix: Create separate mappings for hot-plugged memory (bsc#1055186 ltc#153436). - powerpc/mm/radix: Fix PTE/PMD fragment count for early page table mappings (bsc#1055186 ltc#153436). - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1055186 ltc#153436). - powerpc/mm/radix: Remove split_kernel_mapping() (bsc#1055186 ltc#153436). - powerpc/numa: Early request for home node associativity (bsc#1171068 ltc#183935). - powerpc/numa: Offline memoryless cpuless node 0 (bsc#1171068 ltc#183935). - powerpc/numa: Prefer node id queried from vphn (bsc#1171068 ltc#183935). - powerpc/numa: Set numa_node for all possible cpus (bsc#1171068 ltc#183935). - powerpc/numa: Use cpu node map of first sibling thread (bsc#1171068 ltc#183935). - powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute (bsc#1176486 ltc#188130). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - qrtr: orphan socket in qrtr_release() (networking-stable-20_07_29). - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1173017). - RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017). - RDMA/bnxt_re: Remove set but not used variable 'qplib_ctx' (bsc#1170774). - RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds (bsc#1170774). - RDMA/bnxt_re: Restrict the max_gids to 256 (bsc#1173017). - RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774). - RDMA/mlx4: Read pkey table length instead of hardcoded value (git-fixes). - RDMA/siw: Suppress uninitialized var warning (jsc#SLE-8381). - regulator: core: Fix slab-out-of-bounds in regulator_unlock_recursive() (git-fixes). - regulator: fix memory leak on error path of regulator_register() (git-fixes). - regulator: plug of_node leak in regulator_register()'s error path (git-fixes). - regulator: push allocation in regulator_ena_gpio_request() out of lock (git-fixes). - regulator: push allocation in regulator_init_coupling() outside of lock (git-fixes). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - regulator: push allocations in create_regulator() outside of lock (git-fixes). - regulator: pwm: Fix machine constraints application (git-fixes). - regulator: remove superfluous lock in regulator_resolve_coupling() (git-fixes). - Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-binary.spec.in: pack .ipa-clones files for live patching When -fdump-ipa-clones option is enabled, GCC reports about its cloning operation during IPA optimizations. We use the information for live patches preparation, because it is crucial to know if and how functions are optimized. Currently, we create the needed .ipa-clones dump files manually. It is unnecessary, because the files may be created automatically during our kernel build. Prepare for the step and provide the resulting files in -livepatch-devel package. - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, '--ca-check' is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390: Change s390_kernel_write() return type to match memcpy() (bsc#1176449). Prerequisite for bsc#1176449. - s390/dasd: fix inability to use DASD with DIAG driver (git-fixes). - s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig (git-fixes). - s390/maccess: add no DAT mode to kernel_write (bsc#1176449). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - s390/setup: init jump labels before command line parsing (git-fixes). - sbitmap: Consider cleared bits in sbitmap_bitmap_show() (git fixes (block drivers)). - sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: nohz: stop passing around unused 'ticks' parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/numa: Check numa balancing information only when enabled (bsc#1176588). - sched/numa: Avoid creating large imbalances at task creation time (bsc#1176588). - sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - scsi: zfcp: Fix use-after-free in request timeout handlers (git-fixes). - sctp: shrink stream outq only when new outcnt < old outcnt (networking-stable-20_07_29). - sctp: shrink stream outq when fails to do addstream reconf (networking-stable-20_07_29). - sdhci: tegra: Add missing TMCLK for data timeout (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - selftests/net: relax cpu affinity requirement in msg_zerocopy test (networking-stable-20_08_08). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - soundwire: fix double free of dangling pointer (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: stm32: always perform registers configuration prior to transfer (git-fixes). - spi: stm32: clear only asserted irq flags on interrupt (git-fixes). - spi: stm32: fix fifo threshold level in case of short transfer (git-fixes). - spi: stm32: fix pm_runtime_get_sync() error checking (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate (git-fixes). - spi: stm32h7: fix race condition at end of transfer (git-fixes). - taprio: Fix using wrong queues in gate mask (bsc#1154353). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - tcp: correct read of TFO keys on big endian systems (networking-stable-20_08_15). - test_kmod: avoid potential double free in trigger_config_run_type() (git-fixes). - tg3: Fix soft lockup when tg3_reset_task() fails (git-fixes). - thermal: qcom-spmi-temp-alarm: Do not suppress negative temp (git-fixes). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tracing: fix double free (git-fixes). - Update patches.suse/btrfs-add-dedicated-members-for-start-and-length-of-.patch (bsc#1176019). - Update patches.suse/btrfs-Move-free_pages_out-label-in-inline-extent-han.patch (bsc#1174484). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisUSBvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: typec: ucsi: Prevent mode overrun (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vfio-pci: Avoid recursive read-lock usage (bsc#1176366). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes). - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer (networking-stable-20_07_29). - vt: defer kfree() of vc_screenbuf in vc_do_resize() (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (networking-stable-20_08_08). - wireguard: noise: take lock when removing handshake entry from table (git-fixes). - wireguard: peerlookup: take lock before checking hash in replace operation (git-fixes). - workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs (bsc#1176763). - x86/hotplug: Silence APIC only after all interrupts are migrated (git-fixes). - x86/ima: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1152489). - x86, sched: Bail out of frequency invariance if turbo_freq/base_freq gives 0 (bsc#1176925). - x86, sched: Bail out of frequency invariance if turbo frequency is unknown (bsc#1176925). - x86, sched: check for counters overflow in frequency invariant accounting (bsc#1176925). - x86/stacktrace: Fix reliable check for empty user task stacks (bsc#1058115). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed (git-fixes). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2890-1 Released: Mon Oct 12 11:07:00 2020 Summary: Recommended update for multipath-tools Type: recommended Severity: important References: 1125043,1139837,1161923,1165786,1172157,1172429,1173060,1173064,1176644,1176670 This update for multipath-tools fixes the following issues: - Fixed an issue where mapping two WWID's to the same multipath led to a data corruption (bsc#1172429) - Improved logging of some failure cases (bsc#1173060, bsc#1173064) - Limited the PRIN allocation length to 8192 bytes (bsc#1165786) - Added '-e' option to enable foreign libraries (bsc#1139837) - Fixed an issue when handling synthetic uevents (bsc#1161923) - Fix handling of hardware properties for maps without paths (bsc#1176644) - Fixed an issue where all paths were dropped from a storage array (bsc#1125043) - Fixed handling of incompletely initialized udev devices (bsc#1172157) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2936-1 Released: Thu Oct 15 13:41:33 2020 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1175281 This update for iproute2 provides the following fix: - Add the iproute2-arpd sub-package to the SLE Basesystem module. (bsc#1175281) From sle-security-updates at lists.suse.com Mon Oct 19 03:43:21 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Oct 2020 11:43:21 +0200 (CEST) Subject: SUSE-IU-2020:109-1: Security update of suse-sles-15-sp2-chost-byos-v20201016-hvm-ssd-x86_64 Message-ID: <20201019094321.E1593FFA2@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20201016-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2020:109-1 Image Tags : suse-sles-15-sp2-chost-byos-v20201016-hvm-ssd-x86_64:20201016 Image Release : Severity : important Type : security References : 1011548 1027519 1055186 1058115 1065600 1065729 1094244 1100369 1109160 1118367 1118368 1125043 1128220 1136666 1139837 1152148 1152472 1152489 1152930 1153274 1153943 1153946 1154353 1155518 1155798 1156205 1156395 1157051 1161168 1161239 1161923 1165424 1165786 1167527 1170232 1170347 1170667 1170713 1170774 1171000 1171068 1171073 1171313 1171558 1171688 1171740 1171742 1171762 1172157 1172419 1172429 1172757 1172873 1172958 1173017 1173060 1173060 1173064 1173104 1173115 1173267 1173273 1173307 1173311 1173433 1173470 1173529 1173746 1173799 1173983 1174029 1174079 1174110 1174111 1174240 1174358 1174386 1174477 1174484 1174486 1174561 1174641 1174863 1174899 1174918 1175110 1175263 1175281 1175342 1175370 1175441 1175443 1175568 1175592 1175667 1175718 1175749 1175787 1175844 1175882 1175952 1175989 1175996 1175997 1175998 1175999 1176000 1176001 1176019 1176022 1176038 1176063 1176086 1176092 1176137 1176181 1176235 1176236 1176237 1176242 1176278 1176339 1176341 1176343 1176344 1176345 1176346 1176347 1176348 1176349 1176350 1176357 1176358 1176359 1176360 1176361 1176362 1176363 1176364 1176365 1176366 1176367 1176381 1176410 1176423 1176449 1176482 1176486 1176494 1176507 1176536 1176537 1176538 1176539 1176540 1176541 1176542 1176544 1176545 1176546 1176548 1176558 1176559 1176579 1176587 1176588 1176644 1176659 1176670 1176671 1176674 1176698 1176699 1176700 1176721 1176722 1176725 1176732 1176759 1176763 1176775 1176788 1176789 1176833 1176869 1176877 1176925 1176962 1176980 1176990 1177021 1177030 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14342 CVE-2020-14364 CVE-2020-14385 CVE-2020-14390 CVE-2020-1472 CVE-2020-15863 CVE-2020-16092 CVE-2020-24352 CVE-2020-24659 CVE-2020-25212 CVE-2020-25219 CVE-2020-25284 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25598 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 CVE-2020-26088 CVE-2020-26154 CVE-2020-8027 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20201016-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2729-1 Released: Wed Sep 23 16:00:48 2020 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1152930,1174477,CVE-2020-14342 This update for cifs-utils fixes the following issues: - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477). - Fixed an invalid free in mount.cifs; (bsc#1152930). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2730-1 Released: Wed Sep 23 16:35:31 2020 Summary: Security update for samba Type: security Severity: important References: 1176579,CVE-2020-1472 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Update to samba 4.11.13 + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403); + dsdb: Allow 'password hash userPassword schemes = CryptSHA256' to work on RHEL7; (bso#14424); + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450); + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + lib/util: do not install 'test_util_paths'; (bso#14370); + lib:util: Fix smbclient -l basename dir; (bso#14345); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + util: Allow symlinks in directory_create_or_exist; (bso#14166); + docs: Fix documentation for require_membership_of of pam_winbind; (bso#14358); + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2757-1 Released: Fri Sep 25 19:45:40 2020 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1173104 This update for nfs-utils fixes the following issue: - Some scripts are requiring Python2 while it is not installed by default and they can work with Python3. (bsc#1173104) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2779-1 Released: Tue Sep 29 11:27:35 2020 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1173433 This update for rsyslog fixes the following issues: - Fix the URL for bug reporting. (bsc#1173433) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2781-1 Released: Tue Sep 29 11:29:34 2020 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1173799 This update for openssh fixes the following issues: - This uses OpenSSL's RAND_bytes() directly instead of the internal ChaCha20-based implementation to obtain random bytes for Ed25519 curve computations. This is required for FIPS compliance. (bsc#1173799). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2791-1 Released: Tue Sep 29 14:13:44 2020 Summary: Security update for xen Type: security Severity: important References: 1027519,1176339,1176341,1176343,1176344,1176345,1176346,1176347,1176348,1176349,1176350,CVE-2020-25595,CVE-2020-25596,CVE-2020-25597,CVE-2020-25598,CVE-2020-25599,CVE-2020-25600,CVE-2020-25601,CVE-2020-25602,CVE-2020-25603,CVE-2020-25604 This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333) - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - Various other fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2825-1 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2850-1 Released: Fri Oct 2 12:26:03 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1175110 This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2863-1 Released: Tue Oct 6 09:28:41 2020 Summary: Recommended update for efivar Type: recommended Severity: moderate References: 1175989 This update for efivar fixes the following issues: - Fixed an issue when segmentation fault are caused on non-EFI systems. (bsc#1175989) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2877-1 Released: Wed Oct 7 14:43:20 2020 Summary: Security update for qemu Type: security Severity: important References: 1174386,1174641,1174863,1175370,1175441,1176494,CVE-2020-14364,CVE-2020-15863,CVE-2020-16092,CVE-2020-24352 This update for qemu fixes the following issues: - CVE-2020-14364: Fixed an OOB access while processing USB packets (bsc#1175441,bsc#1176494). - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs (bsc#1174641). - CVE-2020-15863: Fixed a buffer overflow in the XGMAC device (bsc#1174386). - CVE-2020-24352: Fixed an out-of-bounds read/write in ati-vga device emulation in ati_2d_blt (bsc#1175370). - Allow to IPL secure guests with -no-reboot (bsc#1174863) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2879-1 Released: Thu Oct 8 15:05:03 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055186,1058115,1065600,1065729,1094244,1136666,1152148,1152472,1152489,1153274,1154353,1155518,1155798,1156395,1167527,1170232,1170774,1171000,1171068,1171073,1171558,1171688,1171742,1172419,1172757,1172873,1173017,1173060,1173115,1173267,1173746,1174029,1174110,1174111,1174358,1174484,1174486,1174899,1175263,1175667,1175718,1175749,1175787,1175882,1175952,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176137,1176235,1176236,1176237,1176242,1176278,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176423,1176449,1176482,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176544,1176545,1176546,1176548,1176558,1176559,1176587,1176588,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176869,1176877,1176925,1176962,1176980,1176990,1177021,1177030,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14385,CV E-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-26088 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14385: Fixed a failure of the file system metadata validator in XFS which could have caused an inode with a valid, user-creatable extended attribute to be flagged as corrupt (bsc#1176137). The following non-security bugs were fixed: - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA: firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda: fixup headset for ASUS GX502 laptop (git-fixes). - ALSA: hda: hdmi - add Rocketlake support (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - ALSA: hda/realtek - The Mic on a RedmiBook does not work (git-fixes). - ALSA: hda/tegra: Program WAKEEN register for Tegra (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for UR22C (git-fixes). - ALSA: usb-audio: Disable autosuspend for Lenovo ThinkStation P620 (git-fixes). - arm64: paravirt: Initialize steal time when cpu is online (bsc#1176833). - ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt (git-fixes). - ASoC: img-parallel-out: Fix a reference count leak (git-fixes). - ASoC: meson: axg-toddr: fix channel order on g12 platforms (git-fixes). - ASoC: qcom: common: Fix refcount imbalance on error (git-fixes). - ASoC: qcom: Set card->owner to avoid warnings (git-fixes). - ASoC: SOF: Intel: add PCI ID for CometLake-S (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ata: ahci: use ata_link_info() instead of ata_link_printk() (jsc#SLE-14459). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: Fix own OGM check in aggregated OGMs (git-fixes). - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: btrtl: Add support for RTL8761B (bsc#1177021). - bnxt: do not enable NAPI until rings are ready (git-fixes). - bnxt_en: Check for zero dir entries in NVRAM (git-fixes). - bnxt_en: Do not query FW when netif_running() is false (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bnxt_en: fix HWRM error when querying VF temperature (git-fixes). - bnxt_en: Fix PCI AER error recovery flow (git-fixes). - bnxt_en: Fix possible crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix race when modifying pause settings (networking-stable-20_07_29). - bonding: check error value of register_netdevice() immediately (networking-stable-20_07_29). - bonding: check return value of register_netdevice() in bond_newlink() (networking-stable-20_07_29). - bonding: fix a potential double-unregister (git-fixes). - bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1155518). - bpf: map_seq_next should always increase position index (bsc#1155518). - btrfs: add a leak check for roots (bsc#1176019). - btrfs: add __cold attribute to more functions (bsc#1176019). - btrfs: add dedicated members for start and length of a block group (bsc#1176019). - btrfs: Add read_backup_root (bsc#1176019). - btrfs: block-group: Refactor btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: Reuse the item key from caller of read_one_block_group() (bsc#1176019). - btrfs: Cleanup and simplify find_newest_super_backup (bsc#1176019). - btrfs: clear DEAD_RELOC_TREE before dropping the reloc root (bsc#1176019). - btrfs: do not init a reloc root if we are not relocating (bsc#1176019). - btrfs: Do not use objectid_mutex during mount (bsc#1176019). - btrfs: drop block from cache on error in relocation (bsc#1176019). - btrfs: drop create parameter to btrfs_get_extent() (bsc#1176019). - btrfs: drop unused parameter is_new from btrfs_iget (bsc#1176019). - btrfs: export and rename free_fs_info (bsc#1176019). - btrfs: export and use btrfs_read_tree_root for tree-log (bsc#1176019). - btrfs: Factor out tree roots initialization during mount (bsc#1176019). - btrfs: fix setting last_trans for reloc roots (bsc#1176019). - btrfs: free more things in btrfs_free_fs_info (bsc#1176019). - btrfs: free the reloc_control in a consistent way (bsc#1176019). - btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root (bsc#1176019). - btrfs: hold a ref for the root in btrfs_find_orphan_roots (bsc#1176019). - btrfs: hold a ref on fs roots while they're in the radix tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_check_uuid_tree_entry (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_send (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_log_trees (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_relocation (bsc#1176019). - btrfs: hold a ref on the root in __btrfs_run_defrag_inode (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree_user (bsc#1176019). - btrfs: hold a ref on the root in build_backref_tree (bsc#1176019). - btrfs: hold a ref on the root in create_pending_snapshot (bsc#1176019). - btrfs: hold a ref on the root in create_reloc_inode (bsc#1176019). - btrfs: hold a ref on the root in create_subvol (bsc#1176019). - btrfs: hold a ref on the root in find_data_references (bsc#1176019). - btrfs: hold a ref on the root in fixup_tree_root_location (bsc#1176019). - btrfs: hold a ref on the root in get_subvol_name_from_objectid (bsc#1176019). - btrfs: hold a ref on the root in merge_reloc_roots (bsc#1176019). - btrfs: hold a ref on the root in open_ctree (bsc#1176019). - btrfs: hold a ref on the root in prepare_to_merge (bsc#1176019). - btrfs: hold a ref on the root in record_reloc_root_in_trans (bsc#1176019). - btrfs: hold a ref on the root in resolve_indirect_ref (bsc#1176019). - btrfs: hold a ref on the root in scrub_print_warning_inode (bsc#1176019). - btrfs: hold a ref on the root in search_ioctl (bsc#1176019). - btrfs: hold a ref on the root->reloc_root (bsc#1176019). - btrfs: hold a root ref in btrfs_get_dentry (bsc#1176019). - btrfs: hold ref on root in btrfs_ioctl_default_subvol (bsc#1176019). - btrfs: implement full reflink support for inline extents (bsc#1176019). - btrfs: make btrfs_find_orphan_roots use btrfs_get_fs_root (bsc#1176019). - btrfs: make relocation use btrfs_read_tree_root() (bsc#1176019). - btrfs: make the fs root init functions static (bsc#1176019). - btrfs: make the init of static elements in fs_info separate (bsc#1176019). - btrfs: move all reflink implementation code into its own file (bsc#1176019). - btrfs: move block_group_item::flags to block group (bsc#1176019). - btrfs: move block_group_item::used to block group (bsc#1176019). - btrfs: move fs_info init work into it's own helper function (bsc#1176019). - btrfs: move fs root init stuff into btrfs_init_fs_root (bsc#1176019). - btrfs: open code btrfs_read_fs_root_no_name (bsc#1176019). - btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root (bsc#1176019). - btrfs: push grab_fs_root into read_fs_root (bsc#1176019). - btrfs: push __setup_root into btrfs_alloc_root (bsc#1176019). - btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1176019). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1176019). - btrfs: Remove block_rsv parameter from btrfs_drop_snapshot (bsc#1176019). - btrfs: remove btrfs_read_fs_root, not used anymore (bsc#1176019). - btrfs: remove embedded block_group_cache::item (bsc#1176019). - btrfs: Remove newest_gen argument from find_oldest_super_backup (bsc#1176019). - btrfs: Remove unused next_root_backup function (bsc#1176019). - btrfs: rename block_group_item on-stack accessors to follow naming (bsc#1176019). - btrfs: rename btrfs_block_group_cache (bsc#1176019). - btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root (bsc#1176019). - btrfs: rename extent buffer block group item accessors (bsc#1176019). - btrfs: Rename find_oldest_super_backup to init_backup_root_slot (bsc#1176019). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: reset tree root pointer after error in init_tree_roots (bsc#1176019). - btrfs: simplify inline extent handling when doing reflinks (bsc#1176019). - btrfs: stop clearing EXTENT_DIRTY in inode I/O tree (bsc#1176019). - btrfs: Streamline btrfs_fs_info::backup_root_index semantics (bsc#1176019). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - btrfs: unset reloc control if we fail to recover (bsc#1176019). - btrfs: use bool argument in free_root_pointers() (bsc#1176019). - btrfs: use btrfs_block_group_cache_done in update_block_group (bsc#1176019). - btrfs: use btrfs_put_fs_root to free roots always (bsc#1176019). - ceph: do not allow setlease on cephfs (bsc#1176537). - ceph: fix potential mdsc use-after-free crash (bsc#1176538). - ceph: fix use-after-free for fsc->mdsc (bsc#1176539). - ceph: handle zero-length feature mask in session messages (bsc#1176540). - ceph: set sec_context xattr on symlink creation (bsc#1176541). - ceph: use frag's MDS in either mode (bsc#1176542). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: davinci: Use the correct size when allocating memory (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - crypto: ecdh - check validity of Z before export (bsc#1175718). - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718). - crypto: dh - check validity of Z before export (bsc#1175718). - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718). - cxgb4: fix thermal zone device registration (git-fixes). - dax: do not print error message for non-persistent memory block device (bsc#1171073). - dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#1171073). - debugfs: Fix module state check condition (bsc#1173746). - debugfs: Fix module state check condition (git-fixes). - dev: Defer free of skbs in flush_backlog (networking-stable-20_07_29). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - dmaengine: acpi: Put the CSRT table after using it (git-fixes). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: dw-edma: Fix scatter-gather address calculation (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dm: do not call report zones for more than the user requested (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (networking-stable-20_08_08). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996). - driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (bsc#1176486 ltc#188130). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - Drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amd/display: Switch to immediate mode for updating infopackets (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu/gfx10: refine mgcg setting (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct the thermal alert temperature limit settings (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega20 swctf limit setting (git-fixes). - drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading (git-fixes). - drm/amd/powerplay: correct Vega20 cached smu feature state (git-fixes). - drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1152472) * context changes - drm/mgag200: Remove declaration of mgag200_mmap() from header file (bsc#1152472) * context changes - drm/msm/a6xx: fix crashdec section name typo (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm/gpu: make ringbuffer readonly (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/sched: Fix passing zero to 'PTR_ERR' warning v2 (git-fixes). - drm/sun4i: add missing put_device() call in (bsc#1152472) - drm/sun4i: backend: Disable alpha on the lowest plane on the A20 (bsc#1152472) - drm/sun4i: backend: Support alpha property on lowest plane (bsc#1152472) - drm/sun4i: Fix dsi dcs long write function (bsc#1152472) - drm/virtio: fix missing dma_fence_put() in (bsc#1152489) * context changes - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - EDAC/amd64: Add AMD family 17h model 60h PCI IDs (bsc#1152489). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1152489). - EDAC: Fix reference count leaks (bsc#1152489). - efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc#1174111). - efi: avoid error message when booting under Xen (bsc#1172419). - efi/efivars: Expose RT service availability via efivars abstraction (bsc#1174029, bsc#1174110, bsc#1174111). - efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#1173267). - efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Register EFI rtc platform device only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Store mask of supported runtime services in struct efi (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use more granular check for availability for variable services (bsc#1174029, bsc#1174110, bsc#1174111). - enetc: Remove the mdio bus on PF probe bailout (networking-stable-20_07_29). - epoll: atomically remove wait entry on wake up (bsc#1176236). - epoll: call final ep_events_available() check under the lock (bsc#1176237). - ext4: handle read only external journal device (bsc#1176063). - fbcon: prevent user font height or width change from causing potential out-of-bounds access (git-fixes). - felix: Fix initialization of ioremap resources (bsc#1175997). - Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600). - HID: core: Add printk_once variants to hid_warn() etc (bsc#1176775). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: core: fix dmesg flooding if report field larger than 32bit (bsc#1176775). - HID: core: reformat and reduce hid_printk macros (bsc#1176775). - HID: core: Sanitize event code and type when mapping input (git-fixes). - HID: elan: Fix memleak in elan_input_configured (git-fixes). - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands (git-fixes). - HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller (git-fixes). - HID: quirks: add NOGET quirk for Logitech GROUP (git-fixes). - HID: quirks: Always poll three more Lenovo PixArt mice (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:accel:mma8452: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio:adc:ti-adc084s021 Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio:chemical:ccs811: Fix timestamp alignment and prevent data leak (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - iio:proximity:mb1232: Fix timestamp alignment and prevent data leak (git-fixes). - include/asm-generic/vmlinux.lds.h: align ro_after_init (git-fixes). - include/linux/bitops.h: avoid clang shift-count-overflow warnings (git-fixes). - include/linux/poison.h: remove obsolete comment (git-fixes). - infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - initramfs: remove clean_rootfs (git-fixes). - initramfs: remove the populate_initrd_image and clean_rootfs stubs (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - integrity: Check properly whether EFI GetVariable() is available (bsc#1174029, bsc#1174110, bsc#1174111). - iommu/amd: Do not force direct mapping when SME is active (bsc#1174358). - iommu/amd: Do not use IOMMUv2 functionality when SME is active (bsc#1174358). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176357). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176358). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176359). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176360). - iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361). - iommu/vt-d: Handle 36bit addressing for x86-32 (bsc#1176362). - iommu/vt-d: Handle non-page aligned address (bsc#1176367). - iommu/vt-d: Remove global page support in devTLB flush (bsc#1176363). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176364). - iommu/vt-d: Support flushing more translation cache types (bsc#1176365). - ipv4: Silence suspicious RCU usage warning (networking-stable-20_08_08). - ipv6: fix memory leaks on IPV6_ADDRFORM path (networking-stable-20_08_08). - ipv6: Fix nexthop refcnt leak when creating ipv6 route info (networking-stable-20_08_08). - irqdomain/treewide: Free firmware node after domain removal (git-fixes). - irqdomain/treewide: Keep firmware node unconditionally allocated (git-fixes). - kABI: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111). - kABI: net: dsa: microchip: call phy_remove_link_mode during probe (kabi). - kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/ - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - libbpf: Fix readelf output parsing on powerpc with recent binutils (bsc#1155518). - libbpf: Fix readelf output parsing for Fedora (bsc#1155518). - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks (jsc#SLE-14459). - lib/mpi: Add mpi_sub_ui() (bsc#1175718). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: cedrus: Add missing v4l2_ctrl_request_hdl_put() (git-fixes). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: gpio-ir-tx: improve precision of transmitted signal due to scheduling (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - mei: fix CNL itouch device number to match the spec (bsc#1175952). - mei: me: disable mei interface on LBG servers (bsc#1175952). - mei: me: disable mei interface on Mehlow server platforms (bsc#1175952). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mlx4: disable device on shutdown (git-fixes). - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (networking-stable-20_07_29). - mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings (git-fixes). - mmc: mediatek: add optional module reset property (git-fixes). - mmc: sdhci-acpi: Clear amd_sdhci_host on reset (git-fixes). - mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-of-esdhc: Do not walk device-tree on every interrupt (git-fixes). - mmc: sdio: Use mmc_pre_req() / mmc_post_req() (git-fixes). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/pgalloc)). - mm/page_alloc: silence a KASAN false positive (git fixes (mm/pgalloc)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/shuffle: do not move pages between zones and do not read garbage memmaps (git fixes (mm/pgalloc)). - mm/sparse: rename pfn_present() to pfn_in_present_section() (git fixes (mm/pgalloc)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998). - net: dsa: microchip: call phy_remove_link_mode during probe (networking-stable-20_07_29). - net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999). - net: enetc: fix an issue about leak system resources (bsc#1176000). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix MTU warnings (networking-stable-20_08_08). - netfilter: ipset: Fix forceadd evaluation path (bsc#1176587). - net: Fix potential memory leak in proto_register() (networking-stable-20_08_15). - net: gre: recompute gre csum for sctp over gre tunnels (networking-stable-20_08_08). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge (bsc#1176001). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net: sched: initialize with 0 before setting erspan md->u (bsc#1154353). - net: Set fput_needed iff FDPUT_FPUT is set (networking-stable-20_08_15). - net/smc: put slot when connection is killed (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (networking-stable-20_08_08). - net/tls: Fix kmap usage (networking-stable-20_08_15). - net: udp: Fix wrong clean up for IS_UDPLITE macro (networking-stable-20_07_29). - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (networking-stable-20_08_08). - PCI: Add device even if driver attach failed (git-fixes). - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes). - platform/x86: dcdbas: Check SMBIOS for protected buffer address (jsc#SLE-14407). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64: mark emergency stacks valid to unwind (bsc#1156395). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: machine check interrupt update NMI accounting (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Do not flush caches when adding memory (bsc#1176980 ltc#187962). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm/radix: Create separate mappings for hot-plugged memory (bsc#1055186 ltc#153436). - powerpc/mm/radix: Fix PTE/PMD fragment count for early page table mappings (bsc#1055186 ltc#153436). - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1055186 ltc#153436). - powerpc/mm/radix: Remove split_kernel_mapping() (bsc#1055186 ltc#153436). - powerpc/numa: Early request for home node associativity (bsc#1171068 ltc#183935). - powerpc/numa: Offline memoryless cpuless node 0 (bsc#1171068 ltc#183935). - powerpc/numa: Prefer node id queried from vphn (bsc#1171068 ltc#183935). - powerpc/numa: Set numa_node for all possible cpus (bsc#1171068 ltc#183935). - powerpc/numa: Use cpu node map of first sibling thread (bsc#1171068 ltc#183935). - powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute (bsc#1176486 ltc#188130). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - qrtr: orphan socket in qrtr_release() (networking-stable-20_07_29). - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1173017). - RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017). - RDMA/bnxt_re: Remove set but not used variable 'qplib_ctx' (bsc#1170774). - RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds (bsc#1170774). - RDMA/bnxt_re: Restrict the max_gids to 256 (bsc#1173017). - RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774). - RDMA/mlx4: Read pkey table length instead of hardcoded value (git-fixes). - RDMA/siw: Suppress uninitialized var warning (jsc#SLE-8381). - regulator: core: Fix slab-out-of-bounds in regulator_unlock_recursive() (git-fixes). - regulator: fix memory leak on error path of regulator_register() (git-fixes). - regulator: plug of_node leak in regulator_register()'s error path (git-fixes). - regulator: push allocation in regulator_ena_gpio_request() out of lock (git-fixes). - regulator: push allocation in regulator_init_coupling() outside of lock (git-fixes). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - regulator: push allocations in create_regulator() outside of lock (git-fixes). - regulator: pwm: Fix machine constraints application (git-fixes). - regulator: remove superfluous lock in regulator_resolve_coupling() (git-fixes). - Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-binary.spec.in: pack .ipa-clones files for live patching When -fdump-ipa-clones option is enabled, GCC reports about its cloning operation during IPA optimizations. We use the information for live patches preparation, because it is crucial to know if and how functions are optimized. Currently, we create the needed .ipa-clones dump files manually. It is unnecessary, because the files may be created automatically during our kernel build. Prepare for the step and provide the resulting files in -livepatch-devel package. - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, '--ca-check' is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390: Change s390_kernel_write() return type to match memcpy() (bsc#1176449). Prerequisite for bsc#1176449. - s390/dasd: fix inability to use DASD with DIAG driver (git-fixes). - s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig (git-fixes). - s390/maccess: add no DAT mode to kernel_write (bsc#1176449). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - s390/setup: init jump labels before command line parsing (git-fixes). - sbitmap: Consider cleared bits in sbitmap_bitmap_show() (git fixes (block drivers)). - sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: nohz: stop passing around unused 'ticks' parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/numa: Check numa balancing information only when enabled (bsc#1176588). - sched/numa: Avoid creating large imbalances at task creation time (bsc#1176588). - sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - scsi: zfcp: Fix use-after-free in request timeout handlers (git-fixes). - sctp: shrink stream outq only when new outcnt < old outcnt (networking-stable-20_07_29). - sctp: shrink stream outq when fails to do addstream reconf (networking-stable-20_07_29). - sdhci: tegra: Add missing TMCLK for data timeout (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - selftests/net: relax cpu affinity requirement in msg_zerocopy test (networking-stable-20_08_08). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - soundwire: fix double free of dangling pointer (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: stm32: always perform registers configuration prior to transfer (git-fixes). - spi: stm32: clear only asserted irq flags on interrupt (git-fixes). - spi: stm32: fix fifo threshold level in case of short transfer (git-fixes). - spi: stm32: fix pm_runtime_get_sync() error checking (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate (git-fixes). - spi: stm32h7: fix race condition at end of transfer (git-fixes). - taprio: Fix using wrong queues in gate mask (bsc#1154353). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - tcp: correct read of TFO keys on big endian systems (networking-stable-20_08_15). - test_kmod: avoid potential double free in trigger_config_run_type() (git-fixes). - tg3: Fix soft lockup when tg3_reset_task() fails (git-fixes). - thermal: qcom-spmi-temp-alarm: Do not suppress negative temp (git-fixes). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tracing: fix double free (git-fixes). - Update patches.suse/btrfs-add-dedicated-members-for-start-and-length-of-.patch (bsc#1176019). - Update patches.suse/btrfs-Move-free_pages_out-label-in-inline-extent-han.patch (bsc#1174484). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisUSBvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: typec: ucsi: Prevent mode overrun (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vfio-pci: Avoid recursive read-lock usage (bsc#1176366). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes). - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer (networking-stable-20_07_29). - vt: defer kfree() of vc_screenbuf in vc_do_resize() (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (networking-stable-20_08_08). - wireguard: noise: take lock when removing handshake entry from table (git-fixes). - wireguard: peerlookup: take lock before checking hash in replace operation (git-fixes). - workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs (bsc#1176763). - x86/hotplug: Silence APIC only after all interrupts are migrated (git-fixes). - x86/ima: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1152489). - x86, sched: Bail out of frequency invariance if turbo_freq/base_freq gives 0 (bsc#1176925). - x86, sched: Bail out of frequency invariance if turbo frequency is unknown (bsc#1176925). - x86, sched: check for counters overflow in frequency invariant accounting (bsc#1176925). - x86/stacktrace: Fix reliable check for empty user task stacks (bsc#1058115). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed (git-fixes). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2890-1 Released: Mon Oct 12 11:07:00 2020 Summary: Recommended update for multipath-tools Type: recommended Severity: important References: 1125043,1139837,1161923,1165786,1172157,1172429,1173060,1173064,1176644,1176670 This update for multipath-tools fixes the following issues: - Fixed an issue where mapping two WWID's to the same multipath led to a data corruption (bsc#1172429) - Improved logging of some failure cases (bsc#1173060, bsc#1173064) - Limited the PRIN allocation length to 8192 bytes (bsc#1165786) - Added '-e' option to enable foreign libraries (bsc#1139837) - Fixed an issue when handling synthetic uevents (bsc#1161923) - Fix handling of hardware properties for maps without paths (bsc#1176644) - Fixed an issue where all paths were dropped from a storage array (bsc#1125043) - Fixed handling of incompletely initialized udev devices (bsc#1172157) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2936-1 Released: Thu Oct 15 13:41:33 2020 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1175281 This update for iproute2 provides the following fix: - Add the iproute2-arpd sub-package to the SLE Basesystem module. (bsc#1175281) From sle-security-updates at lists.suse.com Mon Oct 19 03:44:12 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Oct 2020 11:44:12 +0200 (CEST) Subject: SUSE-IU-2020:110-1: Security update of sles-15-sp2-chost-byos-v20201016 Message-ID: <20201019094412.EA3F1FFA2@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp2-chost-byos-v20201016 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2020:110-1 Image Tags : sles-15-sp2-chost-byos-v20201016:20201016 Image Release : Severity : important Type : security References : 1011548 1027519 1055186 1058115 1065600 1065729 1094244 1100369 1109160 1118367 1118368 1125043 1128220 1136666 1139837 1152148 1152472 1152489 1152930 1153274 1153943 1153946 1154353 1155518 1155798 1156205 1156395 1157051 1161168 1161239 1161923 1165424 1165786 1167527 1170232 1170347 1170667 1170713 1170774 1171000 1171068 1171073 1171313 1171558 1171688 1171740 1171742 1171762 1172157 1172419 1172429 1172757 1172873 1172958 1173017 1173060 1173060 1173064 1173104 1173115 1173267 1173273 1173307 1173311 1173433 1173470 1173529 1173746 1173799 1173983 1174029 1174079 1174110 1174111 1174240 1174358 1174386 1174477 1174484 1174486 1174561 1174641 1174863 1174899 1174918 1175110 1175263 1175281 1175342 1175370 1175441 1175443 1175568 1175592 1175667 1175718 1175749 1175787 1175844 1175882 1175952 1175989 1175996 1175997 1175998 1175999 1176000 1176001 1176019 1176022 1176038 1176063 1176086 1176092 1176137 1176181 1176235 1176236 1176237 1176242 1176278 1176339 1176341 1176343 1176344 1176345 1176346 1176347 1176348 1176349 1176350 1176357 1176358 1176359 1176360 1176361 1176362 1176363 1176364 1176365 1176366 1176367 1176381 1176410 1176423 1176449 1176482 1176486 1176494 1176507 1176536 1176537 1176538 1176539 1176540 1176541 1176542 1176544 1176545 1176546 1176548 1176558 1176559 1176579 1176587 1176588 1176644 1176659 1176670 1176671 1176674 1176698 1176699 1176700 1176721 1176722 1176725 1176732 1176759 1176763 1176775 1176788 1176789 1176833 1176869 1176877 1176925 1176962 1176980 1176990 1177021 1177030 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14342 CVE-2020-14364 CVE-2020-14385 CVE-2020-14390 CVE-2020-1472 CVE-2020-15863 CVE-2020-16092 CVE-2020-24352 CVE-2020-24659 CVE-2020-25212 CVE-2020-25219 CVE-2020-25284 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25598 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 CVE-2020-26088 CVE-2020-26154 CVE-2020-8027 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container sles-15-sp2-chost-byos-v20201016 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2729-1 Released: Wed Sep 23 16:00:48 2020 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1152930,1174477,CVE-2020-14342 This update for cifs-utils fixes the following issues: - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477). - Fixed an invalid free in mount.cifs; (bsc#1152930). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2730-1 Released: Wed Sep 23 16:35:31 2020 Summary: Security update for samba Type: security Severity: important References: 1176579,CVE-2020-1472 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Update to samba 4.11.13 + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403); + dsdb: Allow 'password hash userPassword schemes = CryptSHA256' to work on RHEL7; (bso#14424); + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450); + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + lib/util: do not install 'test_util_paths'; (bso#14370); + lib:util: Fix smbclient -l basename dir; (bso#14345); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + util: Allow symlinks in directory_create_or_exist; (bso#14166); + docs: Fix documentation for require_membership_of of pam_winbind; (bso#14358); + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2757-1 Released: Fri Sep 25 19:45:40 2020 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1173104 This update for nfs-utils fixes the following issue: - Some scripts are requiring Python2 while it is not installed by default and they can work with Python3. (bsc#1173104) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2779-1 Released: Tue Sep 29 11:27:35 2020 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1173433 This update for rsyslog fixes the following issues: - Fix the URL for bug reporting. (bsc#1173433) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2781-1 Released: Tue Sep 29 11:29:34 2020 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1173799 This update for openssh fixes the following issues: - This uses OpenSSL's RAND_bytes() directly instead of the internal ChaCha20-based implementation to obtain random bytes for Ed25519 curve computations. This is required for FIPS compliance. (bsc#1173799). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2791-1 Released: Tue Sep 29 14:13:44 2020 Summary: Security update for xen Type: security Severity: important References: 1027519,1176339,1176341,1176343,1176344,1176345,1176346,1176347,1176348,1176349,1176350,CVE-2020-25595,CVE-2020-25596,CVE-2020-25597,CVE-2020-25598,CVE-2020-25599,CVE-2020-25600,CVE-2020-25601,CVE-2020-25602,CVE-2020-25603,CVE-2020-25604 This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333) - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - Various other fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2825-1 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2850-1 Released: Fri Oct 2 12:26:03 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1175110 This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2863-1 Released: Tue Oct 6 09:28:41 2020 Summary: Recommended update for efivar Type: recommended Severity: moderate References: 1175989 This update for efivar fixes the following issues: - Fixed an issue when segmentation fault are caused on non-EFI systems. (bsc#1175989) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2877-1 Released: Wed Oct 7 14:43:20 2020 Summary: Security update for qemu Type: security Severity: important References: 1174386,1174641,1174863,1175370,1175441,1176494,CVE-2020-14364,CVE-2020-15863,CVE-2020-16092,CVE-2020-24352 This update for qemu fixes the following issues: - CVE-2020-14364: Fixed an OOB access while processing USB packets (bsc#1175441,bsc#1176494). - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs (bsc#1174641). - CVE-2020-15863: Fixed a buffer overflow in the XGMAC device (bsc#1174386). - CVE-2020-24352: Fixed an out-of-bounds read/write in ati-vga device emulation in ati_2d_blt (bsc#1175370). - Allow to IPL secure guests with -no-reboot (bsc#1174863) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2879-1 Released: Thu Oct 8 15:05:03 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055186,1058115,1065600,1065729,1094244,1136666,1152148,1152472,1152489,1153274,1154353,1155518,1155798,1156395,1167527,1170232,1170774,1171000,1171068,1171073,1171558,1171688,1171742,1172419,1172757,1172873,1173017,1173060,1173115,1173267,1173746,1174029,1174110,1174111,1174358,1174484,1174486,1174899,1175263,1175667,1175718,1175749,1175787,1175882,1175952,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176137,1176235,1176236,1176237,1176242,1176278,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176423,1176449,1176482,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176544,1176545,1176546,1176548,1176558,1176559,1176587,1176588,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176869,1176877,1176925,1176962,1176980,1176990,1177021,1177030,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14385,CV E-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-26088 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14385: Fixed a failure of the file system metadata validator in XFS which could have caused an inode with a valid, user-creatable extended attribute to be flagged as corrupt (bsc#1176137). The following non-security bugs were fixed: - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA: firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda: fixup headset for ASUS GX502 laptop (git-fixes). - ALSA: hda: hdmi - add Rocketlake support (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - ALSA: hda/realtek - The Mic on a RedmiBook does not work (git-fixes). - ALSA: hda/tegra: Program WAKEEN register for Tegra (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for UR22C (git-fixes). - ALSA: usb-audio: Disable autosuspend for Lenovo ThinkStation P620 (git-fixes). - arm64: paravirt: Initialize steal time when cpu is online (bsc#1176833). - ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt (git-fixes). - ASoC: img-parallel-out: Fix a reference count leak (git-fixes). - ASoC: meson: axg-toddr: fix channel order on g12 platforms (git-fixes). - ASoC: qcom: common: Fix refcount imbalance on error (git-fixes). - ASoC: qcom: Set card->owner to avoid warnings (git-fixes). - ASoC: SOF: Intel: add PCI ID for CometLake-S (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ata: ahci: use ata_link_info() instead of ata_link_printk() (jsc#SLE-14459). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: Fix own OGM check in aggregated OGMs (git-fixes). - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: btrtl: Add support for RTL8761B (bsc#1177021). - bnxt: do not enable NAPI until rings are ready (git-fixes). - bnxt_en: Check for zero dir entries in NVRAM (git-fixes). - bnxt_en: Do not query FW when netif_running() is false (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bnxt_en: fix HWRM error when querying VF temperature (git-fixes). - bnxt_en: Fix PCI AER error recovery flow (git-fixes). - bnxt_en: Fix possible crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix race when modifying pause settings (networking-stable-20_07_29). - bonding: check error value of register_netdevice() immediately (networking-stable-20_07_29). - bonding: check return value of register_netdevice() in bond_newlink() (networking-stable-20_07_29). - bonding: fix a potential double-unregister (git-fixes). - bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1155518). - bpf: map_seq_next should always increase position index (bsc#1155518). - btrfs: add a leak check for roots (bsc#1176019). - btrfs: add __cold attribute to more functions (bsc#1176019). - btrfs: add dedicated members for start and length of a block group (bsc#1176019). - btrfs: Add read_backup_root (bsc#1176019). - btrfs: block-group: Refactor btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: Reuse the item key from caller of read_one_block_group() (bsc#1176019). - btrfs: Cleanup and simplify find_newest_super_backup (bsc#1176019). - btrfs: clear DEAD_RELOC_TREE before dropping the reloc root (bsc#1176019). - btrfs: do not init a reloc root if we are not relocating (bsc#1176019). - btrfs: Do not use objectid_mutex during mount (bsc#1176019). - btrfs: drop block from cache on error in relocation (bsc#1176019). - btrfs: drop create parameter to btrfs_get_extent() (bsc#1176019). - btrfs: drop unused parameter is_new from btrfs_iget (bsc#1176019). - btrfs: export and rename free_fs_info (bsc#1176019). - btrfs: export and use btrfs_read_tree_root for tree-log (bsc#1176019). - btrfs: Factor out tree roots initialization during mount (bsc#1176019). - btrfs: fix setting last_trans for reloc roots (bsc#1176019). - btrfs: free more things in btrfs_free_fs_info (bsc#1176019). - btrfs: free the reloc_control in a consistent way (bsc#1176019). - btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root (bsc#1176019). - btrfs: hold a ref for the root in btrfs_find_orphan_roots (bsc#1176019). - btrfs: hold a ref on fs roots while they're in the radix tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_check_uuid_tree_entry (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info (bsc#1176019). - btrfs: hold a ref on the root in btrfs_ioctl_send (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_log_trees (bsc#1176019). - btrfs: hold a ref on the root in btrfs_recover_relocation (bsc#1176019). - btrfs: hold a ref on the root in __btrfs_run_defrag_inode (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree (bsc#1176019). - btrfs: hold a ref on the root in btrfs_search_path_in_tree_user (bsc#1176019). - btrfs: hold a ref on the root in build_backref_tree (bsc#1176019). - btrfs: hold a ref on the root in create_pending_snapshot (bsc#1176019). - btrfs: hold a ref on the root in create_reloc_inode (bsc#1176019). - btrfs: hold a ref on the root in create_subvol (bsc#1176019). - btrfs: hold a ref on the root in find_data_references (bsc#1176019). - btrfs: hold a ref on the root in fixup_tree_root_location (bsc#1176019). - btrfs: hold a ref on the root in get_subvol_name_from_objectid (bsc#1176019). - btrfs: hold a ref on the root in merge_reloc_roots (bsc#1176019). - btrfs: hold a ref on the root in open_ctree (bsc#1176019). - btrfs: hold a ref on the root in prepare_to_merge (bsc#1176019). - btrfs: hold a ref on the root in record_reloc_root_in_trans (bsc#1176019). - btrfs: hold a ref on the root in resolve_indirect_ref (bsc#1176019). - btrfs: hold a ref on the root in scrub_print_warning_inode (bsc#1176019). - btrfs: hold a ref on the root in search_ioctl (bsc#1176019). - btrfs: hold a ref on the root->reloc_root (bsc#1176019). - btrfs: hold a root ref in btrfs_get_dentry (bsc#1176019). - btrfs: hold ref on root in btrfs_ioctl_default_subvol (bsc#1176019). - btrfs: implement full reflink support for inline extents (bsc#1176019). - btrfs: make btrfs_find_orphan_roots use btrfs_get_fs_root (bsc#1176019). - btrfs: make relocation use btrfs_read_tree_root() (bsc#1176019). - btrfs: make the fs root init functions static (bsc#1176019). - btrfs: make the init of static elements in fs_info separate (bsc#1176019). - btrfs: move all reflink implementation code into its own file (bsc#1176019). - btrfs: move block_group_item::flags to block group (bsc#1176019). - btrfs: move block_group_item::used to block group (bsc#1176019). - btrfs: move fs_info init work into it's own helper function (bsc#1176019). - btrfs: move fs root init stuff into btrfs_init_fs_root (bsc#1176019). - btrfs: open code btrfs_read_fs_root_no_name (bsc#1176019). - btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root (bsc#1176019). - btrfs: push grab_fs_root into read_fs_root (bsc#1176019). - btrfs: push __setup_root into btrfs_alloc_root (bsc#1176019). - btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1176019). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1176019). - btrfs: Remove block_rsv parameter from btrfs_drop_snapshot (bsc#1176019). - btrfs: remove btrfs_read_fs_root, not used anymore (bsc#1176019). - btrfs: remove embedded block_group_cache::item (bsc#1176019). - btrfs: Remove newest_gen argument from find_oldest_super_backup (bsc#1176019). - btrfs: Remove unused next_root_backup function (bsc#1176019). - btrfs: rename block_group_item on-stack accessors to follow naming (bsc#1176019). - btrfs: rename btrfs_block_group_cache (bsc#1176019). - btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root (bsc#1176019). - btrfs: rename extent buffer block group item accessors (bsc#1176019). - btrfs: Rename find_oldest_super_backup to init_backup_root_slot (bsc#1176019). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: reset tree root pointer after error in init_tree_roots (bsc#1176019). - btrfs: simplify inline extent handling when doing reflinks (bsc#1176019). - btrfs: stop clearing EXTENT_DIRTY in inode I/O tree (bsc#1176019). - btrfs: Streamline btrfs_fs_info::backup_root_index semantics (bsc#1176019). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - btrfs: unset reloc control if we fail to recover (bsc#1176019). - btrfs: use bool argument in free_root_pointers() (bsc#1176019). - btrfs: use btrfs_block_group_cache_done in update_block_group (bsc#1176019). - btrfs: use btrfs_put_fs_root to free roots always (bsc#1176019). - ceph: do not allow setlease on cephfs (bsc#1176537). - ceph: fix potential mdsc use-after-free crash (bsc#1176538). - ceph: fix use-after-free for fsc->mdsc (bsc#1176539). - ceph: handle zero-length feature mask in session messages (bsc#1176540). - ceph: set sec_context xattr on symlink creation (bsc#1176541). - ceph: use frag's MDS in either mode (bsc#1176542). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: davinci: Use the correct size when allocating memory (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - crypto: ecdh - check validity of Z before export (bsc#1175718). - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718). - crypto: dh - check validity of Z before export (bsc#1175718). - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718). - cxgb4: fix thermal zone device registration (git-fixes). - dax: do not print error message for non-persistent memory block device (bsc#1171073). - dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#1171073). - debugfs: Fix module state check condition (bsc#1173746). - debugfs: Fix module state check condition (git-fixes). - dev: Defer free of skbs in flush_backlog (networking-stable-20_07_29). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - dmaengine: acpi: Put the CSRT table after using it (git-fixes). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: dw-edma: Fix scatter-gather address calculation (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dm: do not call report zones for more than the user requested (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (networking-stable-20_08_08). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996). - driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (bsc#1176486 ltc#188130). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - Drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amd/display: Switch to immediate mode for updating infopackets (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu/gfx10: refine mgcg setting (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct the thermal alert temperature limit settings (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega20 swctf limit setting (git-fixes). - drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading (git-fixes). - drm/amd/powerplay: correct Vega20 cached smu feature state (git-fixes). - drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1152472) * context changes - drm/mgag200: Remove declaration of mgag200_mmap() from header file (bsc#1152472) * context changes - drm/msm/a6xx: fix crashdec section name typo (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm/gpu: make ringbuffer readonly (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/sched: Fix passing zero to 'PTR_ERR' warning v2 (git-fixes). - drm/sun4i: add missing put_device() call in (bsc#1152472) - drm/sun4i: backend: Disable alpha on the lowest plane on the A20 (bsc#1152472) - drm/sun4i: backend: Support alpha property on lowest plane (bsc#1152472) - drm/sun4i: Fix dsi dcs long write function (bsc#1152472) - drm/virtio: fix missing dma_fence_put() in (bsc#1152489) * context changes - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - EDAC/amd64: Add AMD family 17h model 60h PCI IDs (bsc#1152489). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1152489). - EDAC: Fix reference count leaks (bsc#1152489). - efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc#1174111). - efi: avoid error message when booting under Xen (bsc#1172419). - efi/efivars: Expose RT service availability via efivars abstraction (bsc#1174029, bsc#1174110, bsc#1174111). - efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#1173267). - efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Register EFI rtc platform device only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Store mask of supported runtime services in struct efi (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use more granular check for availability for variable services (bsc#1174029, bsc#1174110, bsc#1174111). - enetc: Remove the mdio bus on PF probe bailout (networking-stable-20_07_29). - epoll: atomically remove wait entry on wake up (bsc#1176236). - epoll: call final ep_events_available() check under the lock (bsc#1176237). - ext4: handle read only external journal device (bsc#1176063). - fbcon: prevent user font height or width change from causing potential out-of-bounds access (git-fixes). - felix: Fix initialization of ioremap resources (bsc#1175997). - Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600). - HID: core: Add printk_once variants to hid_warn() etc (bsc#1176775). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: core: fix dmesg flooding if report field larger than 32bit (bsc#1176775). - HID: core: reformat and reduce hid_printk macros (bsc#1176775). - HID: core: Sanitize event code and type when mapping input (git-fixes). - HID: elan: Fix memleak in elan_input_configured (git-fixes). - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands (git-fixes). - HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller (git-fixes). - HID: quirks: add NOGET quirk for Logitech GROUP (git-fixes). - HID: quirks: Always poll three more Lenovo PixArt mice (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:accel:mma8452: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio:adc:ti-adc084s021 Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio:chemical:ccs811: Fix timestamp alignment and prevent data leak (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - iio:proximity:mb1232: Fix timestamp alignment and prevent data leak (git-fixes). - include/asm-generic/vmlinux.lds.h: align ro_after_init (git-fixes). - include/linux/bitops.h: avoid clang shift-count-overflow warnings (git-fixes). - include/linux/poison.h: remove obsolete comment (git-fixes). - infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - initramfs: remove clean_rootfs (git-fixes). - initramfs: remove the populate_initrd_image and clean_rootfs stubs (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - integrity: Check properly whether EFI GetVariable() is available (bsc#1174029, bsc#1174110, bsc#1174111). - iommu/amd: Do not force direct mapping when SME is active (bsc#1174358). - iommu/amd: Do not use IOMMUv2 functionality when SME is active (bsc#1174358). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176357). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176358). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176359). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176360). - iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361). - iommu/vt-d: Handle 36bit addressing for x86-32 (bsc#1176362). - iommu/vt-d: Handle non-page aligned address (bsc#1176367). - iommu/vt-d: Remove global page support in devTLB flush (bsc#1176363). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176364). - iommu/vt-d: Support flushing more translation cache types (bsc#1176365). - ipv4: Silence suspicious RCU usage warning (networking-stable-20_08_08). - ipv6: fix memory leaks on IPV6_ADDRFORM path (networking-stable-20_08_08). - ipv6: Fix nexthop refcnt leak when creating ipv6 route info (networking-stable-20_08_08). - irqdomain/treewide: Free firmware node after domain removal (git-fixes). - irqdomain/treewide: Keep firmware node unconditionally allocated (git-fixes). - kABI: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111). - kABI: net: dsa: microchip: call phy_remove_link_mode during probe (kabi). - kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/ - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - libbpf: Fix readelf output parsing on powerpc with recent binutils (bsc#1155518). - libbpf: Fix readelf output parsing for Fedora (bsc#1155518). - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks (jsc#SLE-14459). - lib/mpi: Add mpi_sub_ui() (bsc#1175718). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: cedrus: Add missing v4l2_ctrl_request_hdl_put() (git-fixes). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: gpio-ir-tx: improve precision of transmitted signal due to scheduling (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - mei: fix CNL itouch device number to match the spec (bsc#1175952). - mei: me: disable mei interface on LBG servers (bsc#1175952). - mei: me: disable mei interface on Mehlow server platforms (bsc#1175952). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mlx4: disable device on shutdown (git-fixes). - mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (networking-stable-20_07_29). - mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings (git-fixes). - mmc: mediatek: add optional module reset property (git-fixes). - mmc: sdhci-acpi: Clear amd_sdhci_host on reset (git-fixes). - mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-of-esdhc: Do not walk device-tree on every interrupt (git-fixes). - mmc: sdio: Use mmc_pre_req() / mmc_post_req() (git-fixes). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/pgalloc)). - mm/page_alloc: silence a KASAN false positive (git fixes (mm/pgalloc)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/shuffle: do not move pages between zones and do not read garbage memmaps (git fixes (mm/pgalloc)). - mm/sparse: rename pfn_present() to pfn_in_present_section() (git fixes (mm/pgalloc)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998). - net: dsa: microchip: call phy_remove_link_mode during probe (networking-stable-20_07_29). - net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999). - net: enetc: fix an issue about leak system resources (bsc#1176000). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix MTU warnings (networking-stable-20_08_08). - netfilter: ipset: Fix forceadd evaluation path (bsc#1176587). - net: Fix potential memory leak in proto_register() (networking-stable-20_08_15). - net: gre: recompute gre csum for sctp over gre tunnels (networking-stable-20_08_08). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge (bsc#1176001). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net: sched: initialize with 0 before setting erspan md->u (bsc#1154353). - net: Set fput_needed iff FDPUT_FPUT is set (networking-stable-20_08_15). - net/smc: put slot when connection is killed (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (networking-stable-20_08_08). - net/tls: Fix kmap usage (networking-stable-20_08_15). - net: udp: Fix wrong clean up for IS_UDPLITE macro (networking-stable-20_07_29). - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (networking-stable-20_08_08). - PCI: Add device even if driver attach failed (git-fixes). - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes). - platform/x86: dcdbas: Check SMBIOS for protected buffer address (jsc#SLE-14407). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64: mark emergency stacks valid to unwind (bsc#1156395). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: machine check interrupt update NMI accounting (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Do not flush caches when adding memory (bsc#1176980 ltc#187962). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm/radix: Create separate mappings for hot-plugged memory (bsc#1055186 ltc#153436). - powerpc/mm/radix: Fix PTE/PMD fragment count for early page table mappings (bsc#1055186 ltc#153436). - powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1055186 ltc#153436). - powerpc/mm/radix: Remove split_kernel_mapping() (bsc#1055186 ltc#153436). - powerpc/numa: Early request for home node associativity (bsc#1171068 ltc#183935). - powerpc/numa: Offline memoryless cpuless node 0 (bsc#1171068 ltc#183935). - powerpc/numa: Prefer node id queried from vphn (bsc#1171068 ltc#183935). - powerpc/numa: Set numa_node for all possible cpus (bsc#1171068 ltc#183935). - powerpc/numa: Use cpu node map of first sibling thread (bsc#1171068 ltc#183935). - powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute (bsc#1176486 ltc#188130). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436 jsc#SLE-13512). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - qrtr: orphan socket in qrtr_release() (networking-stable-20_07_29). - RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1173017). - RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017). - RDMA/bnxt_re: Remove set but not used variable 'qplib_ctx' (bsc#1170774). - RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds (bsc#1170774). - RDMA/bnxt_re: Restrict the max_gids to 256 (bsc#1173017). - RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774). - RDMA/mlx4: Read pkey table length instead of hardcoded value (git-fixes). - RDMA/siw: Suppress uninitialized var warning (jsc#SLE-8381). - regulator: core: Fix slab-out-of-bounds in regulator_unlock_recursive() (git-fixes). - regulator: fix memory leak on error path of regulator_register() (git-fixes). - regulator: plug of_node leak in regulator_register()'s error path (git-fixes). - regulator: push allocation in regulator_ena_gpio_request() out of lock (git-fixes). - regulator: push allocation in regulator_init_coupling() outside of lock (git-fixes). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - regulator: push allocations in create_regulator() outside of lock (git-fixes). - regulator: pwm: Fix machine constraints application (git-fixes). - regulator: remove superfluous lock in regulator_resolve_coupling() (git-fixes). - Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-binary.spec.in: pack .ipa-clones files for live patching When -fdump-ipa-clones option is enabled, GCC reports about its cloning operation during IPA optimizations. We use the information for live patches preparation, because it is crucial to know if and how functions are optimized. Currently, we create the needed .ipa-clones dump files manually. It is unnecessary, because the files may be created automatically during our kernel build. Prepare for the step and provide the resulting files in -livepatch-devel package. - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, '--ca-check' is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390: Change s390_kernel_write() return type to match memcpy() (bsc#1176449). Prerequisite for bsc#1176449. - s390/dasd: fix inability to use DASD with DIAG driver (git-fixes). - s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig (git-fixes). - s390/maccess: add no DAT mode to kernel_write (bsc#1176449). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - s390/setup: init jump labels before command line parsing (git-fixes). - sbitmap: Consider cleared bits in sbitmap_bitmap_show() (git fixes (block drivers)). - sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: nohz: stop passing around unused 'ticks' parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/numa: Check numa balancing information only when enabled (bsc#1176588). - sched/numa: Avoid creating large imbalances at task creation time (bsc#1176588). - sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - scsi: zfcp: Fix use-after-free in request timeout handlers (git-fixes). - sctp: shrink stream outq only when new outcnt < old outcnt (networking-stable-20_07_29). - sctp: shrink stream outq when fails to do addstream reconf (networking-stable-20_07_29). - sdhci: tegra: Add missing TMCLK for data timeout (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - selftests/net: relax cpu affinity requirement in msg_zerocopy test (networking-stable-20_08_08). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - soundwire: fix double free of dangling pointer (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: stm32: always perform registers configuration prior to transfer (git-fixes). - spi: stm32: clear only asserted irq flags on interrupt (git-fixes). - spi: stm32: fix fifo threshold level in case of short transfer (git-fixes). - spi: stm32: fix pm_runtime_get_sync() error checking (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate (git-fixes). - spi: stm32h7: fix race condition at end of transfer (git-fixes). - taprio: Fix using wrong queues in gate mask (bsc#1154353). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - tcp: correct read of TFO keys on big endian systems (networking-stable-20_08_15). - test_kmod: avoid potential double free in trigger_config_run_type() (git-fixes). - tg3: Fix soft lockup when tg3_reset_task() fails (git-fixes). - thermal: qcom-spmi-temp-alarm: Do not suppress negative temp (git-fixes). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tracing: fix double free (git-fixes). - Update patches.suse/btrfs-add-dedicated-members-for-start-and-length-of-.patch (bsc#1176019). - Update patches.suse/btrfs-Move-free_pages_out-label-in-inline-extent-han.patch (bsc#1174484). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisUSBvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: typec: ucsi: Prevent mode overrun (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vfio-pci: Avoid recursive read-lock usage (bsc#1176366). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes). - vsock/virtio: annotate 'the_virtio_vsock' RCU pointer (networking-stable-20_07_29). - vt: defer kfree() of vc_screenbuf in vc_do_resize() (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (networking-stable-20_08_08). - wireguard: noise: take lock when removing handshake entry from table (git-fixes). - wireguard: peerlookup: take lock before checking hash in replace operation (git-fixes). - workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs (bsc#1176763). - x86/hotplug: Silence APIC only after all interrupts are migrated (git-fixes). - x86/ima: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1152489). - x86, sched: Bail out of frequency invariance if turbo_freq/base_freq gives 0 (bsc#1176925). - x86, sched: Bail out of frequency invariance if turbo frequency is unknown (bsc#1176925). - x86, sched: check for counters overflow in frequency invariant accounting (bsc#1176925). - x86/stacktrace: Fix reliable check for empty user task stacks (bsc#1058115). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed (git-fixes). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2890-1 Released: Mon Oct 12 11:07:00 2020 Summary: Recommended update for multipath-tools Type: recommended Severity: important References: 1125043,1139837,1161923,1165786,1172157,1172429,1173060,1173064,1176644,1176670 This update for multipath-tools fixes the following issues: - Fixed an issue where mapping two WWID's to the same multipath led to a data corruption (bsc#1172429) - Improved logging of some failure cases (bsc#1173060, bsc#1173064) - Limited the PRIN allocation length to 8192 bytes (bsc#1165786) - Added '-e' option to enable foreign libraries (bsc#1139837) - Fixed an issue when handling synthetic uevents (bsc#1161923) - Fix handling of hardware properties for maps without paths (bsc#1176644) - Fixed an issue where all paths were dropped from a storage array (bsc#1125043) - Fixed handling of incompletely initialized udev devices (bsc#1172157) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2936-1 Released: Thu Oct 15 13:41:33 2020 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1175281 This update for iproute2 provides the following fix: - Add the iproute2-arpd sub-package to the SLE Basesystem module. (bsc#1175281) From sle-security-updates at lists.suse.com Tue Oct 20 13:14:55 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 20 Oct 2020 21:14:55 +0200 (CEST) Subject: SUSE-SU-2020:2967-1: Security update for hunspell Message-ID: <20201020191455.53581FFAB@maintenance.suse.de> SUSE Security Update: Security update for hunspell ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2967-1 Rating: low References: #1151867 Cross-References: CVE-2019-16707 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hunspell fixes the following issues: - CVE-2019-16707: Fixed an invalid read in SuggestMgr:leftcommonsubstring (bsc#1151867). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2967=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2967=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): hunspell-debuginfo-1.3.2-19.3.1 hunspell-debugsource-1.3.2-19.3.1 hunspell-devel-1.3.2-19.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): hunspell-1.3.2-19.3.1 hunspell-debuginfo-1.3.2-19.3.1 hunspell-debugsource-1.3.2-19.3.1 hunspell-tools-1.3.2-19.3.1 hunspell-tools-debuginfo-1.3.2-19.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): hunspell-32bit-1.3.2-19.3.1 hunspell-debuginfo-32bit-1.3.2-19.3.1 References: https://www.suse.com/security/cve/CVE-2019-16707.html https://bugzilla.suse.com/1151867 From sle-security-updates at lists.suse.com Tue Oct 20 13:15:49 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 20 Oct 2020 21:15:49 +0200 (CEST) Subject: SUSE-SU-2020:2972-1: critical: Security update for the Linux Kernel Message-ID: <20201020191549.04CE3FFA8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2972-1 Rating: critical References: #1065729 #1140683 #1172538 #1174748 #1175520 #1176400 #1176946 #1177027 #1177340 #1177511 #1177685 #1177724 #1177725 Cross-References: CVE-2020-12351 CVE-2020-12352 CVE-2020-25645 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 10 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka "BleedingTooth" aka "BadKarma" (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka "BleedingTooth" aka "BadChoice" (bsc#1177725). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511). The following non-security bugs were fixed: - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - i2c: meson: fix clock setting overwrite (git-fixes). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685). - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748). add two previous futile attempts to fix the bug to blacklist.conf - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748). - nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748). - nvme: fix possible io failures when removing multipathed ns (bsc#1174748). - nvme: make nvme_identify_ns propagate errors back (bsc#1174748). Refresh: - patches.suse/nvme-flush-scan_work-when-resetting-controller.patch - nvme: make nvme_report_ns_ids propagate error back (bsc#1174748). - nvme-multipath: do not reset on unknown status (bsc#1174748). - nvme: Namepace identification descriptor list is optional (bsc#1174748). - nvme: pass status to nvme_error_status (bsc#1174748). - nvme-rdma: Avoid double freeing of async event data (bsc#1174748). - nvme: return error from nvme_alloc_ns() (bsc#1174748). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - scsi-hisi-kabi-fixes.patch - scsi-hisi-kabi-fixes.patch - scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683). - scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683). - scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32() (bsc#1140683). - scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#1140683). - scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683). - scsi: hisi_sas: Do some more tidy-up (bsc#1140683). - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683). - scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh: - scsi-hisi_sas-Issue-internal-abort-on-all-relevant-q.patch - scsi: hisi_sas: No need to check return value of debugfs_create functions (bsc#1140683). Update: - scsi: hisi_sas: Some misc tidy-up (bsc#1140683). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2972=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.64.1 kernel-default-debugsource-4.12.14-197.64.1 kernel-default-livepatch-4.12.14-197.64.1 kernel-default-livepatch-devel-4.12.14-197.64.1 kernel-livepatch-4_12_14-197_64-default-1-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-12351.html https://www.suse.com/security/cve/CVE-2020-12352.html https://www.suse.com/security/cve/CVE-2020-25645.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1140683 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1174748 https://bugzilla.suse.com/1175520 https://bugzilla.suse.com/1176400 https://bugzilla.suse.com/1176946 https://bugzilla.suse.com/1177027 https://bugzilla.suse.com/1177340 https://bugzilla.suse.com/1177511 https://bugzilla.suse.com/1177685 https://bugzilla.suse.com/1177724 https://bugzilla.suse.com/1177725 From sle-security-updates at lists.suse.com Tue Oct 20 13:17:54 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 20 Oct 2020 21:17:54 +0200 (CEST) Subject: SUSE-SU-2020:2969-1: important: Security update for libvirt Message-ID: <20201020191754.877FCFFA8@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2969-1 Rating: important References: #1171701 #1174955 #1177155 Cross-References: CVE-2020-15708 CVE-2020-25637 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). - libxl: Fixed lock manager lock ordering (bsc#1171701). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2969=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2969=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2969=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2969=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libvirt-4.0.0-9.35.1 libvirt-admin-4.0.0-9.35.1 libvirt-admin-debuginfo-4.0.0-9.35.1 libvirt-client-4.0.0-9.35.1 libvirt-client-debuginfo-4.0.0-9.35.1 libvirt-daemon-4.0.0-9.35.1 libvirt-daemon-config-network-4.0.0-9.35.1 libvirt-daemon-config-nwfilter-4.0.0-9.35.1 libvirt-daemon-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-interface-4.0.0-9.35.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-lxc-4.0.0-9.35.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-network-4.0.0-9.35.1 libvirt-daemon-driver-network-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-nodedev-4.0.0-9.35.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-nwfilter-4.0.0-9.35.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-qemu-4.0.0-9.35.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-secret-4.0.0-9.35.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-4.0.0-9.35.1 libvirt-daemon-driver-storage-core-4.0.0-9.35.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-disk-4.0.0-9.35.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-iscsi-4.0.0-9.35.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-logical-4.0.0-9.35.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-mpath-4.0.0-9.35.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-scsi-4.0.0-9.35.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.35.1 libvirt-daemon-hooks-4.0.0-9.35.1 libvirt-daemon-lxc-4.0.0-9.35.1 libvirt-daemon-qemu-4.0.0-9.35.1 libvirt-debugsource-4.0.0-9.35.1 libvirt-devel-4.0.0-9.35.1 libvirt-doc-4.0.0-9.35.1 libvirt-libs-4.0.0-9.35.1 libvirt-libs-debuginfo-4.0.0-9.35.1 libvirt-lock-sanlock-4.0.0-9.35.1 libvirt-lock-sanlock-debuginfo-4.0.0-9.35.1 libvirt-nss-4.0.0-9.35.1 libvirt-nss-debuginfo-4.0.0-9.35.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libvirt-daemon-driver-libxl-4.0.0-9.35.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-rbd-4.0.0-9.35.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.35.1 libvirt-daemon-xen-4.0.0-9.35.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libvirt-4.0.0-9.35.1 libvirt-admin-4.0.0-9.35.1 libvirt-admin-debuginfo-4.0.0-9.35.1 libvirt-client-4.0.0-9.35.1 libvirt-client-debuginfo-4.0.0-9.35.1 libvirt-daemon-4.0.0-9.35.1 libvirt-daemon-config-network-4.0.0-9.35.1 libvirt-daemon-config-nwfilter-4.0.0-9.35.1 libvirt-daemon-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-interface-4.0.0-9.35.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-lxc-4.0.0-9.35.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-network-4.0.0-9.35.1 libvirt-daemon-driver-network-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-nodedev-4.0.0-9.35.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-nwfilter-4.0.0-9.35.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-qemu-4.0.0-9.35.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-secret-4.0.0-9.35.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-4.0.0-9.35.1 libvirt-daemon-driver-storage-core-4.0.0-9.35.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-disk-4.0.0-9.35.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-iscsi-4.0.0-9.35.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-logical-4.0.0-9.35.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-mpath-4.0.0-9.35.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-scsi-4.0.0-9.35.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.35.1 libvirt-daemon-hooks-4.0.0-9.35.1 libvirt-daemon-lxc-4.0.0-9.35.1 libvirt-daemon-qemu-4.0.0-9.35.1 libvirt-debugsource-4.0.0-9.35.1 libvirt-devel-4.0.0-9.35.1 libvirt-doc-4.0.0-9.35.1 libvirt-libs-4.0.0-9.35.1 libvirt-libs-debuginfo-4.0.0-9.35.1 libvirt-lock-sanlock-4.0.0-9.35.1 libvirt-lock-sanlock-debuginfo-4.0.0-9.35.1 libvirt-nss-4.0.0-9.35.1 libvirt-nss-debuginfo-4.0.0-9.35.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): libvirt-daemon-driver-storage-rbd-4.0.0-9.35.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libvirt-4.0.0-9.35.1 libvirt-admin-4.0.0-9.35.1 libvirt-admin-debuginfo-4.0.0-9.35.1 libvirt-client-4.0.0-9.35.1 libvirt-client-debuginfo-4.0.0-9.35.1 libvirt-daemon-4.0.0-9.35.1 libvirt-daemon-config-network-4.0.0-9.35.1 libvirt-daemon-config-nwfilter-4.0.0-9.35.1 libvirt-daemon-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-interface-4.0.0-9.35.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-lxc-4.0.0-9.35.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-network-4.0.0-9.35.1 libvirt-daemon-driver-network-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-nodedev-4.0.0-9.35.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-nwfilter-4.0.0-9.35.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-qemu-4.0.0-9.35.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-secret-4.0.0-9.35.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-4.0.0-9.35.1 libvirt-daemon-driver-storage-core-4.0.0-9.35.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-disk-4.0.0-9.35.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-iscsi-4.0.0-9.35.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-logical-4.0.0-9.35.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-mpath-4.0.0-9.35.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-rbd-4.0.0-9.35.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-scsi-4.0.0-9.35.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.35.1 libvirt-daemon-hooks-4.0.0-9.35.1 libvirt-daemon-lxc-4.0.0-9.35.1 libvirt-daemon-qemu-4.0.0-9.35.1 libvirt-debugsource-4.0.0-9.35.1 libvirt-devel-4.0.0-9.35.1 libvirt-doc-4.0.0-9.35.1 libvirt-libs-4.0.0-9.35.1 libvirt-libs-debuginfo-4.0.0-9.35.1 libvirt-lock-sanlock-4.0.0-9.35.1 libvirt-lock-sanlock-debuginfo-4.0.0-9.35.1 libvirt-nss-4.0.0-9.35.1 libvirt-nss-debuginfo-4.0.0-9.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libvirt-daemon-driver-libxl-4.0.0-9.35.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-9.35.1 libvirt-daemon-xen-4.0.0-9.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libvirt-4.0.0-9.35.1 libvirt-admin-4.0.0-9.35.1 libvirt-admin-debuginfo-4.0.0-9.35.1 libvirt-client-4.0.0-9.35.1 libvirt-client-debuginfo-4.0.0-9.35.1 libvirt-daemon-4.0.0-9.35.1 libvirt-daemon-config-network-4.0.0-9.35.1 libvirt-daemon-config-nwfilter-4.0.0-9.35.1 libvirt-daemon-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-interface-4.0.0-9.35.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-lxc-4.0.0-9.35.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-network-4.0.0-9.35.1 libvirt-daemon-driver-network-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-nodedev-4.0.0-9.35.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-nwfilter-4.0.0-9.35.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-qemu-4.0.0-9.35.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-secret-4.0.0-9.35.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-4.0.0-9.35.1 libvirt-daemon-driver-storage-core-4.0.0-9.35.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-disk-4.0.0-9.35.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-iscsi-4.0.0-9.35.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-logical-4.0.0-9.35.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-mpath-4.0.0-9.35.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-rbd-4.0.0-9.35.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.35.1 libvirt-daemon-driver-storage-scsi-4.0.0-9.35.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.35.1 libvirt-daemon-hooks-4.0.0-9.35.1 libvirt-daemon-lxc-4.0.0-9.35.1 libvirt-daemon-qemu-4.0.0-9.35.1 libvirt-debugsource-4.0.0-9.35.1 libvirt-devel-4.0.0-9.35.1 libvirt-doc-4.0.0-9.35.1 libvirt-libs-4.0.0-9.35.1 libvirt-libs-debuginfo-4.0.0-9.35.1 libvirt-lock-sanlock-4.0.0-9.35.1 libvirt-lock-sanlock-debuginfo-4.0.0-9.35.1 libvirt-nss-4.0.0-9.35.1 libvirt-nss-debuginfo-4.0.0-9.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libvirt-daemon-driver-libxl-4.0.0-9.35.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-9.35.1 libvirt-daemon-xen-4.0.0-9.35.1 References: https://www.suse.com/security/cve/CVE-2020-15708.html https://www.suse.com/security/cve/CVE-2020-25637.html https://bugzilla.suse.com/1171701 https://bugzilla.suse.com/1174955 https://bugzilla.suse.com/1177155 From sle-security-updates at lists.suse.com Tue Oct 20 13:19:03 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 20 Oct 2020 21:19:03 +0200 (CEST) Subject: SUSE-SU-2020:2970-1: important: Security update for libvirt Message-ID: <20201020191903.72A01FFA8@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2970-1 Rating: important References: #1173157 #1174139 #1174955 #1175465 #1176430 #1177155 Cross-References: CVE-2020-15708 CVE-2020-25637 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). - qemu: Avoid stale capabilities cache host CPU or kernel command line changes (bsc#1173157). - virdevmapper: Handle kernel without device-mapper support (bsc#1175465). - Xen: Added support for passing arbitrary commands to the qemu device model, similar to the xl.cfg(5) device_model_args setting (bsc#1174139). - Xen: Don't add dom0 twice on driver reload (bsc#1176430). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2970=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2970=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libvirt-6.0.0-13.8.1 libvirt-admin-6.0.0-13.8.1 libvirt-admin-debuginfo-6.0.0-13.8.1 libvirt-client-6.0.0-13.8.1 libvirt-client-debuginfo-6.0.0-13.8.1 libvirt-daemon-6.0.0-13.8.1 libvirt-daemon-config-network-6.0.0-13.8.1 libvirt-daemon-config-nwfilter-6.0.0-13.8.1 libvirt-daemon-debuginfo-6.0.0-13.8.1 libvirt-daemon-driver-interface-6.0.0-13.8.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.8.1 libvirt-daemon-driver-lxc-6.0.0-13.8.1 libvirt-daemon-driver-lxc-debuginfo-6.0.0-13.8.1 libvirt-daemon-driver-network-6.0.0-13.8.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.8.1 libvirt-daemon-driver-nodedev-6.0.0-13.8.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.8.1 libvirt-daemon-driver-nwfilter-6.0.0-13.8.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.8.1 libvirt-daemon-driver-qemu-6.0.0-13.8.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.8.1 libvirt-daemon-driver-secret-6.0.0-13.8.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.8.1 libvirt-daemon-driver-storage-6.0.0-13.8.1 libvirt-daemon-driver-storage-core-6.0.0-13.8.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.8.1 libvirt-daemon-driver-storage-disk-6.0.0-13.8.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.8.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.8.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.8.1 libvirt-daemon-driver-storage-logical-6.0.0-13.8.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.8.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.8.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.8.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.8.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.8.1 libvirt-daemon-hooks-6.0.0-13.8.1 libvirt-daemon-lxc-6.0.0-13.8.1 libvirt-daemon-qemu-6.0.0-13.8.1 libvirt-debugsource-6.0.0-13.8.1 libvirt-devel-6.0.0-13.8.1 libvirt-lock-sanlock-6.0.0-13.8.1 libvirt-lock-sanlock-debuginfo-6.0.0-13.8.1 libvirt-nss-6.0.0-13.8.1 libvirt-nss-debuginfo-6.0.0-13.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-6.0.0-13.8.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): libvirt-bash-completion-6.0.0-13.8.1 libvirt-doc-6.0.0-13.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): libvirt-daemon-driver-libxl-6.0.0-13.8.1 libvirt-daemon-driver-libxl-debuginfo-6.0.0-13.8.1 libvirt-daemon-xen-6.0.0-13.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-6.0.0-13.8.1 libvirt-libs-6.0.0-13.8.1 libvirt-libs-debuginfo-6.0.0-13.8.1 References: https://www.suse.com/security/cve/CVE-2020-15708.html https://www.suse.com/security/cve/CVE-2020-25637.html https://bugzilla.suse.com/1173157 https://bugzilla.suse.com/1174139 https://bugzilla.suse.com/1174955 https://bugzilla.suse.com/1175465 https://bugzilla.suse.com/1176430 https://bugzilla.suse.com/1177155 From sle-security-updates at lists.suse.com Tue Oct 20 13:21:23 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 20 Oct 2020 21:21:23 +0200 (CEST) Subject: SUSE-SU-2020:2972-1: critical: Security update for the Linux Kernel Message-ID: <20201020192123.ADF77FFA8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2972-1 Rating: critical References: #1065729 #1140683 #1172538 #1174748 #1175520 #1176400 #1176946 #1177027 #1177340 #1177511 #1177685 #1177724 #1177725 Cross-References: CVE-2020-12351 CVE-2020-12352 CVE-2020-25645 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 10 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka "BleedingTooth" aka "BadKarma" (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka "BleedingTooth" aka "BadChoice" (bsc#1177725). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511). The following non-security bugs were fixed: - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - i2c: meson: fix clock setting overwrite (git-fixes). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685). - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748). add two previous futile attempts to fix the bug to blacklist.conf - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748). - nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748). - nvme: fix possible io failures when removing multipathed ns (bsc#1174748). - nvme: make nvme_identify_ns propagate errors back (bsc#1174748). Refresh: - patches.suse/nvme-flush-scan_work-when-resetting-controller.patch - nvme: make nvme_report_ns_ids propagate error back (bsc#1174748). - nvme-multipath: do not reset on unknown status (bsc#1174748). - nvme: Namepace identification descriptor list is optional (bsc#1174748). - nvme: pass status to nvme_error_status (bsc#1174748). - nvme-rdma: Avoid double freeing of async event data (bsc#1174748). - nvme: return error from nvme_alloc_ns() (bsc#1174748). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - scsi-hisi-kabi-fixes.patch - scsi-hisi-kabi-fixes.patch - scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683). - scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683). - scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32() (bsc#1140683). - scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#1140683). - scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683). - scsi: hisi_sas: Do some more tidy-up (bsc#1140683). - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683). - scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh: - scsi-hisi_sas-Issue-internal-abort-on-all-relevant-q.patch - scsi: hisi_sas: No need to check return value of debugfs_create functions (bsc#1140683). Update: - scsi: hisi_sas: Some misc tidy-up (bsc#1140683). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2972=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2972=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2972=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2972=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2972=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2972=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.64.1 kernel-default-debugsource-4.12.14-197.64.1 kernel-default-extra-4.12.14-197.64.1 kernel-default-extra-debuginfo-4.12.14-197.64.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.64.1 kernel-default-debugsource-4.12.14-197.64.1 kernel-default-livepatch-4.12.14-197.64.1 kernel-default-livepatch-devel-4.12.14-197.64.1 kernel-livepatch-4_12_14-197_64-default-1-3.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.64.1 kernel-default-debugsource-4.12.14-197.64.1 reiserfs-kmp-default-4.12.14-197.64.1 reiserfs-kmp-default-debuginfo-4.12.14-197.64.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.64.1 kernel-obs-build-debugsource-4.12.14-197.64.1 kernel-syms-4.12.14-197.64.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.64.1 kernel-source-4.12.14-197.64.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.64.1 kernel-default-base-4.12.14-197.64.1 kernel-default-base-debuginfo-4.12.14-197.64.1 kernel-default-debuginfo-4.12.14-197.64.1 kernel-default-debugsource-4.12.14-197.64.1 kernel-default-devel-4.12.14-197.64.1 kernel-default-devel-debuginfo-4.12.14-197.64.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.64.1 kernel-macros-4.12.14-197.64.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.64.1 kernel-zfcpdump-debuginfo-4.12.14-197.64.1 kernel-zfcpdump-debugsource-4.12.14-197.64.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.64.1 cluster-md-kmp-default-debuginfo-4.12.14-197.64.1 dlm-kmp-default-4.12.14-197.64.1 dlm-kmp-default-debuginfo-4.12.14-197.64.1 gfs2-kmp-default-4.12.14-197.64.1 gfs2-kmp-default-debuginfo-4.12.14-197.64.1 kernel-default-debuginfo-4.12.14-197.64.1 kernel-default-debugsource-4.12.14-197.64.1 ocfs2-kmp-default-4.12.14-197.64.1 ocfs2-kmp-default-debuginfo-4.12.14-197.64.1 References: https://www.suse.com/security/cve/CVE-2020-12351.html https://www.suse.com/security/cve/CVE-2020-12352.html https://www.suse.com/security/cve/CVE-2020-25645.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1140683 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1174748 https://bugzilla.suse.com/1175520 https://bugzilla.suse.com/1176400 https://bugzilla.suse.com/1176946 https://bugzilla.suse.com/1177027 https://bugzilla.suse.com/1177340 https://bugzilla.suse.com/1177511 https://bugzilla.suse.com/1177685 https://bugzilla.suse.com/1177724 https://bugzilla.suse.com/1177725 From sle-security-updates at lists.suse.com Tue Oct 20 13:23:31 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 20 Oct 2020 21:23:31 +0200 (CEST) Subject: SUSE-SU-2020:2968-1: Security update for taglib Message-ID: <20201020192331.424ADFFA8@maintenance.suse.de> SUSE Security Update: Security update for taglib ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2968-1 Rating: low References: #1096180 Cross-References: CVE-2018-11439 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for taglib fixes the following issues: - CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file (bsc#1096180). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2968=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2968=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2968=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libtag1-32bit-1.9.1-3.4.18 libtag1-debuginfo-32bit-1.9.1-3.4.18 libtag_c0-32bit-1.9.1-3.4.18 libtag_c0-debuginfo-32bit-1.9.1-3.4.18 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libtag-devel-1.9.1-3.4.18 taglib-debuginfo-1.9.1-3.4.18 taglib-debugsource-1.9.1-3.4.18 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libtag1-1.9.1-3.4.18 libtag1-debuginfo-1.9.1-3.4.18 libtag_c0-1.9.1-3.4.18 libtag_c0-debuginfo-1.9.1-3.4.18 taglib-1.9.1-3.4.18 taglib-debuginfo-1.9.1-3.4.18 taglib-debugsource-1.9.1-3.4.18 References: https://www.suse.com/security/cve/CVE-2018-11439.html https://bugzilla.suse.com/1096180 From sle-security-updates at lists.suse.com Tue Oct 20 13:24:27 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 20 Oct 2020 21:24:27 +0200 (CEST) Subject: SUSE-SU-2020:2966-1: Security update for hunspell Message-ID: <20201020192427.2B1A6FFA8@maintenance.suse.de> SUSE Security Update: Security update for hunspell ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2966-1 Rating: low References: #1151867 Cross-References: CVE-2019-16707 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hunspell fixes the following issues: - CVE-2019-16707: Fixed an invalid read in SuggestMgr:leftcommonsubstring (bsc#1151867). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2966=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2966=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): hunspell-1.6.2-3.3.7 hunspell-debuginfo-1.6.2-3.3.7 hunspell-debugsource-1.6.2-3.3.7 hunspell-devel-1.6.2-3.3.7 hunspell-tools-1.6.2-3.3.7 hunspell-tools-debuginfo-1.6.2-3.3.7 libhunspell-1_6-0-1.6.2-3.3.7 libhunspell-1_6-0-debuginfo-1.6.2-3.3.7 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): hunspell-1.6.2-3.3.7 hunspell-debuginfo-1.6.2-3.3.7 hunspell-debugsource-1.6.2-3.3.7 hunspell-devel-1.6.2-3.3.7 hunspell-tools-1.6.2-3.3.7 hunspell-tools-debuginfo-1.6.2-3.3.7 libhunspell-1_6-0-1.6.2-3.3.7 libhunspell-1_6-0-debuginfo-1.6.2-3.3.7 References: https://www.suse.com/security/cve/CVE-2019-16707.html https://bugzilla.suse.com/1151867 From sle-security-updates at lists.suse.com Wed Oct 21 00:07:41 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Oct 2020 08:07:41 +0200 (CEST) Subject: SUSE-CU-2020:554-1: Security update of caasp/v4.5/cilium-etcd-operator Message-ID: <20201021060741.3E5F5FFAB@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4.5/cilium-etcd-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:554-1 Container Tags : caasp/v4.5/cilium-etcd-operator:2.0.5 , caasp/v4.5/cilium-etcd-operator:2.0.5-rev3 , caasp/v4.5/cilium-etcd-operator:2.0.5-rev3-build5.7.1 Container Release : 5.7.1 Severity : important Type : security References : 1011548 1100369 1109160 1118367 1118368 1128220 1142733 1146991 1153943 1153946 1156205 1157051 1158336 1161168 1161239 1165424 1170667 1170713 1170964 1171313 1171740 1171762 1172195 1172798 1172824 1172846 1172958 1173273 1173307 1173311 1173470 1173529 1173539 1173972 1173983 1174079 1174154 1174240 1174551 1174561 1174736 1174753 1174817 1174918 1175109 1175168 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-13844 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container caasp/v4.5/cilium-etcd-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 From sle-security-updates at lists.suse.com Wed Oct 21 00:08:07 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Oct 2020 08:08:07 +0200 (CEST) Subject: SUSE-CU-2020:555-1: Security update of caasp/v4.5/cilium Message-ID: <20201021060807.341B0FFAB@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4.5/cilium ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:555-1 Container Tags : caasp/v4.5/cilium:1.7.6 , caasp/v4.5/cilium:1.7.6-rev3 , caasp/v4.5/cilium:1.7.6-rev3-build5.7.1 Container Release : 5.7.1 Severity : important Type : security References : 1011548 1100369 1109160 1118367 1118368 1128220 1142733 1146991 1153943 1153946 1156205 1157051 1158336 1161168 1161239 1165424 1165580 1167073 1170667 1170713 1170964 1171313 1171740 1171762 1172195 1172786 1172798 1172824 1172846 1172958 1173273 1173307 1173311 1173470 1173529 1173539 1173559 1173972 1173983 1174075 1174079 1174154 1174240 1174551 1174561 1174736 1174753 1174817 1174918 1175109 1175110 1175151 1175168 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1176752 1176753 1176754 1176755 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-12603 CVE-2020-12604 CVE-2020-12605 CVE-2020-13844 CVE-2020-15184 CVE-2020-15185 CVE-2020-15186 CVE-2020-15187 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8663 ----------------------------------------------------------------- The container caasp/v4.5/cilium was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2638-1 Released: Tue Sep 15 15:41:32 2020 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1165580 This update for cryptsetup fixes the following issues: Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580) - Fix support of larger metadata areas in *LUKS2* header. This release properly supports all specified metadata areas, as documented in *LUKS2* format description. Currently, only default metadata area size is used (in format or convert). Later cryptsetup versions will allow increasing this metadata area size. - If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check if the requested *AEAD* algorithm with specified key size is available in kernel crypto API. This change avoids formatting a device that cannot be later activated. For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) are already mandatory for LUKS2. - Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option. - Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt. - Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested sector size. Previously it was possible, and the device was rejected to activate by kernel later. - Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash algorithm with invalid keyslot preventing the device from activation. - Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used both for data encryption and keyslot encryption in *LUKS1/2* devices. For benchmark, use: # cryptsetup benchmark -c xchacha12,aes-adiantum # cryptsetup benchmark -c xchacha20,aes-adiantum For LUKS format: # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2850-1 Released: Fri Oct 2 12:26:03 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1175110 This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2960-1 Released: Tue Oct 20 13:13:59 2020 Summary: Release Request for CaaSP 4.5.1 Type: recommended Severity: important References: 1167073,1173559,1174075,1175151,1176752,1176753,1176754,1176755,CVE-2020-12603,CVE-2020-12604,CVE-2020-12605,CVE-2020-15184,CVE-2020-15185,CVE-2020-15186,CVE-2020-15187,CVE-2020-8663 Release Request for CaaSP 4.5.1 - Envoy/cilium-proxy/helm security updates ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2965-1 Released: Tue Oct 20 13:27:21 2020 Summary: Recommended update for cni, cni-plugins Type: recommended Severity: moderate References: 1172786 This update ships cni and cni-plugins to the Public Cloud Module of SUSE Linux Enterprise 15 SP2. From sle-security-updates at lists.suse.com Wed Oct 21 00:08:25 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Oct 2020 08:08:25 +0200 (CEST) Subject: SUSE-CU-2020:556-1: Security update of caasp/v4.5/cilium-operator Message-ID: <20201021060825.31D4EFFAB@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4.5/cilium-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:556-1 Container Tags : caasp/v4.5/cilium-operator:1.7.6 , caasp/v4.5/cilium-operator:1.7.6-rev3 , caasp/v4.5/cilium-operator:1.7.6-rev3-build5.7.1 Container Release : 5.7.1 Severity : important Type : security References : 1011548 1100369 1109160 1118367 1118368 1128220 1142733 1146991 1153943 1153946 1156205 1157051 1158336 1161168 1161239 1165424 1167073 1170667 1170713 1170964 1171313 1171740 1171762 1172195 1172798 1172824 1172846 1172958 1173273 1173307 1173311 1173470 1173529 1173539 1173559 1173972 1173983 1174075 1174079 1174154 1174240 1174551 1174561 1174736 1174753 1174817 1174918 1175109 1175151 1175168 1175342 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176179 1176181 1176410 1176671 1176674 1176752 1176753 1176754 1176755 1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-12603 CVE-2020-12604 CVE-2020-12605 CVE-2020-13844 CVE-2020-15184 CVE-2020-15185 CVE-2020-15186 CVE-2020-15187 CVE-2020-15719 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219 CVE-2020-26154 CVE-2020-8027 CVE-2020-8231 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8663 ----------------------------------------------------------------- The container caasp/v4.5/cilium-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2960-1 Released: Tue Oct 20 13:13:59 2020 Summary: Release Request for CaaSP 4.5.1 Type: recommended Severity: important References: 1167073,1173559,1174075,1175151,1176752,1176753,1176754,1176755,CVE-2020-12603,CVE-2020-12604,CVE-2020-12605,CVE-2020-15184,CVE-2020-15185,CVE-2020-15186,CVE-2020-15187,CVE-2020-8663 Release Request for CaaSP 4.5.1 - Envoy/cilium-proxy/helm security updates From sle-security-updates at lists.suse.com Wed Oct 21 10:18:48 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Oct 2020 18:18:48 +0200 (CEST) Subject: SUSE-SU-2020:2981-1: critical: Security update for the Linux Kernel Message-ID: <20201021161848.0F59EFFA8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2981-1 Rating: critical References: #1065729 #1140683 #1152624 #1172538 #1172757 #1174748 #1175520 #1176381 #1176400 #1176713 #1176946 #1177027 #1177340 #1177359 #1177511 #1177685 #1177687 #1177724 #1177725 Cross-References: CVE-2020-12351 CVE-2020-12352 CVE-2020-25212 CVE-2020-25645 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves four vulnerabilities and has 15 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka "BleedingTooth" aka "BadKarma" (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka "BleedingTooth" aka "BadChoice" (bsc#1177725). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511). - CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bsc#1176381). The following non-security bugs were fixed: - btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687). - btrfs: do not set the full sync flag on the inode during page release (bsc#1177687). - btrfs: fix incorrect updating of log root tree (bsc#1177687). - btrfs: fix race between page release and a fast fsync (bsc#1177687). - btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687). - btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687). - btrfs: reduce contention on log trees when logging checksums (bsc#1177687). - btrfs: release old extent maps during page release (bsc#1177687). - btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687). - btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687). - drm/amdgpu: prevent double kfree ttm->sg (git-fixes). - drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes). - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - ext4: fix dir_nlink behaviour (bsc#1177359). - i2c: meson: fix clock setting overwrite (git-fixes). - include/linux/swapops.h: correct guards for non_swap_entry() (git-fixes (mm/swap)). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - leds: mt6323: move period calculation (git-fixes). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - mfd: sm501: Fix leaks in probe() (git-fixes). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)). - mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() (git-fixes (mm/hugetlb)). - mm/ksm.c: do not WARN if page is still mapped in remove_stable_node() (git-fixes (mm/hugetlb)). - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685). - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)). - mm/mempolicy.c: use match_string() helper to simplify the code (git-fixes (mm/mempolicy)). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (git-fixes (mm/numa)). - mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages (git-fixes (mm/debug)). - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)). - mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)). - mm/page-writeback.c: use div64_ul() for u64-by-unsigned-long divide (git-fixes (mm/writeback)). - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)). - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: fix race condition in zs_destroy_pool (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely (git-fixes (mm/zsmalloc)). - Move the upstreamed bluetooth fix into sorted section - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes). - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748). add two previous futile attempts to fix the bug to blacklist.conf - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748). - nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748). - nvme: fix possible io failures when removing multipathed ns (bsc#1174748). - nvme: make nvme_identify_ns propagate errors back (bsc#1174748). - nvme: make nvme_report_ns_ids propagate error back (bsc#1174748). - nvme-multipath: do not reset on unknown status (bsc#1174748). - nvme: Namepace identification descriptor list is optional (bsc#1174748). - nvme: pass status to nvme_error_status (bsc#1174748). - nvme-rdma: Avoid double freeing of async event data (bsc#1174748). - nvme: return error from nvme_alloc_ns() (bsc#1174748). - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - pty: do tty_flip_buffer_push without port->lock in pty_write (git-fixes). - scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683). - scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683). - scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32() (bsc#1140683). - scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#1140683). - scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683). - scsi: hisi_sas: Do some more tidy-up (bsc#1140683). - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683). - scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh: - scsi: hisi_sas: No need to check return value of debugfs_create functions (bsc#1140683). Update: - scsi: hisi_sas: Some misc tidy-up (bsc#1140683). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538). - spi: fsl-espi: Only process interrupts for expected events (git-fixes). - tty: serial: earlycon dependency (git-fixes). - x86, fakenuma: Fix invalid starting node ID (git-fixes (mm/x86/fakenuma)). - x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2981=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2981=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2981=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2981=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.46.1 kernel-default-debugsource-4.12.14-122.46.1 kernel-default-extra-4.12.14-122.46.1 kernel-default-extra-debuginfo-4.12.14-122.46.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.46.1 kernel-obs-build-debugsource-4.12.14-122.46.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.46.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.46.1 kernel-default-base-4.12.14-122.46.1 kernel-default-base-debuginfo-4.12.14-122.46.1 kernel-default-debuginfo-4.12.14-122.46.1 kernel-default-debugsource-4.12.14-122.46.1 kernel-default-devel-4.12.14-122.46.1 kernel-syms-4.12.14-122.46.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.46.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.46.1 kernel-macros-4.12.14-122.46.1 kernel-source-4.12.14-122.46.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.46.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.46.1 cluster-md-kmp-default-debuginfo-4.12.14-122.46.1 dlm-kmp-default-4.12.14-122.46.1 dlm-kmp-default-debuginfo-4.12.14-122.46.1 gfs2-kmp-default-4.12.14-122.46.1 gfs2-kmp-default-debuginfo-4.12.14-122.46.1 kernel-default-debuginfo-4.12.14-122.46.1 kernel-default-debugsource-4.12.14-122.46.1 ocfs2-kmp-default-4.12.14-122.46.1 ocfs2-kmp-default-debuginfo-4.12.14-122.46.1 References: https://www.suse.com/security/cve/CVE-2020-12351.html https://www.suse.com/security/cve/CVE-2020-12352.html https://www.suse.com/security/cve/CVE-2020-25212.html https://www.suse.com/security/cve/CVE-2020-25645.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1140683 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172757 https://bugzilla.suse.com/1174748 https://bugzilla.suse.com/1175520 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176400 https://bugzilla.suse.com/1176713 https://bugzilla.suse.com/1176946 https://bugzilla.suse.com/1177027 https://bugzilla.suse.com/1177340 https://bugzilla.suse.com/1177359 https://bugzilla.suse.com/1177511 https://bugzilla.suse.com/1177685 https://bugzilla.suse.com/1177687 https://bugzilla.suse.com/1177724 https://bugzilla.suse.com/1177725 From sle-security-updates at lists.suse.com Wed Oct 21 10:24:03 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Oct 2020 18:24:03 +0200 (CEST) Subject: SUSE-SU-2020:2980-1: critical: Security update for the Linux Kernel Message-ID: <20201021162403.94C2EFFA6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2980-1 Rating: critical References: #1065600 #1065729 #1155798 #1165692 #1168468 #1171675 #1171688 #1174003 #1174098 #1175599 #1175621 #1175807 #1176019 #1176400 #1176907 #1176979 #1177090 #1177109 #1177121 #1177193 #1177194 #1177206 #1177258 #1177271 #1177283 #1177284 #1177285 #1177286 #1177297 #1177384 #1177511 #1177617 #1177681 #1177683 #1177687 #1177694 #1177697 #1177719 #1177724 #1177725 #1177726 #954532 Cross-References: CVE-2020-12351 CVE-2020-12352 CVE-2020-24490 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 36 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka "BleedingTooth" aka "BadKarma" (bsc#1177724). - CVE-2020-24490: Fixed a heap buffer overflow when processing extended advertising report events aka "BleedingTooth" aka "BadVibes" (bsc#1177726). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka "BleedingTooth" aka "BadChoice" (bsc#1177725). - CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121). - CVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: Enable PCI write-combine resources under sysfs (bsc#1175807). - ASoC: img-i2s-out: Fix runtime PM imbalance on error (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 (git-fixes). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions (git-fixes). - ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811 (git-fixes). - ata: ahci: mvebu: Make SATA PHY optional for Armada 3720 (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - brcmfmac: Fix double freeing in the fmac usb data path (git-fixes). - btrfs: block-group: do not set the wrong READA flag for btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: fix free-space bitmap threshold (bsc#1176019). - btrfs: block-group: refactor how we delete one block group item (bsc#1176019). - btrfs: block-group: refactor how we insert a block group item (bsc#1176019). - btrfs: block-group: refactor how we read one block group item (bsc#1176019). - btrfs: block-group: rename write_one_cache_group() (bsc#1176019). - btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687). - btrfs: do not set the full sync flag on the inode during page release (bsc#1177687). - btrfs: do not take an extra root ref at allocation time (bsc#1176019). - btrfs: drop logs when we've aborted a transaction (bsc#1176019). - btrfs: fix a race between scrub and block group removal/allocation (bsc#1176019). - Btrfs: fix crash during unmount due to race with delayed inode workers (bsc#1176019). - btrfs: fix race between page release and a fast fsync (bsc#1177687). - btrfs: free block groups after free'ing fs trees (bsc#1176019). - btrfs: hold a ref on the root on the dead roots list (bsc#1176019). - btrfs: kill the subvol_srcu (bsc#1176019). - btrfs: make btrfs_cleanup_fs_roots use the radix tree lock (bsc#1176019). - btrfs: make inodes hold a ref on their roots (bsc#1176019). - btrfs: make the extent buffer leak check per fs info (bsc#1176019). - btrfs: move ino_cache_inode dropping out of btrfs_free_fs_root (bsc#1176019). - btrfs: move the block group freeze/unfreeze helpers into block-group.c (bsc#1176019). - btrfs: move the root freeing stuff into btrfs_put_root (bsc#1176019). - btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687). - btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687). - btrfs: reduce contention on log trees when logging checksums (bsc#1177687). - btrfs: release old extent maps during page release (bsc#1177687). - btrfs: remove no longer necessary chunk mutex locking cases (bsc#1176019). - btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687). - btrfs: rename member 'trimming' of block group to a more generic name (bsc#1176019). - btrfs: scrub, only lookup for csums if we are dealing with a data extent (bsc#1176019). - btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687). - bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk (git-fixes). - clk: tegra: Always program PLL_E when enabled (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - clocksource/drivers/timer-gx6605s: Fixup counter reload (git-fixes). - create Storage / NVMe subsection - crypto: algif_aead - Do not set MAY_BACKLOG on the async path (git-fixes). - crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes). - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes). - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes). - crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes). - crypto: omap-sham - fix digcnt register handling with export/import (git-fixes). - crypto: picoxcell - Fix potential race condition bug (git-fixes). - crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA (git-fixes). - cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes). - Disable CONFIG_LIVEPATCH_IPA_CLONES where not needed Explicitly disable CONFIG_LIVEPATCH_IPA_CLONES in configs where it is not needed to avoid confusion and unwanted values due to fragment config files. - dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails (git-fixes). - dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all (git-fixes). - dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) (git-fixes). - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config (git-fixes). - drm/radeon: revert "Prefer lower feedback dividers" (bsc#1177384). - drop Storage / bsc#1171688 subsection No effect on expanded tree. - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - ftrace: Move RCU is watching check after recursion check (git-fixes). - fuse: do not ignore errors from fuse_writepages_fill() (bsc#1177193). - gpio: mockup: fix resource leak in error path (git-fixes). - gpio: rcar: Fix runtime PM imbalance on error (git-fixes). - gpio: siox: explicitly support only threaded irqs (git-fixes). - gpio: sprd: Clear interrupt when setting the type as edge (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - hwmon: (applesmc) check status earlier (git-fixes). - hwmon: (mlxreg-fan) Fix double "Mellanox" (git-fixes). - hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61} (git-fixes). - i2c: aspeed: Mask IRQ status to relevant bits (git-fixes). - i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - i2c: i801: Exclude device from suspend direct complete optimization (git-fixes). - i2c: meson: fix clock setting overwrite (git-fixes). - i2c: meson: fixup rate calculation with filter delay (git-fixes). - i2c: owl: Clear NACK and BUS error bits (git-fixes). - i2c: tegra: Prevent interrupt triggering after transfer timeout (git-fixes). - i2c: tegra: Restore pinmux on system resume (git-fixes). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio: adc: qcom-spmi-adc5: fix driver name (git-fixes). - ima: extend boot_aggregate with kernel measurements (bsc#1177617). - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (bsc#954532). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177297). - iommu/amd: Fix potential @entry null deref (bsc#1177283). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177284). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177285). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177286). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - kabi fix for NFS: Fix flexfiles read failover (git-fixes). - kabi: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - kabi/severities: ignore kABI for target_core_rbd Match behaviour for all other Ceph specific modules. - kernel-binary.spec.in: Exclude .config.old from kernel-devel - use tar excludes for .kernel-binary.spec.buildenv - kernel-binary.spec.in: Package the obj_install_dir as explicit filelist. - leds: mlxreg: Fix possible buffer overflow (git-fixes). - libceph-add-support-for-CMPEXT-compare-extent-reques.patch: (bsc#1177090). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - mac80211: skip mpath lookup also for control port tx (git-fixes). - mac802154: tx: fix use-after-free (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - media: camss: Fix a reference count leak (git-fixes). - media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes). - media: mc-device.c: fix memleak in media_device_register_entity (git-fixes). - media: mx2_emmaprp: Fix memleak in emmaprp_probe (git-fixes). - media: omap3isp: Fix memleak in isp_probe (git-fixes). - media: ov5640: Correct Bit Div register in clock tree diagram (git-fixes). - media: platform: fcp: Fix a reference count leak (git-fixes). - media: rcar-csi2: Allocate v4l2_async_subdev dynamically (git-fixes). - media: rcar-vin: Fix a reference count leak (git-fixes). - media: rc: do not access device via sysfs after rc_unregister_device() (git-fixes). - media: rc: uevent sysfs file races with rc_unregister_device() (git-fixes). - media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()" (git-fixes). - media: rockchip/rga: Fix a reference count leak (git-fixes). - media: s5p-mfc: Fix a reference count leak (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: staging/intel-ipu3: css: Correctly reset some memory (git-fixes). - media: stm32-dcmi: Fix a reference count leak (git-fixes). - media: tc358743: cleanup tc358743_cec_isr (git-fixes). - media: tc358743: initialize variable (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - media: ti-vpe: Fix a missing check and reference count leak (git-fixes). - media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes). - media: usbtv: Fix refcounting mixup (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Document asd allocation requirements (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: call cond_resched() from deferred_init_memmap() (git fixes (mm/init), bsc#1177697). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mmc: core: Rework wp-gpio handling (git-fixes). - mm, compaction: fully assume capture is not NULL in compact_zone_order() (git fixes (mm/compaction), bsc#1177681). - mm, compaction: make capture control handling safe wrt interrupts (git fixes (mm/compaction), bsc#1177681). - mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mmc: sdhci: Add LTR support for some Intel BYT based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/debug.c: always print flags in dump_page() (git fixes (mm/debug)). - mm: initialize deferred pages with interrupts enabled (git fixes (mm/init), bsc#1177697). - mm/memcontrol.c: lost css_put in memcg_expand_shrinker_maps() (bsc#1177694). - mm/migrate.c: also overwrite error when it is bigger than zero (git fixes (mm/move_pages), bsc#1177683). - mm: move_pages: report the number of non-attempted pages (git fixes (mm/move_pages), bsc#1177683). - mm: move_pages: return valid node id in status if the page is already on the target node (git fixes (mm/move_pages), bsc#1177683). - mm/pagealloc.c: call touch_nmi_watchdog() on max order boundaries in deferred init (git fixes (mm/init), bsc#1177697). - mm, slab/slub: move and improve cache_from_obj() (mm/slub bsc#1165692). mm, slab/slub: improve error reporting and overhead of cache_from_obj() (mm/slub bsc#1165692). - mm, slub: extend checks guarded by slub_debug static key (mm/slub bsc#1165692). - mm, slub: extend slub_debug syntax for multiple blocks (mm/slub bsc#1165692). - mm, slub: introduce kmem_cache_debug_flags() (mm/slub bsc#1165692). - mm, slub: introduce static key for slub_debug() (mm/slub bsc#1165692). - mm, slub: make reclaim_account attribute read-only (mm/slub bsc#1165692). - mm, slub: make remaining slub_debug related attributes read-only (mm/slub bsc#1165692). - mm, slub: make some slub_debug related attributes read-only (mm/slub bsc#1165692). - mm, slub: remove runtime allocation order changes (mm/slub bsc#1165692). - mm, slub: restore initial kmem_cache flags (mm/slub bsc#1165692). - Move upstreamed intel-vbtn patch into sorted section - mt76: add missing locking around ampdu action (git-fixes). - mt76: clear skb pointers from rx aggregation reorder buffer during cleanup (git-fixes). - mt76: do not use devm API for led classdev (git-fixes). - mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw (git-fixes). - mt76: fix LED link time failure (git-fixes). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: rawnand: gpmi: Fix runtime PM imbalance on error (git-fixes). - mtd: rawnand: omap_elm: Fix runtime PM imbalance on error (git-fixes). - net: phy: realtek: fix rtl8211e rx/tx delay config (git-fixes). - nfsd4: fix NULL dereference in nfsd/clients display code (git-fixes). - NFS: Do not move layouts to plh_return_segs list while in use (git-fixes). - NFS: Do not return layout segments that are in use (git-fixes). - NFS: ensure correct writeback errors are returned on close() (git-fixes). - NFS: Fix flexfiles read failover (git-fixes). - NFS: Fix security label length not being reset (bsc#1176381). - NFS: nfs_file_write() should check for writeback errors (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - nvme-multipath: retry commands for dying queues (bsc#1171688). - patches.suse/target-compare-and-write-backend-driver-sense-handli.patch: (bsc#1177719). - patches.suse/target-rbd-detect-stripe_unit-SCSI-block-size-misali.patch (bsc#1177090). - patches.suse/target-rbd-support-COMPARE_AND_WRITE.patch: (fate#318836, bsc#1177090). - PCI: Avoid double hpmemsize MMIO window assignment (git-fixes). - PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - PCI: tegra194: Fix runtime PM imbalance on error (git-fixes). - PCI: tegra: Fix runtime PM imbalance on error (git-fixes). - phy: ti: am654: Fix a leak in serdes_am654_probe() (git-fixes). - pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - Platform: OLPC: Fix memleak in olpc_ec_probe (git-fixes). - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes). - platform/x86: fix kconfig dependency warning for LG_LAPTOP (git-fixes). - platform/x86: intel_pmc_core: do not create a static struct device (git-fixes). - platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting (bsc#1175599). - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes). - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes). - pNFS/flexfiles: Ensure we initialise the mirror bsizes correctly on read (git-fixes). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - qla2xxx: Return EBUSY on fcport deletion (bsc#1171688). - r8169: fix data corruption issue on RTL8402 (bsc#1174098). - rbd-add-rbd_img_fill_cmp_and_write_from_bvecs.patch: (bsc#1177090). - rbd-add-support-for-COMPARE_AND_WRITE-CMPEXT.patch: (bsc#1177090). - RDMA/hfi1: Correct an interlock issue for TID RDMA WRITE request (bsc#1175621). - Refresh patches.suse/fnic-to-not-call-scsi_done-for-unhandled-commands.patch (bsc#1168468, bsc#1171675). - regulator: axp20x: fix LDO2/4 description (git-fixes). - regulator: resolve supply after creating regulator (git-fixes). - rename Other drivers / Intel IOMMU subsection to IOMMU - Rename patches to the same name as in SLE15-SP3. - Rename scsi-fnic-do-not-call-scsi_done-for-unhandled-commands.patch Fix typo in patch file name. - rtc: ds1374: fix possible race condition (git-fixes). - rtc: sa1100: fix possible race condition (git-fixes). - s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - sched/fair: Ignore cache hotness for SMT migration (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Use dst group while checking imbalance for NUMA balancer (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/numa: Use runnable_avg to classify node (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add SLER and PI control support (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix memory size truncation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Performance tweak (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1171688 bsc#1174003). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - serial: uartps: Wait for tx_empty in console setup (git-fixes). - spi: dw-pci: free previously allocated IRQs if desc->setup() fails (git-fixes). - spi: fsl-espi: Only process interrupts for expected events (git-fixes). - spi: omap2-mcspi: Improve performance waiting for CHSTAT (git-fixes). - spi: sprd: Release DMA channel also on probe deferral (git-fixes). - spi: stm32: Rate-limit the 'Communication suspended' message (git-fixes). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (git-fixes). - target-rbd-add-emulate_legacy_capacity-dev-attribute.patch: (bsc#1177109). - target-rbd-add-WRITE-SAME-support.patch: (bsc#1177090). - target-rbd-conditionally-fix-off-by-one-bug-in-get_b.patch: (bsc#1177109). - target-rbd-fix-unmap-discard-block-size-conversion.patch: (bsc#1177271). - target-rbd-fix-unmap-handling-with-unmap_zeroes_data.patch: (bsc#1177271). - thermal: rcar_thermal: Handle probe error gracefully (git-fixes). - Update config files. Enable ACPI_PCI_SLOT and HOTPLUG_PCI_ACPI (bsc#1177194). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#1176979). - virtio-net: do not disable guest csum when disable LRO (git-fixes). - vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes). - wlcore: fix runtime pm imbalance in wl1271_tx_work (git-fixes). - wlcore: fix runtime pm imbalance in wlcore_regdomain_config (git-fixes). - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1176907). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xprtrdma: fix incorrect header size calculations (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2980=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2980=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2980=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2980=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2980=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.29.2 kernel-default-debugsource-5.3.18-24.29.2 kernel-default-extra-5.3.18-24.29.2 kernel-default-extra-debuginfo-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.29.2 kernel-default-debugsource-5.3.18-24.29.2 reiserfs-kmp-default-5.3.18-24.29.2 reiserfs-kmp-default-debuginfo-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.29.2 kernel-obs-build-debugsource-5.3.18-24.29.2 kernel-syms-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.29.2 kernel-preempt-debugsource-5.3.18-24.29.2 kernel-preempt-devel-5.3.18-24.29.2 kernel-preempt-devel-debuginfo-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.29.2 kernel-source-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.29.2 kernel-default-base-5.3.18-24.29.2.9.9.3 kernel-default-debuginfo-5.3.18-24.29.2 kernel-default-debugsource-5.3.18-24.29.2 kernel-default-devel-5.3.18-24.29.2 kernel-default-devel-debuginfo-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.29.2 kernel-preempt-debuginfo-5.3.18-24.29.2 kernel-preempt-debugsource-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.29.2 kernel-macros-5.3.18-24.29.2 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.29.2 cluster-md-kmp-default-debuginfo-5.3.18-24.29.2 dlm-kmp-default-5.3.18-24.29.2 dlm-kmp-default-debuginfo-5.3.18-24.29.2 gfs2-kmp-default-5.3.18-24.29.2 gfs2-kmp-default-debuginfo-5.3.18-24.29.2 kernel-default-debuginfo-5.3.18-24.29.2 kernel-default-debugsource-5.3.18-24.29.2 ocfs2-kmp-default-5.3.18-24.29.2 ocfs2-kmp-default-debuginfo-5.3.18-24.29.2 References: https://www.suse.com/security/cve/CVE-2020-12351.html https://www.suse.com/security/cve/CVE-2020-12352.html https://www.suse.com/security/cve/CVE-2020-24490.html https://www.suse.com/security/cve/CVE-2020-25641.html https://www.suse.com/security/cve/CVE-2020-25643.html https://www.suse.com/security/cve/CVE-2020-25645.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1155798 https://bugzilla.suse.com/1165692 https://bugzilla.suse.com/1168468 https://bugzilla.suse.com/1171675 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174098 https://bugzilla.suse.com/1175599 https://bugzilla.suse.com/1175621 https://bugzilla.suse.com/1175807 https://bugzilla.suse.com/1176019 https://bugzilla.suse.com/1176400 https://bugzilla.suse.com/1176907 https://bugzilla.suse.com/1176979 https://bugzilla.suse.com/1177090 https://bugzilla.suse.com/1177109 https://bugzilla.suse.com/1177121 https://bugzilla.suse.com/1177193 https://bugzilla.suse.com/1177194 https://bugzilla.suse.com/1177206 https://bugzilla.suse.com/1177258 https://bugzilla.suse.com/1177271 https://bugzilla.suse.com/1177283 https://bugzilla.suse.com/1177284 https://bugzilla.suse.com/1177285 https://bugzilla.suse.com/1177286 https://bugzilla.suse.com/1177297 https://bugzilla.suse.com/1177384 https://bugzilla.suse.com/1177511 https://bugzilla.suse.com/1177617 https://bugzilla.suse.com/1177681 https://bugzilla.suse.com/1177683 https://bugzilla.suse.com/1177687 https://bugzilla.suse.com/1177694 https://bugzilla.suse.com/1177697 https://bugzilla.suse.com/1177719 https://bugzilla.suse.com/1177724 https://bugzilla.suse.com/1177725 https://bugzilla.suse.com/1177726 https://bugzilla.suse.com/954532 From sle-security-updates at lists.suse.com Wed Oct 21 10:29:22 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Oct 2020 18:29:22 +0200 (CEST) Subject: SUSE-SU-2020:2980-1: critical: Security update for the Linux Kernel Message-ID: <20201021162922.D3F7DFFA6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2980-1 Rating: critical References: #1065600 #1065729 #1155798 #1165692 #1168468 #1171675 #1171688 #1174003 #1174098 #1175599 #1175621 #1175807 #1176019 #1176400 #1176907 #1176979 #1177090 #1177109 #1177121 #1177193 #1177194 #1177206 #1177258 #1177271 #1177283 #1177284 #1177285 #1177286 #1177297 #1177384 #1177511 #1177617 #1177681 #1177683 #1177687 #1177694 #1177697 #1177719 #1177724 #1177725 #1177726 #954532 Cross-References: CVE-2020-12351 CVE-2020-12352 CVE-2020-24490 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 36 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka "BleedingTooth" aka "BadKarma" (bsc#1177724). - CVE-2020-24490: Fixed a heap buffer overflow when processing extended advertising report events aka "BleedingTooth" aka "BadVibes" (bsc#1177726). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka "BleedingTooth" aka "BadChoice" (bsc#1177725). - CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121). - CVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: Enable PCI write-combine resources under sysfs (bsc#1175807). - ASoC: img-i2s-out: Fix runtime PM imbalance on error (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 (git-fixes). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions (git-fixes). - ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811 (git-fixes). - ata: ahci: mvebu: Make SATA PHY optional for Armada 3720 (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - brcmfmac: Fix double freeing in the fmac usb data path (git-fixes). - btrfs: block-group: do not set the wrong READA flag for btrfs_read_block_groups() (bsc#1176019). - btrfs: block-group: fix free-space bitmap threshold (bsc#1176019). - btrfs: block-group: refactor how we delete one block group item (bsc#1176019). - btrfs: block-group: refactor how we insert a block group item (bsc#1176019). - btrfs: block-group: refactor how we read one block group item (bsc#1176019). - btrfs: block-group: rename write_one_cache_group() (bsc#1176019). - btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687). - btrfs: do not set the full sync flag on the inode during page release (bsc#1177687). - btrfs: do not take an extra root ref at allocation time (bsc#1176019). - btrfs: drop logs when we've aborted a transaction (bsc#1176019). - btrfs: fix a race between scrub and block group removal/allocation (bsc#1176019). - Btrfs: fix crash during unmount due to race with delayed inode workers (bsc#1176019). - btrfs: fix race between page release and a fast fsync (bsc#1177687). - btrfs: free block groups after free'ing fs trees (bsc#1176019). - btrfs: hold a ref on the root on the dead roots list (bsc#1176019). - btrfs: kill the subvol_srcu (bsc#1176019). - btrfs: make btrfs_cleanup_fs_roots use the radix tree lock (bsc#1176019). - btrfs: make inodes hold a ref on their roots (bsc#1176019). - btrfs: make the extent buffer leak check per fs info (bsc#1176019). - btrfs: move ino_cache_inode dropping out of btrfs_free_fs_root (bsc#1176019). - btrfs: move the block group freeze/unfreeze helpers into block-group.c (bsc#1176019). - btrfs: move the root freeing stuff into btrfs_put_root (bsc#1176019). - btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687). - btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687). - btrfs: reduce contention on log trees when logging checksums (bsc#1177687). - btrfs: release old extent maps during page release (bsc#1177687). - btrfs: remove no longer necessary chunk mutex locking cases (bsc#1176019). - btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687). - btrfs: rename member 'trimming' of block group to a more generic name (bsc#1176019). - btrfs: scrub, only lookup for csums if we are dealing with a data extent (bsc#1176019). - btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687). - bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk (git-fixes). - clk: tegra: Always program PLL_E when enabled (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - clocksource/drivers/timer-gx6605s: Fixup counter reload (git-fixes). - create Storage / NVMe subsection - crypto: algif_aead - Do not set MAY_BACKLOG on the async path (git-fixes). - crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes). - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes). - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes). - crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes). - crypto: omap-sham - fix digcnt register handling with export/import (git-fixes). - crypto: picoxcell - Fix potential race condition bug (git-fixes). - crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA (git-fixes). - cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes). - Disable CONFIG_LIVEPATCH_IPA_CLONES where not needed Explicitly disable CONFIG_LIVEPATCH_IPA_CLONES in configs where it is not needed to avoid confusion and unwanted values due to fragment config files. - dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails (git-fixes). - dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all (git-fixes). - dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) (git-fixes). - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config (git-fixes). - drm/radeon: revert "Prefer lower feedback dividers" (bsc#1177384). - drop Storage / bsc#1171688 subsection No effect on expanded tree. - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - ftrace: Move RCU is watching check after recursion check (git-fixes). - fuse: do not ignore errors from fuse_writepages_fill() (bsc#1177193). - gpio: mockup: fix resource leak in error path (git-fixes). - gpio: rcar: Fix runtime PM imbalance on error (git-fixes). - gpio: siox: explicitly support only threaded irqs (git-fixes). - gpio: sprd: Clear interrupt when setting the type as edge (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - hwmon: (applesmc) check status earlier (git-fixes). - hwmon: (mlxreg-fan) Fix double "Mellanox" (git-fixes). - hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61} (git-fixes). - i2c: aspeed: Mask IRQ status to relevant bits (git-fixes). - i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - i2c: i801: Exclude device from suspend direct complete optimization (git-fixes). - i2c: meson: fix clock setting overwrite (git-fixes). - i2c: meson: fixup rate calculation with filter delay (git-fixes). - i2c: owl: Clear NACK and BUS error bits (git-fixes). - i2c: tegra: Prevent interrupt triggering after transfer timeout (git-fixes). - i2c: tegra: Restore pinmux on system resume (git-fixes). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio: adc: qcom-spmi-adc5: fix driver name (git-fixes). - ima: extend boot_aggregate with kernel measurements (bsc#1177617). - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (bsc#954532). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177297). - iommu/amd: Fix potential @entry null deref (bsc#1177283). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177284). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177285). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177286). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - kabi fix for NFS: Fix flexfiles read failover (git-fixes). - kabi: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - kabi/severities: ignore kABI for target_core_rbd Match behaviour for all other Ceph specific modules. - kernel-binary.spec.in: Exclude .config.old from kernel-devel - use tar excludes for .kernel-binary.spec.buildenv - kernel-binary.spec.in: Package the obj_install_dir as explicit filelist. - leds: mlxreg: Fix possible buffer overflow (git-fixes). - libceph-add-support-for-CMPEXT-compare-extent-reques.patch: (bsc#1177090). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - mac80211: skip mpath lookup also for control port tx (git-fixes). - mac802154: tx: fix use-after-free (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - media: camss: Fix a reference count leak (git-fixes). - media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes). - media: mc-device.c: fix memleak in media_device_register_entity (git-fixes). - media: mx2_emmaprp: Fix memleak in emmaprp_probe (git-fixes). - media: omap3isp: Fix memleak in isp_probe (git-fixes). - media: ov5640: Correct Bit Div register in clock tree diagram (git-fixes). - media: platform: fcp: Fix a reference count leak (git-fixes). - media: rcar-csi2: Allocate v4l2_async_subdev dynamically (git-fixes). - media: rcar-vin: Fix a reference count leak (git-fixes). - media: rc: do not access device via sysfs after rc_unregister_device() (git-fixes). - media: rc: uevent sysfs file races with rc_unregister_device() (git-fixes). - media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()" (git-fixes). - media: rockchip/rga: Fix a reference count leak (git-fixes). - media: s5p-mfc: Fix a reference count leak (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: staging/intel-ipu3: css: Correctly reset some memory (git-fixes). - media: stm32-dcmi: Fix a reference count leak (git-fixes). - media: tc358743: cleanup tc358743_cec_isr (git-fixes). - media: tc358743: initialize variable (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - media: ti-vpe: Fix a missing check and reference count leak (git-fixes). - media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes). - media: usbtv: Fix refcounting mixup (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Document asd allocation requirements (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: call cond_resched() from deferred_init_memmap() (git fixes (mm/init), bsc#1177697). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mmc: core: Rework wp-gpio handling (git-fixes). - mm, compaction: fully assume capture is not NULL in compact_zone_order() (git fixes (mm/compaction), bsc#1177681). - mm, compaction: make capture control handling safe wrt interrupts (git fixes (mm/compaction), bsc#1177681). - mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mmc: sdhci: Add LTR support for some Intel BYT based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/debug.c: always print flags in dump_page() (git fixes (mm/debug)). - mm: initialize deferred pages with interrupts enabled (git fixes (mm/init), bsc#1177697). - mm/memcontrol.c: lost css_put in memcg_expand_shrinker_maps() (bsc#1177694). - mm/migrate.c: also overwrite error when it is bigger than zero (git fixes (mm/move_pages), bsc#1177683). - mm: move_pages: report the number of non-attempted pages (git fixes (mm/move_pages), bsc#1177683). - mm: move_pages: return valid node id in status if the page is already on the target node (git fixes (mm/move_pages), bsc#1177683). - mm/pagealloc.c: call touch_nmi_watchdog() on max order boundaries in deferred init (git fixes (mm/init), bsc#1177697). - mm, slab/slub: move and improve cache_from_obj() (mm/slub bsc#1165692). mm, slab/slub: improve error reporting and overhead of cache_from_obj() (mm/slub bsc#1165692). - mm, slub: extend checks guarded by slub_debug static key (mm/slub bsc#1165692). - mm, slub: extend slub_debug syntax for multiple blocks (mm/slub bsc#1165692). - mm, slub: introduce kmem_cache_debug_flags() (mm/slub bsc#1165692). - mm, slub: introduce static key for slub_debug() (mm/slub bsc#1165692). - mm, slub: make reclaim_account attribute read-only (mm/slub bsc#1165692). - mm, slub: make remaining slub_debug related attributes read-only (mm/slub bsc#1165692). - mm, slub: make some slub_debug related attributes read-only (mm/slub bsc#1165692). - mm, slub: remove runtime allocation order changes (mm/slub bsc#1165692). - mm, slub: restore initial kmem_cache flags (mm/slub bsc#1165692). - Move upstreamed intel-vbtn patch into sorted section - mt76: add missing locking around ampdu action (git-fixes). - mt76: clear skb pointers from rx aggregation reorder buffer during cleanup (git-fixes). - mt76: do not use devm API for led classdev (git-fixes). - mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw (git-fixes). - mt76: fix LED link time failure (git-fixes). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: rawnand: gpmi: Fix runtime PM imbalance on error (git-fixes). - mtd: rawnand: omap_elm: Fix runtime PM imbalance on error (git-fixes). - net: phy: realtek: fix rtl8211e rx/tx delay config (git-fixes). - nfsd4: fix NULL dereference in nfsd/clients display code (git-fixes). - NFS: Do not move layouts to plh_return_segs list while in use (git-fixes). - NFS: Do not return layout segments that are in use (git-fixes). - NFS: ensure correct writeback errors are returned on close() (git-fixes). - NFS: Fix flexfiles read failover (git-fixes). - NFS: Fix security label length not being reset (bsc#1176381). - NFS: nfs_file_write() should check for writeback errors (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - nvme-multipath: retry commands for dying queues (bsc#1171688). - patches.suse/target-compare-and-write-backend-driver-sense-handli.patch: (bsc#1177719). - patches.suse/target-rbd-detect-stripe_unit-SCSI-block-size-misali.patch (bsc#1177090). - patches.suse/target-rbd-support-COMPARE_AND_WRITE.patch: (fate#318836, bsc#1177090). - PCI: Avoid double hpmemsize MMIO window assignment (git-fixes). - PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - PCI: tegra194: Fix runtime PM imbalance on error (git-fixes). - PCI: tegra: Fix runtime PM imbalance on error (git-fixes). - phy: ti: am654: Fix a leak in serdes_am654_probe() (git-fixes). - pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - Platform: OLPC: Fix memleak in olpc_ec_probe (git-fixes). - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes). - platform/x86: fix kconfig dependency warning for LG_LAPTOP (git-fixes). - platform/x86: intel_pmc_core: do not create a static struct device (git-fixes). - platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting (bsc#1175599). - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes). - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes). - pNFS/flexfiles: Ensure we initialise the mirror bsizes correctly on read (git-fixes). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - qla2xxx: Return EBUSY on fcport deletion (bsc#1171688). - r8169: fix data corruption issue on RTL8402 (bsc#1174098). - rbd-add-rbd_img_fill_cmp_and_write_from_bvecs.patch: (bsc#1177090). - rbd-add-support-for-COMPARE_AND_WRITE-CMPEXT.patch: (bsc#1177090). - RDMA/hfi1: Correct an interlock issue for TID RDMA WRITE request (bsc#1175621). - Refresh patches.suse/fnic-to-not-call-scsi_done-for-unhandled-commands.patch (bsc#1168468, bsc#1171675). - regulator: axp20x: fix LDO2/4 description (git-fixes). - regulator: resolve supply after creating regulator (git-fixes). - rename Other drivers / Intel IOMMU subsection to IOMMU - Rename patches to the same name as in SLE15-SP3. - Rename scsi-fnic-do-not-call-scsi_done-for-unhandled-commands.patch Fix typo in patch file name. - rtc: ds1374: fix possible race condition (git-fixes). - rtc: sa1100: fix possible race condition (git-fixes). - s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979). - sched/fair: Ignore cache hotness for SMT migration (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Use dst group while checking imbalance for NUMA balancer (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/numa: Use runnable_avg to classify node (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add SLER and PI control support (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix memory size truncation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Performance tweak (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1171688 bsc#1174003). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - serial: uartps: Wait for tx_empty in console setup (git-fixes). - spi: dw-pci: free previously allocated IRQs if desc->setup() fails (git-fixes). - spi: fsl-espi: Only process interrupts for expected events (git-fixes). - spi: omap2-mcspi: Improve performance waiting for CHSTAT (git-fixes). - spi: sprd: Release DMA channel also on probe deferral (git-fixes). - spi: stm32: Rate-limit the 'Communication suspended' message (git-fixes). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (git-fixes). - target-rbd-add-emulate_legacy_capacity-dev-attribute.patch: (bsc#1177109). - target-rbd-add-WRITE-SAME-support.patch: (bsc#1177090). - target-rbd-conditionally-fix-off-by-one-bug-in-get_b.patch: (bsc#1177109). - target-rbd-fix-unmap-discard-block-size-conversion.patch: (bsc#1177271). - target-rbd-fix-unmap-handling-with-unmap_zeroes_data.patch: (bsc#1177271). - thermal: rcar_thermal: Handle probe error gracefully (git-fixes). - Update config files. Enable ACPI_PCI_SLOT and HOTPLUG_PCI_ACPI (bsc#1177194). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#1176979). - virtio-net: do not disable guest csum when disable LRO (git-fixes). - vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes). - wlcore: fix runtime pm imbalance in wl1271_tx_work (git-fixes). - wlcore: fix runtime pm imbalance in wlcore_regdomain_config (git-fixes). - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1176907). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xprtrdma: fix incorrect header size calculations (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2980=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2980=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2980=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2980=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2980=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2980=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.29.2 kernel-default-debugsource-5.3.18-24.29.2 kernel-default-extra-5.3.18-24.29.2 kernel-default-extra-debuginfo-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.29.2 kernel-default-debugsource-5.3.18-24.29.2 kernel-default-livepatch-5.3.18-24.29.2 kernel-default-livepatch-devel-5.3.18-24.29.2 kernel-livepatch-5_3_18-24_29-default-1-5.3.3 kernel-livepatch-5_3_18-24_29-default-debuginfo-1-5.3.3 kernel-livepatch-SLE15-SP2_Update_5-debugsource-1-5.3.3 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.29.2 kernel-default-debugsource-5.3.18-24.29.2 reiserfs-kmp-default-5.3.18-24.29.2 reiserfs-kmp-default-debuginfo-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.29.2 kernel-obs-build-debugsource-5.3.18-24.29.2 kernel-syms-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.29.2 kernel-preempt-debugsource-5.3.18-24.29.2 kernel-preempt-devel-5.3.18-24.29.2 kernel-preempt-devel-debuginfo-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.29.2 kernel-source-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.29.2 kernel-default-base-5.3.18-24.29.2.9.9.3 kernel-default-debuginfo-5.3.18-24.29.2 kernel-default-debugsource-5.3.18-24.29.2 kernel-default-devel-5.3.18-24.29.2 kernel-default-devel-debuginfo-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.29.2 kernel-preempt-debuginfo-5.3.18-24.29.2 kernel-preempt-debugsource-5.3.18-24.29.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.29.2 kernel-macros-5.3.18-24.29.2 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.29.2 cluster-md-kmp-default-debuginfo-5.3.18-24.29.2 dlm-kmp-default-5.3.18-24.29.2 dlm-kmp-default-debuginfo-5.3.18-24.29.2 gfs2-kmp-default-5.3.18-24.29.2 gfs2-kmp-default-debuginfo-5.3.18-24.29.2 kernel-default-debuginfo-5.3.18-24.29.2 kernel-default-debugsource-5.3.18-24.29.2 ocfs2-kmp-default-5.3.18-24.29.2 ocfs2-kmp-default-debuginfo-5.3.18-24.29.2 References: https://www.suse.com/security/cve/CVE-2020-12351.html https://www.suse.com/security/cve/CVE-2020-12352.html https://www.suse.com/security/cve/CVE-2020-24490.html https://www.suse.com/security/cve/CVE-2020-25641.html https://www.suse.com/security/cve/CVE-2020-25643.html https://www.suse.com/security/cve/CVE-2020-25645.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1155798 https://bugzilla.suse.com/1165692 https://bugzilla.suse.com/1168468 https://bugzilla.suse.com/1171675 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174098 https://bugzilla.suse.com/1175599 https://bugzilla.suse.com/1175621 https://bugzilla.suse.com/1175807 https://bugzilla.suse.com/1176019 https://bugzilla.suse.com/1176400 https://bugzilla.suse.com/1176907 https://bugzilla.suse.com/1176979 https://bugzilla.suse.com/1177090 https://bugzilla.suse.com/1177109 https://bugzilla.suse.com/1177121 https://bugzilla.suse.com/1177193 https://bugzilla.suse.com/1177194 https://bugzilla.suse.com/1177206 https://bugzilla.suse.com/1177258 https://bugzilla.suse.com/1177271 https://bugzilla.suse.com/1177283 https://bugzilla.suse.com/1177284 https://bugzilla.suse.com/1177285 https://bugzilla.suse.com/1177286 https://bugzilla.suse.com/1177297 https://bugzilla.suse.com/1177384 https://bugzilla.suse.com/1177511 https://bugzilla.suse.com/1177617 https://bugzilla.suse.com/1177681 https://bugzilla.suse.com/1177683 https://bugzilla.suse.com/1177687 https://bugzilla.suse.com/1177694 https://bugzilla.suse.com/1177697 https://bugzilla.suse.com/1177719 https://bugzilla.suse.com/1177724 https://bugzilla.suse.com/1177725 https://bugzilla.suse.com/1177726 https://bugzilla.suse.com/954532 From sle-security-updates at lists.suse.com Wed Oct 21 10:34:38 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Oct 2020 18:34:38 +0200 (CEST) Subject: SUSE-SU-2020:2981-1: critical: Security update for the Linux Kernel Message-ID: <20201021163438.9AD29FFA6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2981-1 Rating: critical References: #1065729 #1140683 #1152624 #1172538 #1172757 #1174748 #1175520 #1176381 #1176400 #1176713 #1176946 #1177027 #1177340 #1177359 #1177511 #1177685 #1177687 #1177724 #1177725 Cross-References: CVE-2020-12351 CVE-2020-12352 CVE-2020-25212 CVE-2020-25645 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves four vulnerabilities and has 15 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka "BleedingTooth" aka "BadKarma" (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka "BleedingTooth" aka "BadChoice" (bsc#1177725). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511). - CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bsc#1176381). The following non-security bugs were fixed: - btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687). - btrfs: do not set the full sync flag on the inode during page release (bsc#1177687). - btrfs: fix incorrect updating of log root tree (bsc#1177687). - btrfs: fix race between page release and a fast fsync (bsc#1177687). - btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687). - btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687). - btrfs: reduce contention on log trees when logging checksums (bsc#1177687). - btrfs: release old extent maps during page release (bsc#1177687). - btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687). - btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687). - drm/amdgpu: prevent double kfree ttm->sg (git-fixes). - drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes). - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - ext4: fix dir_nlink behaviour (bsc#1177359). - i2c: meson: fix clock setting overwrite (git-fixes). - include/linux/swapops.h: correct guards for non_swap_entry() (git-fixes (mm/swap)). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - leds: mt6323: move period calculation (git-fixes). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - mfd: sm501: Fix leaks in probe() (git-fixes). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)). - mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() (git-fixes (mm/hugetlb)). - mm/ksm.c: do not WARN if page is still mapped in remove_stable_node() (git-fixes (mm/hugetlb)). - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685). - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)). - mm/mempolicy.c: use match_string() helper to simplify the code (git-fixes (mm/mempolicy)). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (git-fixes (mm/numa)). - mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages (git-fixes (mm/debug)). - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)). - mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)). - mm/page-writeback.c: use div64_ul() for u64-by-unsigned-long divide (git-fixes (mm/writeback)). - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)). - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: fix race condition in zs_destroy_pool (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely (git-fixes (mm/zsmalloc)). - Move the upstreamed bluetooth fix into sorted section - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes). - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748). add two previous futile attempts to fix the bug to blacklist.conf - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748). - nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748). - nvme: fix possible io failures when removing multipathed ns (bsc#1174748). - nvme: make nvme_identify_ns propagate errors back (bsc#1174748). - nvme: make nvme_report_ns_ids propagate error back (bsc#1174748). - nvme-multipath: do not reset on unknown status (bsc#1174748). - nvme: Namepace identification descriptor list is optional (bsc#1174748). - nvme: pass status to nvme_error_status (bsc#1174748). - nvme-rdma: Avoid double freeing of async event data (bsc#1174748). - nvme: return error from nvme_alloc_ns() (bsc#1174748). - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - pty: do tty_flip_buffer_push without port->lock in pty_write (git-fixes). - scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683). - scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683). - scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32() (bsc#1140683). - scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#1140683). - scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683). - scsi: hisi_sas: Do some more tidy-up (bsc#1140683). - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683). - scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh: - scsi: hisi_sas: No need to check return value of debugfs_create functions (bsc#1140683). Update: - scsi: hisi_sas: Some misc tidy-up (bsc#1140683). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538). - spi: fsl-espi: Only process interrupts for expected events (git-fixes). - tty: serial: earlycon dependency (git-fixes). - x86, fakenuma: Fix invalid starting node ID (git-fixes (mm/x86/fakenuma)). - x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2981=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2981=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2981=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2981=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2981=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.46.1 kernel-default-debugsource-4.12.14-122.46.1 kernel-default-extra-4.12.14-122.46.1 kernel-default-extra-debuginfo-4.12.14-122.46.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.46.1 kernel-obs-build-debugsource-4.12.14-122.46.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.46.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.46.1 kernel-default-base-4.12.14-122.46.1 kernel-default-base-debuginfo-4.12.14-122.46.1 kernel-default-debuginfo-4.12.14-122.46.1 kernel-default-debugsource-4.12.14-122.46.1 kernel-default-devel-4.12.14-122.46.1 kernel-syms-4.12.14-122.46.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.46.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.46.1 kernel-macros-4.12.14-122.46.1 kernel-source-4.12.14-122.46.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.46.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.46.1 kernel-default-debugsource-4.12.14-122.46.1 kernel-default-kgraft-4.12.14-122.46.1 kernel-default-kgraft-devel-4.12.14-122.46.1 kgraft-patch-4_12_14-122_46-default-1-8.5.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.46.1 cluster-md-kmp-default-debuginfo-4.12.14-122.46.1 dlm-kmp-default-4.12.14-122.46.1 dlm-kmp-default-debuginfo-4.12.14-122.46.1 gfs2-kmp-default-4.12.14-122.46.1 gfs2-kmp-default-debuginfo-4.12.14-122.46.1 kernel-default-debuginfo-4.12.14-122.46.1 kernel-default-debugsource-4.12.14-122.46.1 ocfs2-kmp-default-4.12.14-122.46.1 ocfs2-kmp-default-debuginfo-4.12.14-122.46.1 References: https://www.suse.com/security/cve/CVE-2020-12351.html https://www.suse.com/security/cve/CVE-2020-12352.html https://www.suse.com/security/cve/CVE-2020-25212.html https://www.suse.com/security/cve/CVE-2020-25645.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1140683 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172757 https://bugzilla.suse.com/1174748 https://bugzilla.suse.com/1175520 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176400 https://bugzilla.suse.com/1176713 https://bugzilla.suse.com/1176946 https://bugzilla.suse.com/1177027 https://bugzilla.suse.com/1177340 https://bugzilla.suse.com/1177359 https://bugzilla.suse.com/1177511 https://bugzilla.suse.com/1177685 https://bugzilla.suse.com/1177687 https://bugzilla.suse.com/1177724 https://bugzilla.suse.com/1177725 From sle-security-updates at lists.suse.com Wed Oct 21 13:13:40 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Oct 2020 21:13:40 +0200 (CEST) Subject: SUSE-SU-2020:2988-1: moderate: Security update for gnutls Message-ID: <20201021191340.0D78FFFAB@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2988-1 Rating: moderate References: #1176086 #1176181 #1176671 Cross-References: CVE-2020-24659 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2988=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2988=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2988=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2988=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2988=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): gnutls-3.6.7-6.34.1 gnutls-debuginfo-3.6.7-6.34.1 gnutls-debugsource-3.6.7-6.34.1 libgnutls-devel-3.6.7-6.34.1 libgnutls30-3.6.7-6.34.1 libgnutls30-debuginfo-3.6.7-6.34.1 libgnutls30-hmac-3.6.7-6.34.1 libgnutlsxx-devel-3.6.7-6.34.1 libgnutlsxx28-3.6.7-6.34.1 libgnutlsxx28-debuginfo-3.6.7-6.34.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libgnutls30-32bit-3.6.7-6.34.1 libgnutls30-32bit-debuginfo-3.6.7-6.34.1 libgnutls30-hmac-32bit-3.6.7-6.34.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): gnutls-3.6.7-6.34.1 gnutls-debuginfo-3.6.7-6.34.1 gnutls-debugsource-3.6.7-6.34.1 libgnutls-devel-3.6.7-6.34.1 libgnutls30-3.6.7-6.34.1 libgnutls30-debuginfo-3.6.7-6.34.1 libgnutls30-hmac-3.6.7-6.34.1 libgnutlsxx-devel-3.6.7-6.34.1 libgnutlsxx28-3.6.7-6.34.1 libgnutlsxx28-debuginfo-3.6.7-6.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-6.34.1 gnutls-debuginfo-3.6.7-6.34.1 gnutls-debugsource-3.6.7-6.34.1 libgnutls-devel-3.6.7-6.34.1 libgnutls30-3.6.7-6.34.1 libgnutls30-debuginfo-3.6.7-6.34.1 libgnutls30-hmac-3.6.7-6.34.1 libgnutlsxx-devel-3.6.7-6.34.1 libgnutlsxx28-3.6.7-6.34.1 libgnutlsxx28-debuginfo-3.6.7-6.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libgnutls30-32bit-3.6.7-6.34.1 libgnutls30-32bit-debuginfo-3.6.7-6.34.1 libgnutls30-hmac-32bit-3.6.7-6.34.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): gnutls-3.6.7-6.34.1 gnutls-debuginfo-3.6.7-6.34.1 gnutls-debugsource-3.6.7-6.34.1 libgnutls-devel-3.6.7-6.34.1 libgnutls30-3.6.7-6.34.1 libgnutls30-debuginfo-3.6.7-6.34.1 libgnutls30-hmac-3.6.7-6.34.1 libgnutlsxx-devel-3.6.7-6.34.1 libgnutlsxx28-3.6.7-6.34.1 libgnutlsxx28-debuginfo-3.6.7-6.34.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libgnutls30-32bit-3.6.7-6.34.1 libgnutls30-32bit-debuginfo-3.6.7-6.34.1 libgnutls30-hmac-32bit-3.6.7-6.34.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): gnutls-3.6.7-6.34.1 gnutls-debuginfo-3.6.7-6.34.1 gnutls-debugsource-3.6.7-6.34.1 libgnutls-devel-3.6.7-6.34.1 libgnutls30-3.6.7-6.34.1 libgnutls30-debuginfo-3.6.7-6.34.1 libgnutls30-hmac-3.6.7-6.34.1 libgnutlsxx-devel-3.6.7-6.34.1 libgnutlsxx28-3.6.7-6.34.1 libgnutlsxx28-debuginfo-3.6.7-6.34.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libgnutls30-32bit-3.6.7-6.34.1 libgnutls30-32bit-debuginfo-3.6.7-6.34.1 libgnutls30-hmac-32bit-3.6.7-6.34.1 References: https://www.suse.com/security/cve/CVE-2020-24659.html https://bugzilla.suse.com/1176086 https://bugzilla.suse.com/1176181 https://bugzilla.suse.com/1176671 From sle-security-updates at lists.suse.com Thu Oct 22 07:13:47 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 22 Oct 2020 15:13:47 +0200 (CEST) Subject: SUSE-SU-2020:2996-1: moderate: Security update for tomcat Message-ID: <20201022131347.AD6A9FFAB@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2996-1 Rating: moderate References: #1172562 #1177582 Cross-References: CVE-2020-13943 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up (bsc#1177582) - Don't give write permissions for the tomcat group on files and directories where it's not needed (bsc#1172562) - Use %tmpfiles_create macro in %post instead of calling systemd-tmpfiles directly Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2996=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.50.1 tomcat-admin-webapps-9.0.36-3.50.1 tomcat-docs-webapp-9.0.36-3.50.1 tomcat-el-3_0-api-9.0.36-3.50.1 tomcat-javadoc-9.0.36-3.50.1 tomcat-jsp-2_3-api-9.0.36-3.50.1 tomcat-lib-9.0.36-3.50.1 tomcat-servlet-4_0-api-9.0.36-3.50.1 tomcat-webapps-9.0.36-3.50.1 References: https://www.suse.com/security/cve/CVE-2020-13943.html https://bugzilla.suse.com/1172562 https://bugzilla.suse.com/1177582 From sle-security-updates at lists.suse.com Thu Oct 22 07:14:44 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 22 Oct 2020 15:14:44 +0200 (CEST) Subject: SUSE-SU-2020:2995-1: important: Security update for freetype2 Message-ID: <20201022131444.83802FFA8@maintenance.suse.de> SUSE Security Update: Security update for freetype2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2995-1 Rating: important References: #1177914 Cross-References: CVE-2020-15999 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2995=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2995=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2995=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2995=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2995=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2995=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2995=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): freetype2-debugsource-2.10.1-4.8.1 freetype2-devel-2.10.1-4.8.1 libfreetype6-2.10.1-4.8.1 libfreetype6-debuginfo-2.10.1-4.8.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libfreetype6-32bit-2.10.1-4.8.1 libfreetype6-32bit-debuginfo-2.10.1-4.8.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): freetype2-debugsource-2.10.1-4.8.1 freetype2-devel-2.10.1-4.8.1 libfreetype6-2.10.1-4.8.1 libfreetype6-debuginfo-2.10.1-4.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): ftdump-2.10.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): freetype2-debugsource-2.10.1-4.8.1 freetype2-devel-2.10.1-4.8.1 libfreetype6-2.10.1-4.8.1 libfreetype6-debuginfo-2.10.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libfreetype6-32bit-2.10.1-4.8.1 libfreetype6-32bit-debuginfo-2.10.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): freetype2-debugsource-2.10.1-4.8.1 freetype2-devel-2.10.1-4.8.1 libfreetype6-2.10.1-4.8.1 libfreetype6-debuginfo-2.10.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libfreetype6-32bit-2.10.1-4.8.1 libfreetype6-32bit-debuginfo-2.10.1-4.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): freetype2-debugsource-2.10.1-4.8.1 freetype2-devel-2.10.1-4.8.1 libfreetype6-2.10.1-4.8.1 libfreetype6-debuginfo-2.10.1-4.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libfreetype6-32bit-2.10.1-4.8.1 libfreetype6-32bit-debuginfo-2.10.1-4.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): freetype2-debugsource-2.10.1-4.8.1 freetype2-devel-2.10.1-4.8.1 libfreetype6-2.10.1-4.8.1 libfreetype6-debuginfo-2.10.1-4.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libfreetype6-32bit-2.10.1-4.8.1 libfreetype6-32bit-debuginfo-2.10.1-4.8.1 References: https://www.suse.com/security/cve/CVE-2020-15999.html https://bugzilla.suse.com/1177914 From sle-security-updates at lists.suse.com Thu Oct 22 07:16:42 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 22 Oct 2020 15:16:42 +0200 (CEST) Subject: SUSE-SU-2020:2999-1: important: Security update for the Linux Kernel Message-ID: <20201022131642.1E158FFA8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2999-1 Rating: important References: #1055186 #1058115 #1065600 #1065729 #1094244 #1112178 #1113956 #1136666 #1152148 #1154366 #1163524 #1165629 #1166965 #1167527 #1168468 #1169790 #1169972 #1170232 #1171558 #1171675 #1171688 #1171742 #1172073 #1172538 #1172873 #1173060 #1173115 #1174003 #1174354 #1174899 #1175228 #1175515 #1175520 #1175528 #1175667 #1175691 #1175716 #1175749 #1175873 #1175882 #1176011 #1176022 #1176038 #1176069 #1176235 #1176242 #1176278 #1176316 #1176317 #1176318 #1176319 #1176320 #1176321 #1176381 #1176395 #1176410 #1176423 #1176482 #1176507 #1176536 #1176544 #1176545 #1176546 #1176548 #1176659 #1176698 #1176699 #1176700 #1176721 #1176722 #1176725 #1176732 #1176788 #1176789 #1176869 #1176877 #1176935 #1176946 #1176950 #1176962 #1176966 #1176990 #1177027 #1177030 #1177041 #1177042 #1177043 #1177044 #1177121 #1177206 #1177258 #1177291 #1177293 #1177294 #1177295 #1177296 #1177340 #1177511 #802154 Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14381 CVE-2020-14386 CVE-2020-14390 CVE-2020-1749 CVE-2020-2521 CVE-2020-25212 CVE-2020-25284 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-26088 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 84 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel RT was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2020-14386: Fixed a memory corruption which could have been exploited to gain root privileges from unprivileged processes (bsc#1176069). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-25212: Fixed A TOCTOU mismatch in the NFS client code which could have been used by local attackers to corrupt memory (bsc#1176381). - CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121). - CVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511). - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). The following non-security bugs were fixed: - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes). - amd-xgbe: Add a check for an skb in the timestamp path (git-fixes). - amd-xgbe: Add additional dynamic debug messages (git-fixes). - amd-xgbe: Add additional ethtool statistics (git-fixes). - amd-xgbe: Add ethtool show/set channels support (git-fixes). - amd-xgbe: Add ethtool show/set ring parameter support (git-fixes). - amd-xgbe: Add ethtool support to retrieve SFP module info (git-fixes). - amd-xgbe: Add hardware features debug output (git-fixes). - amd-xgbe: Add NUMA affinity support for IRQ hints (git-fixes). - amd-xgbe: Add NUMA affinity support for memory allocations (git-fixes). - amd-xgbe: Add per queue Tx and Rx statistics (git-fixes). - amd-xgbe: Advertise FEC support with the KR re-driver (git-fixes). - amd-xgbe: Always attempt link training in KR mode (git-fixes). - amd-xgbe: Be sure driver shuts down cleanly on module removal (git-fixes). - amd-xgbe: Convert to generic power management (git-fixes). - amd-xgbe: Fix debug output of max channel counts (git-fixes). - amd-xgbe: Fix error path in xgbe_mod_init() (git-fixes). - amd-xgbe: Fixes for working with PHYs that support 2.5GbE (git-fixes). - amd-xgbe: Fix SFP PHY supported/advertised settings (git-fixes). - amd-xgbe: fix spelling mistake: "avialable" -> "available" (git-fixes). - amd-xgbe: Handle return code from software reset function (git-fixes). - amd-xgbe: Improve SFP 100Mbps auto-negotiation (git-fixes). - amd-xgbe: Interrupt summary bits are h/w version dependent (git-fixes). - amd-xgbe: Limit the I2C error messages that are output (git-fixes). - amd-xgbe: Mark expected switch fall-throughs (git-fixes). - amd-xgbe: Optimize DMA channel interrupt enablement (git-fixes). - amd-xgbe: Prepare for ethtool set-channel support (git-fixes). - amd-xgbe: Read and save the port property registers during probe (git-fixes). - amd-xgbe: Remove field that indicates SFP diagnostic support (git-fixes). - amd-xgbe: remove unnecessary conversion to bool (git-fixes). - amd-xgbe: Remove use of comm_owned field (git-fixes). - amd-xgbe: Set the MDIO mode for 10000Base-T configuration (git-fixes). - amd-xgbe: Simplify the burst length settings (git-fixes). - amd-xgbe: use devm_platform_ioremap_resource() to simplify code (git-fixes). - amd-xgbe: use dma_mapping_error to check map errors (git-fixes). - amd-xgbe: Use __napi_schedule() in BH context (git-fixes). - amd-xgbe: Use the proper register during PTP initialization (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084). - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084). - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - bcache: allocate meta data pages as compound pages (bsc#1172873). - bcache: Convert pr_<level> uses to a more typical style (git fixes (block drivers)). - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)). - bcm63xx_enet: correct clock usage (git-fixes). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bonding: check error value of register_netdevice() immediately (git-fixes). - bonding: check return value of register_netdevice() in bond_newlink() (git-fixes). - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes). - btrfs: avoid possible signal interruption of btrfs_drop_snapshot() on relocation tree (bsc#1174354). - btrfs: balance: print to system log when balance ends or is paused (bsc#1174354). - btrfs: relocation: allow signal to cancel balance (bsc#1174354). - btrfs: relocation: review the call sites which can be interrupted by signal (bsc#1174354). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: take overcommit into account in inc_block_group_ro (bsc#1174354). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - ceph: do not allow setlease on cephfs (bsc#1177041). - ceph: fix potential mdsc use-after-free crash (bsc#1177042). - ceph: fix use-after-free for fsc->mdsc (bsc#1177043). - ceph: handle zero-length feature mask in session messages (bsc#1177044). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: Add (devm_)clk_get_optional() functions (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - constrants: fix malformed XML Closing tag of an element is "</foo>", not "<foo/>". Fixes: 8b37de2eb835 ("rpm/constraints.in: Increase memory for kernel-docs") - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966). - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - crypto: dh - check validity of Z before export (bsc#1175716). - crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175716). - crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175716). - crypto: ecdh - check validity of Z before export (bsc#1175716). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - Disable CONFIG_LIVEPATCH_IPA_CLONES where not needed Explicitly disable CONFIG_LIVEPATCH_IPA_CLONES in configs where it is not needed to avoid confusion and unwanted values due to fragment config files. - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dm crypt: avoid truncating the logical block size (git fixes (block drivers)). - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm: report suspended device during destroy (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm: use noio when sending kobject event (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - Drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - Drivers: net: add missing interrupt.h include (git-fixes). - Drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes - drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes). - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/radeon: revert "Prefer lower feedback dividers" (git-fixes). - drm/sun4i: Fix dsi dcs long write function (git-fixes). - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - Drop wrongly inserted end-of-sorted marker - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - EDAC: Fix reference count leaks (bsc#1112178). - fbcon: prevent user font height or width change from causing (bsc#1112178) - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - ftrace: Move RCU is watching check after recursion check (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes). - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes). - gtp: fix use-after-free in gtp_newlink() (git-fixes). - Hide e21a4f3a930c as of its duplication - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - hwmon: (applesmc) check status earlier (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - i2c: meson: fix clock setting overwrite (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - include: add additional sizes (bsc#1094244 ltc#168122). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293). - iommu/amd: Fix potential @entry null deref (bsc#1177294). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel-binary.spec.in: Package the obj_install_dir as explicit filelist. - kernel-binary.spec.in: SLE12 tar does not understand --verbatim-files-from - kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details. - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084). - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084). - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084). - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084). - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084). - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084). - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084). - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084). - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084). - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084). - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084). - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084). - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084). - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084). - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084). - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084). - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084). - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084). - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084). - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084). - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084). - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084). - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084). - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084). - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084). - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084). - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084). - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084). - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084). - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084). - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084). - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084). - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178). - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321). - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178). - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084). - libceph: allow setting abort_on_full for rbd (bsc#1169972). - lib/mpi: Add mpi_sub_ui() (bsc#1175716). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - mac802154: tx: fix use-after-free (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mlx4: disable device on shutdown (git-fixes). - mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes). - mlxsw: core: Increase scope of RCU read-side critical section (git-fixes). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)). - mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: lpddr: Fix a double free in probe() (git-fixes). - mtd: phram: fix a double free issue in error path (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - net: 8390: Fix manufacturer name in Kconfig help text (git-fixes). - net: amd: fix return type of ndo_start_xmit function (git-fixes). - net/amd: Remove useless driver version (git-fixes). - net: amd-xgbe: fix comparison to bitshift when dealing with a mask (git-fixes). - net: amd-xgbe: Get rid of custom hex_dump_to_buffer() (git-fixes). - net: apple: Fix manufacturer name in Kconfig help text (git-fixes). - net: broadcom: Fix manufacturer name in Kconfig help text (git-fixes). - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes). - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes). - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes). - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes). - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes). - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes). - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes). - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes). - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes). - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: fs_enet: do not call phy_stop() in interrupts (git-fixes). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes). - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08). - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes). - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes). - net/mlx5e: Fix error path of device attach (git-fixes). - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes). - net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes). - net: mvmdio: defer probe of orion-mdio if a clock is not ready (git-fixes). - net: mvneta: fix mtu change on port without link (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: qca_spi: Avoid packet drop during initial sync (git-fixes). - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: improve close of terminated socket (git-fixes). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: tolerate future SMCD versions (git-fixes). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes). - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes). - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes). - net: stmmac: dwmac4: fix flow control issue (git-fixes). - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes). - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes). - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes). - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes). - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes). - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes). - net: stmmac: set MSS for each tx DMA channel (git-fixes). - net: stmmac: Use correct values in TQS/RQS fields (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes). - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes). - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx (git-fixes). - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes). - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes). - netvsc: unshare skb in VF rx handler (git-fixes). - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - PCI/ASPM: Allow re-enabling Clock PM (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes). - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes). - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122). - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122). - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122). - powerpc/64s: Include <asm/nmi.h> header file to fix a warning (bsc#1094244 ltc#168122). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122). - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208). - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436). - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122). - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - Revert "ALSA: hda: Add support for Loongson 7A1000 controller" (git-fixes). - Revert "ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control" (git-fixes). - Revert "i2c: cadence: Fix the hold bit setting" (git-fixes). - Revert "rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857" - Revert "rxrpc: Fix race between recvmsg and sendmsg on immediate call" This reverts commit 04f6b8ac00d839c61b79667685d97a5ecef35a93. We do not enable AF_RXRPC on SLE, but we do on openSUSE (arm 32bit -- why?) kernels. And there, it causes build failures as RXRPC_CALL_DISCONNECTED is not defined in 4.12 yet. So stay on the safe side and drop this. - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - Revert "sign also s390x kernel images (bsc#1163524)" - Revert "sign also s390x kernel images (bsc#1163524)" - Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#1065600). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664 - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field. - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, "--ca-check" is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers <aspiers at suse.com> - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The "-c" option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rpm/mkspec-dtb: add mt76 based dtb package - rpm/package-descriptions: garbege collection remove old ARM and Xen flavors. - rtc: ds1374: fix possible race condition (git-fixes). - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - sched/deadline: Initialize ->dl_boosted (bsc#1112178). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: free response frame from GPN_ID (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: libfc: free skb when receiving invalid flogi resp (bsc#1175528). - scsi: libfc: Handling of extra kref (bsc#1175528). - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1175528). - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1175528). - scsi: libfc: Skip additional kref updating work event (bsc#1175528). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178). - Update patch reference for a tipc fix patch (bsc#1175515) - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - usblp: fix race between disconnect() and read() (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes). - USB: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: xhci: define IDs for various ASMedia host controllers (git-fixes). - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vgacon: remove software scrollback support (bsc#1176278). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes). - vrf: prevent adding upper devices (git-fixes). - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xgbe: no need to check return value of debugfs_create functions (git-fixes). - xgbe: switch to more generic VxLAN detection (git-fixes). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2020-2999=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.19.1 dlm-kmp-rt-4.12.14-10.19.1 gfs2-kmp-rt-4.12.14-10.19.1 kernel-rt-4.12.14-10.19.1 kernel-rt-base-4.12.14-10.19.1 kernel-rt-devel-4.12.14-10.19.1 kernel-rt_debug-4.12.14-10.19.1 kernel-rt_debug-devel-4.12.14-10.19.1 kernel-syms-rt-4.12.14-10.19.1 ocfs2-kmp-rt-4.12.14-10.19.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.19.1 kernel-source-rt-4.12.14-10.19.1 References: https://www.suse.com/security/cve/CVE-2020-0404.html https://www.suse.com/security/cve/CVE-2020-0427.html https://www.suse.com/security/cve/CVE-2020-0431.html https://www.suse.com/security/cve/CVE-2020-0432.html https://www.suse.com/security/cve/CVE-2020-14381.html https://www.suse.com/security/cve/CVE-2020-14386.html https://www.suse.com/security/cve/CVE-2020-14390.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-2521.html https://www.suse.com/security/cve/CVE-2020-25212.html https://www.suse.com/security/cve/CVE-2020-25284.html https://www.suse.com/security/cve/CVE-2020-25641.html https://www.suse.com/security/cve/CVE-2020-25643.html https://www.suse.com/security/cve/CVE-2020-25645.html https://www.suse.com/security/cve/CVE-2020-26088.html https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1136666 https://bugzilla.suse.com/1152148 https://bugzilla.suse.com/1154366 https://bugzilla.suse.com/1163524 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1166965 https://bugzilla.suse.com/1167527 https://bugzilla.suse.com/1168468 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1169972 https://bugzilla.suse.com/1170232 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171675 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171742 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173115 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174354 https://bugzilla.suse.com/1174899 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175520 https://bugzilla.suse.com/1175528 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175716 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1175873 https://bugzilla.suse.com/1175882 https://bugzilla.suse.com/1176011 https://bugzilla.suse.com/1176022 https://bugzilla.suse.com/1176038 https://bugzilla.suse.com/1176069 https://bugzilla.suse.com/1176235 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176278 https://bugzilla.suse.com/1176316 https://bugzilla.suse.com/1176317 https://bugzilla.suse.com/1176318 https://bugzilla.suse.com/1176319 https://bugzilla.suse.com/1176320 https://bugzilla.suse.com/1176321 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176410 https://bugzilla.suse.com/1176423 https://bugzilla.suse.com/1176482 https://bugzilla.suse.com/1176507 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176659 https://bugzilla.suse.com/1176698 https://bugzilla.suse.com/1176699 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176721 https://bugzilla.suse.com/1176722 https://bugzilla.suse.com/1176725 https://bugzilla.suse.com/1176732 https://bugzilla.suse.com/1176788 https://bugzilla.suse.com/1176789 https://bugzilla.suse.com/1176869 https://bugzilla.suse.com/1176877 https://bugzilla.suse.com/1176935 https://bugzilla.suse.com/1176946 https://bugzilla.suse.com/1176950 https://bugzilla.suse.com/1176962 https://bugzilla.suse.com/1176966 https://bugzilla.suse.com/1176990 https://bugzilla.suse.com/1177027 https://bugzilla.suse.com/1177030 https://bugzilla.suse.com/1177041 https://bugzilla.suse.com/1177042 https://bugzilla.suse.com/1177043 https://bugzilla.suse.com/1177044 https://bugzilla.suse.com/1177121 https://bugzilla.suse.com/1177206 https://bugzilla.suse.com/1177258 https://bugzilla.suse.com/1177291 https://bugzilla.suse.com/1177293 https://bugzilla.suse.com/1177294 https://bugzilla.suse.com/1177295 https://bugzilla.suse.com/1177296 https://bugzilla.suse.com/1177340 https://bugzilla.suse.com/1177511 https://bugzilla.suse.com/802154 From sle-security-updates at lists.suse.com Thu Oct 22 07:27:23 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 22 Oct 2020 15:27:23 +0200 (CEST) Subject: SUSE-SU-2020:2998-1: important: Security update for freetype2 Message-ID: <20201022132723.89BFFFFA8@maintenance.suse.de> SUSE Security Update: Security update for freetype2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2998-1 Rating: important References: #1177914 Cross-References: CVE-2020-15999 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2998=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2998=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2998=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2998=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2998=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2998=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2998=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2998=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2998=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2998=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2998=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2998=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2998=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2998=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2998=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2998=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2998=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE OpenStack Cloud 9 (x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE OpenStack Cloud 8 (x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE OpenStack Cloud 7 (s390x x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): freetype2-debugsource-2.6.3-7.18.1 freetype2-devel-2.6.3-7.18.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 - SUSE Enterprise Storage 5 (x86_64): libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 - HPE Helion Openstack 8 (x86_64): freetype2-debugsource-2.6.3-7.18.1 ft2demos-2.6.3-7.18.1 libfreetype6-2.6.3-7.18.1 libfreetype6-32bit-2.6.3-7.18.1 libfreetype6-debuginfo-2.6.3-7.18.1 libfreetype6-debuginfo-32bit-2.6.3-7.18.1 References: https://www.suse.com/security/cve/CVE-2020-15999.html https://bugzilla.suse.com/1177914 From sle-security-updates at lists.suse.com Thu Oct 22 07:29:06 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 22 Oct 2020 15:29:06 +0200 (CEST) Subject: SUSE-SU-2020:2997-1: important: Security update for php7 Message-ID: <20201022132906.294DCFFA8@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2997-1 Rating: important References: #1173786 #1177351 #1177352 Cross-References: CVE-2020-7069 CVE-2020-7070 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for php7 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV was used (bsc#1177351). - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). - Added tmpfiles.d for php-fpm to provide a base for a socket (bsc#1173786) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2997=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2997=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-2997=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2997=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2997=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2997=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): apache2-mod_php7-7.2.5-4.67.2 apache2-mod_php7-debuginfo-7.2.5-4.67.2 php7-7.2.5-4.67.2 php7-bcmath-7.2.5-4.67.2 php7-bcmath-debuginfo-7.2.5-4.67.2 php7-bz2-7.2.5-4.67.2 php7-bz2-debuginfo-7.2.5-4.67.2 php7-calendar-7.2.5-4.67.2 php7-calendar-debuginfo-7.2.5-4.67.2 php7-ctype-7.2.5-4.67.2 php7-ctype-debuginfo-7.2.5-4.67.2 php7-curl-7.2.5-4.67.2 php7-curl-debuginfo-7.2.5-4.67.2 php7-dba-7.2.5-4.67.2 php7-dba-debuginfo-7.2.5-4.67.2 php7-debuginfo-7.2.5-4.67.2 php7-debugsource-7.2.5-4.67.2 php7-devel-7.2.5-4.67.2 php7-dom-7.2.5-4.67.2 php7-dom-debuginfo-7.2.5-4.67.2 php7-enchant-7.2.5-4.67.2 php7-enchant-debuginfo-7.2.5-4.67.2 php7-exif-7.2.5-4.67.2 php7-exif-debuginfo-7.2.5-4.67.2 php7-fastcgi-7.2.5-4.67.2 php7-fastcgi-debuginfo-7.2.5-4.67.2 php7-fileinfo-7.2.5-4.67.2 php7-fileinfo-debuginfo-7.2.5-4.67.2 php7-fpm-7.2.5-4.67.2 php7-fpm-debuginfo-7.2.5-4.67.2 php7-ftp-7.2.5-4.67.2 php7-ftp-debuginfo-7.2.5-4.67.2 php7-gd-7.2.5-4.67.2 php7-gd-debuginfo-7.2.5-4.67.2 php7-gettext-7.2.5-4.67.2 php7-gettext-debuginfo-7.2.5-4.67.2 php7-gmp-7.2.5-4.67.2 php7-gmp-debuginfo-7.2.5-4.67.2 php7-iconv-7.2.5-4.67.2 php7-iconv-debuginfo-7.2.5-4.67.2 php7-intl-7.2.5-4.67.2 php7-intl-debuginfo-7.2.5-4.67.2 php7-json-7.2.5-4.67.2 php7-json-debuginfo-7.2.5-4.67.2 php7-ldap-7.2.5-4.67.2 php7-ldap-debuginfo-7.2.5-4.67.2 php7-mbstring-7.2.5-4.67.2 php7-mbstring-debuginfo-7.2.5-4.67.2 php7-mysql-7.2.5-4.67.2 php7-mysql-debuginfo-7.2.5-4.67.2 php7-odbc-7.2.5-4.67.2 php7-odbc-debuginfo-7.2.5-4.67.2 php7-opcache-7.2.5-4.67.2 php7-opcache-debuginfo-7.2.5-4.67.2 php7-openssl-7.2.5-4.67.2 php7-openssl-debuginfo-7.2.5-4.67.2 php7-pcntl-7.2.5-4.67.2 php7-pcntl-debuginfo-7.2.5-4.67.2 php7-pdo-7.2.5-4.67.2 php7-pdo-debuginfo-7.2.5-4.67.2 php7-pgsql-7.2.5-4.67.2 php7-pgsql-debuginfo-7.2.5-4.67.2 php7-phar-7.2.5-4.67.2 php7-phar-debuginfo-7.2.5-4.67.2 php7-posix-7.2.5-4.67.2 php7-posix-debuginfo-7.2.5-4.67.2 php7-readline-7.2.5-4.67.2 php7-readline-debuginfo-7.2.5-4.67.2 php7-shmop-7.2.5-4.67.2 php7-shmop-debuginfo-7.2.5-4.67.2 php7-snmp-7.2.5-4.67.2 php7-snmp-debuginfo-7.2.5-4.67.2 php7-soap-7.2.5-4.67.2 php7-soap-debuginfo-7.2.5-4.67.2 php7-sockets-7.2.5-4.67.2 php7-sockets-debuginfo-7.2.5-4.67.2 php7-sodium-7.2.5-4.67.2 php7-sodium-debuginfo-7.2.5-4.67.2 php7-sqlite-7.2.5-4.67.2 php7-sqlite-debuginfo-7.2.5-4.67.2 php7-sysvmsg-7.2.5-4.67.2 php7-sysvmsg-debuginfo-7.2.5-4.67.2 php7-sysvsem-7.2.5-4.67.2 php7-sysvsem-debuginfo-7.2.5-4.67.2 php7-sysvshm-7.2.5-4.67.2 php7-sysvshm-debuginfo-7.2.5-4.67.2 php7-tokenizer-7.2.5-4.67.2 php7-tokenizer-debuginfo-7.2.5-4.67.2 php7-wddx-7.2.5-4.67.2 php7-wddx-debuginfo-7.2.5-4.67.2 php7-xmlreader-7.2.5-4.67.2 php7-xmlreader-debuginfo-7.2.5-4.67.2 php7-xmlrpc-7.2.5-4.67.2 php7-xmlrpc-debuginfo-7.2.5-4.67.2 php7-xmlwriter-7.2.5-4.67.2 php7-xmlwriter-debuginfo-7.2.5-4.67.2 php7-xsl-7.2.5-4.67.2 php7-xsl-debuginfo-7.2.5-4.67.2 php7-zip-7.2.5-4.67.2 php7-zip-debuginfo-7.2.5-4.67.2 php7-zlib-7.2.5-4.67.2 php7-zlib-debuginfo-7.2.5-4.67.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): php7-pear-7.2.5-4.67.2 php7-pear-Archive_Tar-7.2.5-4.67.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): apache2-mod_php7-7.2.5-4.67.2 apache2-mod_php7-debuginfo-7.2.5-4.67.2 php7-7.2.5-4.67.2 php7-bcmath-7.2.5-4.67.2 php7-bcmath-debuginfo-7.2.5-4.67.2 php7-bz2-7.2.5-4.67.2 php7-bz2-debuginfo-7.2.5-4.67.2 php7-calendar-7.2.5-4.67.2 php7-calendar-debuginfo-7.2.5-4.67.2 php7-ctype-7.2.5-4.67.2 php7-ctype-debuginfo-7.2.5-4.67.2 php7-curl-7.2.5-4.67.2 php7-curl-debuginfo-7.2.5-4.67.2 php7-dba-7.2.5-4.67.2 php7-dba-debuginfo-7.2.5-4.67.2 php7-debuginfo-7.2.5-4.67.2 php7-debugsource-7.2.5-4.67.2 php7-devel-7.2.5-4.67.2 php7-dom-7.2.5-4.67.2 php7-dom-debuginfo-7.2.5-4.67.2 php7-enchant-7.2.5-4.67.2 php7-enchant-debuginfo-7.2.5-4.67.2 php7-exif-7.2.5-4.67.2 php7-exif-debuginfo-7.2.5-4.67.2 php7-fastcgi-7.2.5-4.67.2 php7-fastcgi-debuginfo-7.2.5-4.67.2 php7-fileinfo-7.2.5-4.67.2 php7-fileinfo-debuginfo-7.2.5-4.67.2 php7-fpm-7.2.5-4.67.2 php7-fpm-debuginfo-7.2.5-4.67.2 php7-ftp-7.2.5-4.67.2 php7-ftp-debuginfo-7.2.5-4.67.2 php7-gd-7.2.5-4.67.2 php7-gd-debuginfo-7.2.5-4.67.2 php7-gettext-7.2.5-4.67.2 php7-gettext-debuginfo-7.2.5-4.67.2 php7-gmp-7.2.5-4.67.2 php7-gmp-debuginfo-7.2.5-4.67.2 php7-iconv-7.2.5-4.67.2 php7-iconv-debuginfo-7.2.5-4.67.2 php7-intl-7.2.5-4.67.2 php7-intl-debuginfo-7.2.5-4.67.2 php7-json-7.2.5-4.67.2 php7-json-debuginfo-7.2.5-4.67.2 php7-ldap-7.2.5-4.67.2 php7-ldap-debuginfo-7.2.5-4.67.2 php7-mbstring-7.2.5-4.67.2 php7-mbstring-debuginfo-7.2.5-4.67.2 php7-mysql-7.2.5-4.67.2 php7-mysql-debuginfo-7.2.5-4.67.2 php7-odbc-7.2.5-4.67.2 php7-odbc-debuginfo-7.2.5-4.67.2 php7-opcache-7.2.5-4.67.2 php7-opcache-debuginfo-7.2.5-4.67.2 php7-openssl-7.2.5-4.67.2 php7-openssl-debuginfo-7.2.5-4.67.2 php7-pcntl-7.2.5-4.67.2 php7-pcntl-debuginfo-7.2.5-4.67.2 php7-pdo-7.2.5-4.67.2 php7-pdo-debuginfo-7.2.5-4.67.2 php7-pgsql-7.2.5-4.67.2 php7-pgsql-debuginfo-7.2.5-4.67.2 php7-phar-7.2.5-4.67.2 php7-phar-debuginfo-7.2.5-4.67.2 php7-posix-7.2.5-4.67.2 php7-posix-debuginfo-7.2.5-4.67.2 php7-readline-7.2.5-4.67.2 php7-readline-debuginfo-7.2.5-4.67.2 php7-shmop-7.2.5-4.67.2 php7-shmop-debuginfo-7.2.5-4.67.2 php7-snmp-7.2.5-4.67.2 php7-snmp-debuginfo-7.2.5-4.67.2 php7-soap-7.2.5-4.67.2 php7-soap-debuginfo-7.2.5-4.67.2 php7-sockets-7.2.5-4.67.2 php7-sockets-debuginfo-7.2.5-4.67.2 php7-sodium-7.2.5-4.67.2 php7-sodium-debuginfo-7.2.5-4.67.2 php7-sqlite-7.2.5-4.67.2 php7-sqlite-debuginfo-7.2.5-4.67.2 php7-sysvmsg-7.2.5-4.67.2 php7-sysvmsg-debuginfo-7.2.5-4.67.2 php7-sysvsem-7.2.5-4.67.2 php7-sysvsem-debuginfo-7.2.5-4.67.2 php7-sysvshm-7.2.5-4.67.2 php7-sysvshm-debuginfo-7.2.5-4.67.2 php7-tokenizer-7.2.5-4.67.2 php7-tokenizer-debuginfo-7.2.5-4.67.2 php7-wddx-7.2.5-4.67.2 php7-wddx-debuginfo-7.2.5-4.67.2 php7-xmlreader-7.2.5-4.67.2 php7-xmlreader-debuginfo-7.2.5-4.67.2 php7-xmlrpc-7.2.5-4.67.2 php7-xmlrpc-debuginfo-7.2.5-4.67.2 php7-xmlwriter-7.2.5-4.67.2 php7-xmlwriter-debuginfo-7.2.5-4.67.2 php7-xsl-7.2.5-4.67.2 php7-xsl-debuginfo-7.2.5-4.67.2 php7-zip-7.2.5-4.67.2 php7-zip-debuginfo-7.2.5-4.67.2 php7-zlib-7.2.5-4.67.2 php7-zlib-debuginfo-7.2.5-4.67.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): php7-pear-7.2.5-4.67.2 php7-pear-Archive_Tar-7.2.5-4.67.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.67.2 apache2-mod_php7-debuginfo-7.2.5-4.67.2 php7-7.2.5-4.67.2 php7-bcmath-7.2.5-4.67.2 php7-bcmath-debuginfo-7.2.5-4.67.2 php7-bz2-7.2.5-4.67.2 php7-bz2-debuginfo-7.2.5-4.67.2 php7-calendar-7.2.5-4.67.2 php7-calendar-debuginfo-7.2.5-4.67.2 php7-ctype-7.2.5-4.67.2 php7-ctype-debuginfo-7.2.5-4.67.2 php7-curl-7.2.5-4.67.2 php7-curl-debuginfo-7.2.5-4.67.2 php7-dba-7.2.5-4.67.2 php7-dba-debuginfo-7.2.5-4.67.2 php7-debuginfo-7.2.5-4.67.2 php7-debugsource-7.2.5-4.67.2 php7-devel-7.2.5-4.67.2 php7-dom-7.2.5-4.67.2 php7-dom-debuginfo-7.2.5-4.67.2 php7-enchant-7.2.5-4.67.2 php7-enchant-debuginfo-7.2.5-4.67.2 php7-exif-7.2.5-4.67.2 php7-exif-debuginfo-7.2.5-4.67.2 php7-fastcgi-7.2.5-4.67.2 php7-fastcgi-debuginfo-7.2.5-4.67.2 php7-fileinfo-7.2.5-4.67.2 php7-fileinfo-debuginfo-7.2.5-4.67.2 php7-fpm-7.2.5-4.67.2 php7-fpm-debuginfo-7.2.5-4.67.2 php7-ftp-7.2.5-4.67.2 php7-ftp-debuginfo-7.2.5-4.67.2 php7-gd-7.2.5-4.67.2 php7-gd-debuginfo-7.2.5-4.67.2 php7-gettext-7.2.5-4.67.2 php7-gettext-debuginfo-7.2.5-4.67.2 php7-gmp-7.2.5-4.67.2 php7-gmp-debuginfo-7.2.5-4.67.2 php7-iconv-7.2.5-4.67.2 php7-iconv-debuginfo-7.2.5-4.67.2 php7-intl-7.2.5-4.67.2 php7-intl-debuginfo-7.2.5-4.67.2 php7-json-7.2.5-4.67.2 php7-json-debuginfo-7.2.5-4.67.2 php7-ldap-7.2.5-4.67.2 php7-ldap-debuginfo-7.2.5-4.67.2 php7-mbstring-7.2.5-4.67.2 php7-mbstring-debuginfo-7.2.5-4.67.2 php7-mysql-7.2.5-4.67.2 php7-mysql-debuginfo-7.2.5-4.67.2 php7-odbc-7.2.5-4.67.2 php7-odbc-debuginfo-7.2.5-4.67.2 php7-opcache-7.2.5-4.67.2 php7-opcache-debuginfo-7.2.5-4.67.2 php7-openssl-7.2.5-4.67.2 php7-openssl-debuginfo-7.2.5-4.67.2 php7-pcntl-7.2.5-4.67.2 php7-pcntl-debuginfo-7.2.5-4.67.2 php7-pdo-7.2.5-4.67.2 php7-pdo-debuginfo-7.2.5-4.67.2 php7-pgsql-7.2.5-4.67.2 php7-pgsql-debuginfo-7.2.5-4.67.2 php7-phar-7.2.5-4.67.2 php7-phar-debuginfo-7.2.5-4.67.2 php7-posix-7.2.5-4.67.2 php7-posix-debuginfo-7.2.5-4.67.2 php7-readline-7.2.5-4.67.2 php7-readline-debuginfo-7.2.5-4.67.2 php7-shmop-7.2.5-4.67.2 php7-shmop-debuginfo-7.2.5-4.67.2 php7-snmp-7.2.5-4.67.2 php7-snmp-debuginfo-7.2.5-4.67.2 php7-soap-7.2.5-4.67.2 php7-soap-debuginfo-7.2.5-4.67.2 php7-sockets-7.2.5-4.67.2 php7-sockets-debuginfo-7.2.5-4.67.2 php7-sodium-7.2.5-4.67.2 php7-sodium-debuginfo-7.2.5-4.67.2 php7-sqlite-7.2.5-4.67.2 php7-sqlite-debuginfo-7.2.5-4.67.2 php7-sysvmsg-7.2.5-4.67.2 php7-sysvmsg-debuginfo-7.2.5-4.67.2 php7-sysvsem-7.2.5-4.67.2 php7-sysvsem-debuginfo-7.2.5-4.67.2 php7-sysvshm-7.2.5-4.67.2 php7-sysvshm-debuginfo-7.2.5-4.67.2 php7-tidy-7.2.5-4.67.2 php7-tidy-debuginfo-7.2.5-4.67.2 php7-tokenizer-7.2.5-4.67.2 php7-tokenizer-debuginfo-7.2.5-4.67.2 php7-wddx-7.2.5-4.67.2 php7-wddx-debuginfo-7.2.5-4.67.2 php7-xmlreader-7.2.5-4.67.2 php7-xmlreader-debuginfo-7.2.5-4.67.2 php7-xmlrpc-7.2.5-4.67.2 php7-xmlrpc-debuginfo-7.2.5-4.67.2 php7-xmlwriter-7.2.5-4.67.2 php7-xmlwriter-debuginfo-7.2.5-4.67.2 php7-xsl-7.2.5-4.67.2 php7-xsl-debuginfo-7.2.5-4.67.2 php7-zip-7.2.5-4.67.2 php7-zip-debuginfo-7.2.5-4.67.2 php7-zlib-7.2.5-4.67.2 php7-zlib-debuginfo-7.2.5-4.67.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): php7-pear-7.2.5-4.67.2 php7-pear-Archive_Tar-7.2.5-4.67.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.67.2 php7-debugsource-7.2.5-4.67.2 php7-embed-7.2.5-4.67.2 php7-embed-debuginfo-7.2.5-4.67.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.67.2 apache2-mod_php7-debuginfo-7.2.5-4.67.2 php7-7.2.5-4.67.2 php7-bcmath-7.2.5-4.67.2 php7-bcmath-debuginfo-7.2.5-4.67.2 php7-bz2-7.2.5-4.67.2 php7-bz2-debuginfo-7.2.5-4.67.2 php7-calendar-7.2.5-4.67.2 php7-calendar-debuginfo-7.2.5-4.67.2 php7-ctype-7.2.5-4.67.2 php7-ctype-debuginfo-7.2.5-4.67.2 php7-curl-7.2.5-4.67.2 php7-curl-debuginfo-7.2.5-4.67.2 php7-dba-7.2.5-4.67.2 php7-dba-debuginfo-7.2.5-4.67.2 php7-debuginfo-7.2.5-4.67.2 php7-debugsource-7.2.5-4.67.2 php7-devel-7.2.5-4.67.2 php7-dom-7.2.5-4.67.2 php7-dom-debuginfo-7.2.5-4.67.2 php7-enchant-7.2.5-4.67.2 php7-enchant-debuginfo-7.2.5-4.67.2 php7-exif-7.2.5-4.67.2 php7-exif-debuginfo-7.2.5-4.67.2 php7-fastcgi-7.2.5-4.67.2 php7-fastcgi-debuginfo-7.2.5-4.67.2 php7-fileinfo-7.2.5-4.67.2 php7-fileinfo-debuginfo-7.2.5-4.67.2 php7-fpm-7.2.5-4.67.2 php7-fpm-debuginfo-7.2.5-4.67.2 php7-ftp-7.2.5-4.67.2 php7-ftp-debuginfo-7.2.5-4.67.2 php7-gd-7.2.5-4.67.2 php7-gd-debuginfo-7.2.5-4.67.2 php7-gettext-7.2.5-4.67.2 php7-gettext-debuginfo-7.2.5-4.67.2 php7-gmp-7.2.5-4.67.2 php7-gmp-debuginfo-7.2.5-4.67.2 php7-iconv-7.2.5-4.67.2 php7-iconv-debuginfo-7.2.5-4.67.2 php7-intl-7.2.5-4.67.2 php7-intl-debuginfo-7.2.5-4.67.2 php7-json-7.2.5-4.67.2 php7-json-debuginfo-7.2.5-4.67.2 php7-ldap-7.2.5-4.67.2 php7-ldap-debuginfo-7.2.5-4.67.2 php7-mbstring-7.2.5-4.67.2 php7-mbstring-debuginfo-7.2.5-4.67.2 php7-mysql-7.2.5-4.67.2 php7-mysql-debuginfo-7.2.5-4.67.2 php7-odbc-7.2.5-4.67.2 php7-odbc-debuginfo-7.2.5-4.67.2 php7-opcache-7.2.5-4.67.2 php7-opcache-debuginfo-7.2.5-4.67.2 php7-openssl-7.2.5-4.67.2 php7-openssl-debuginfo-7.2.5-4.67.2 php7-pcntl-7.2.5-4.67.2 php7-pcntl-debuginfo-7.2.5-4.67.2 php7-pdo-7.2.5-4.67.2 php7-pdo-debuginfo-7.2.5-4.67.2 php7-pgsql-7.2.5-4.67.2 php7-pgsql-debuginfo-7.2.5-4.67.2 php7-phar-7.2.5-4.67.2 php7-phar-debuginfo-7.2.5-4.67.2 php7-posix-7.2.5-4.67.2 php7-posix-debuginfo-7.2.5-4.67.2 php7-readline-7.2.5-4.67.2 php7-readline-debuginfo-7.2.5-4.67.2 php7-shmop-7.2.5-4.67.2 php7-shmop-debuginfo-7.2.5-4.67.2 php7-snmp-7.2.5-4.67.2 php7-snmp-debuginfo-7.2.5-4.67.2 php7-soap-7.2.5-4.67.2 php7-soap-debuginfo-7.2.5-4.67.2 php7-sockets-7.2.5-4.67.2 php7-sockets-debuginfo-7.2.5-4.67.2 php7-sodium-7.2.5-4.67.2 php7-sodium-debuginfo-7.2.5-4.67.2 php7-sqlite-7.2.5-4.67.2 php7-sqlite-debuginfo-7.2.5-4.67.2 php7-sysvmsg-7.2.5-4.67.2 php7-sysvmsg-debuginfo-7.2.5-4.67.2 php7-sysvsem-7.2.5-4.67.2 php7-sysvsem-debuginfo-7.2.5-4.67.2 php7-sysvshm-7.2.5-4.67.2 php7-sysvshm-debuginfo-7.2.5-4.67.2 php7-tokenizer-7.2.5-4.67.2 php7-tokenizer-debuginfo-7.2.5-4.67.2 php7-wddx-7.2.5-4.67.2 php7-wddx-debuginfo-7.2.5-4.67.2 php7-xmlreader-7.2.5-4.67.2 php7-xmlreader-debuginfo-7.2.5-4.67.2 php7-xmlrpc-7.2.5-4.67.2 php7-xmlrpc-debuginfo-7.2.5-4.67.2 php7-xmlwriter-7.2.5-4.67.2 php7-xmlwriter-debuginfo-7.2.5-4.67.2 php7-xsl-7.2.5-4.67.2 php7-xsl-debuginfo-7.2.5-4.67.2 php7-zip-7.2.5-4.67.2 php7-zip-debuginfo-7.2.5-4.67.2 php7-zlib-7.2.5-4.67.2 php7-zlib-debuginfo-7.2.5-4.67.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): php7-pear-7.2.5-4.67.2 php7-pear-Archive_Tar-7.2.5-4.67.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): apache2-mod_php7-7.2.5-4.67.2 apache2-mod_php7-debuginfo-7.2.5-4.67.2 php7-7.2.5-4.67.2 php7-bcmath-7.2.5-4.67.2 php7-bcmath-debuginfo-7.2.5-4.67.2 php7-bz2-7.2.5-4.67.2 php7-bz2-debuginfo-7.2.5-4.67.2 php7-calendar-7.2.5-4.67.2 php7-calendar-debuginfo-7.2.5-4.67.2 php7-ctype-7.2.5-4.67.2 php7-ctype-debuginfo-7.2.5-4.67.2 php7-curl-7.2.5-4.67.2 php7-curl-debuginfo-7.2.5-4.67.2 php7-dba-7.2.5-4.67.2 php7-dba-debuginfo-7.2.5-4.67.2 php7-debuginfo-7.2.5-4.67.2 php7-debugsource-7.2.5-4.67.2 php7-devel-7.2.5-4.67.2 php7-dom-7.2.5-4.67.2 php7-dom-debuginfo-7.2.5-4.67.2 php7-enchant-7.2.5-4.67.2 php7-enchant-debuginfo-7.2.5-4.67.2 php7-exif-7.2.5-4.67.2 php7-exif-debuginfo-7.2.5-4.67.2 php7-fastcgi-7.2.5-4.67.2 php7-fastcgi-debuginfo-7.2.5-4.67.2 php7-fileinfo-7.2.5-4.67.2 php7-fileinfo-debuginfo-7.2.5-4.67.2 php7-fpm-7.2.5-4.67.2 php7-fpm-debuginfo-7.2.5-4.67.2 php7-ftp-7.2.5-4.67.2 php7-ftp-debuginfo-7.2.5-4.67.2 php7-gd-7.2.5-4.67.2 php7-gd-debuginfo-7.2.5-4.67.2 php7-gettext-7.2.5-4.67.2 php7-gettext-debuginfo-7.2.5-4.67.2 php7-gmp-7.2.5-4.67.2 php7-gmp-debuginfo-7.2.5-4.67.2 php7-iconv-7.2.5-4.67.2 php7-iconv-debuginfo-7.2.5-4.67.2 php7-intl-7.2.5-4.67.2 php7-intl-debuginfo-7.2.5-4.67.2 php7-json-7.2.5-4.67.2 php7-json-debuginfo-7.2.5-4.67.2 php7-ldap-7.2.5-4.67.2 php7-ldap-debuginfo-7.2.5-4.67.2 php7-mbstring-7.2.5-4.67.2 php7-mbstring-debuginfo-7.2.5-4.67.2 php7-mysql-7.2.5-4.67.2 php7-mysql-debuginfo-7.2.5-4.67.2 php7-odbc-7.2.5-4.67.2 php7-odbc-debuginfo-7.2.5-4.67.2 php7-opcache-7.2.5-4.67.2 php7-opcache-debuginfo-7.2.5-4.67.2 php7-openssl-7.2.5-4.67.2 php7-openssl-debuginfo-7.2.5-4.67.2 php7-pcntl-7.2.5-4.67.2 php7-pcntl-debuginfo-7.2.5-4.67.2 php7-pdo-7.2.5-4.67.2 php7-pdo-debuginfo-7.2.5-4.67.2 php7-pgsql-7.2.5-4.67.2 php7-pgsql-debuginfo-7.2.5-4.67.2 php7-phar-7.2.5-4.67.2 php7-phar-debuginfo-7.2.5-4.67.2 php7-posix-7.2.5-4.67.2 php7-posix-debuginfo-7.2.5-4.67.2 php7-readline-7.2.5-4.67.2 php7-readline-debuginfo-7.2.5-4.67.2 php7-shmop-7.2.5-4.67.2 php7-shmop-debuginfo-7.2.5-4.67.2 php7-snmp-7.2.5-4.67.2 php7-snmp-debuginfo-7.2.5-4.67.2 php7-soap-7.2.5-4.67.2 php7-soap-debuginfo-7.2.5-4.67.2 php7-sockets-7.2.5-4.67.2 php7-sockets-debuginfo-7.2.5-4.67.2 php7-sodium-7.2.5-4.67.2 php7-sodium-debuginfo-7.2.5-4.67.2 php7-sqlite-7.2.5-4.67.2 php7-sqlite-debuginfo-7.2.5-4.67.2 php7-sysvmsg-7.2.5-4.67.2 php7-sysvmsg-debuginfo-7.2.5-4.67.2 php7-sysvsem-7.2.5-4.67.2 php7-sysvsem-debuginfo-7.2.5-4.67.2 php7-sysvshm-7.2.5-4.67.2 php7-sysvshm-debuginfo-7.2.5-4.67.2 php7-tokenizer-7.2.5-4.67.2 php7-tokenizer-debuginfo-7.2.5-4.67.2 php7-wddx-7.2.5-4.67.2 php7-wddx-debuginfo-7.2.5-4.67.2 php7-xmlreader-7.2.5-4.67.2 php7-xmlreader-debuginfo-7.2.5-4.67.2 php7-xmlrpc-7.2.5-4.67.2 php7-xmlrpc-debuginfo-7.2.5-4.67.2 php7-xmlwriter-7.2.5-4.67.2 php7-xmlwriter-debuginfo-7.2.5-4.67.2 php7-xsl-7.2.5-4.67.2 php7-xsl-debuginfo-7.2.5-4.67.2 php7-zip-7.2.5-4.67.2 php7-zip-debuginfo-7.2.5-4.67.2 php7-zlib-7.2.5-4.67.2 php7-zlib-debuginfo-7.2.5-4.67.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): php7-pear-7.2.5-4.67.2 php7-pear-Archive_Tar-7.2.5-4.67.2 References: https://www.suse.com/security/cve/CVE-2020-7069.html https://www.suse.com/security/cve/CVE-2020-7070.html https://bugzilla.suse.com/1173786 https://bugzilla.suse.com/1177351 https://bugzilla.suse.com/1177352 From sle-security-updates at lists.suse.com Thu Oct 22 10:16:24 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 22 Oct 2020 18:16:24 +0200 (CEST) Subject: SUSE-SU-2020:14521-1: important: Security update for xen Message-ID: <20201022161624.4A685FFAB@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14521-1 Rating: important References: #1172205 #1173378 #1173380 #1175534 #1176343 #1176344 #1176345 #1176346 #1176347 #1176348 #1176350 Cross-References: CVE-2020-0543 CVE-2020-14364 CVE-2020-15565 CVE-2020-15567 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25600 CVE-2020-25601 CVE-2020-25603 CVE-2020-25604 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2020-0543: Fixed a leak of Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (bsc#1172205,XSA-320) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - CVE-2020-15565: Fixed an issue cache write (bsc#1173378,XSA-321). - CVE-2020-15567: Fixed an issue with non-atomic modification of live EPT PTE (bsc#1173380,XSA-328) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xen-14521=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-14521=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): xen-kmp-default-4.4.4_44_3.0.101_108.117-61.55.1 xen-libs-4.4.4_44-61.55.1 xen-tools-domU-4.4.4_44-61.55.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): xen-4.4.4_44-61.55.1 xen-doc-html-4.4.4_44-61.55.1 xen-libs-32bit-4.4.4_44-61.55.1 xen-tools-4.4.4_44-61.55.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): xen-kmp-pae-4.4.4_44_3.0.101_108.117-61.55.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_44-61.55.1 xen-debugsource-4.4.4_44-61.55.1 References: https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15567.html https://www.suse.com/security/cve/CVE-2020-25595.html https://www.suse.com/security/cve/CVE-2020-25596.html https://www.suse.com/security/cve/CVE-2020-25597.html https://www.suse.com/security/cve/CVE-2020-25600.html https://www.suse.com/security/cve/CVE-2020-25601.html https://www.suse.com/security/cve/CVE-2020-25603.html https://www.suse.com/security/cve/CVE-2020-25604.html https://bugzilla.suse.com/1172205 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 https://bugzilla.suse.com/1175534 https://bugzilla.suse.com/1176343 https://bugzilla.suse.com/1176344 https://bugzilla.suse.com/1176345 https://bugzilla.suse.com/1176346 https://bugzilla.suse.com/1176347 https://bugzilla.suse.com/1176348 https://bugzilla.suse.com/1176350 From sle-security-updates at lists.suse.com Thu Oct 22 13:17:00 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 22 Oct 2020 21:17:00 +0200 (CEST) Subject: SUSE-SU-2020:2712-2: moderate: Security update for openldap2 Message-ID: <20201022191700.068D6FFAB@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2712-2 Rating: moderate References: #1175568 Cross-References: CVE-2020-8027 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2712=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2712=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2712=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2712=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libldap-2_4-2-2.4.46-9.37.1 libldap-2_4-2-debuginfo-2.4.46-9.37.1 openldap2-2.4.46-9.37.1 openldap2-back-meta-2.4.46-9.37.1 openldap2-back-meta-debuginfo-2.4.46-9.37.1 openldap2-back-perl-2.4.46-9.37.1 openldap2-back-perl-debuginfo-2.4.46-9.37.1 openldap2-client-2.4.46-9.37.1 openldap2-client-debuginfo-2.4.46-9.37.1 openldap2-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-2.4.46-9.37.1 openldap2-devel-static-2.4.46-9.37.1 openldap2-ppolicy-check-password-1.2-9.37.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.37.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libldap-data-2.4.46-9.37.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libldap-2_4-2-32bit-2.4.46-9.37.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.37.1 openldap2-devel-32bit-2.4.46-9.37.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libldap-2_4-2-2.4.46-9.37.1 libldap-2_4-2-debuginfo-2.4.46-9.37.1 openldap2-2.4.46-9.37.1 openldap2-back-meta-2.4.46-9.37.1 openldap2-back-meta-debuginfo-2.4.46-9.37.1 openldap2-back-perl-2.4.46-9.37.1 openldap2-back-perl-debuginfo-2.4.46-9.37.1 openldap2-client-2.4.46-9.37.1 openldap2-client-debuginfo-2.4.46-9.37.1 openldap2-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-2.4.46-9.37.1 openldap2-devel-static-2.4.46-9.37.1 openldap2-ppolicy-check-password-1.2-9.37.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.37.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libldap-data-2.4.46-9.37.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libldap-2_4-2-2.4.46-9.37.1 libldap-2_4-2-debuginfo-2.4.46-9.37.1 openldap2-client-2.4.46-9.37.1 openldap2-client-debuginfo-2.4.46-9.37.1 openldap2-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-2.4.46-9.37.1 openldap2-devel-static-2.4.46-9.37.1 openldap2-ppolicy-check-password-1.2-9.37.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.37.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libldap-2_4-2-32bit-2.4.46-9.37.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.37.1 openldap2-devel-32bit-2.4.46-9.37.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libldap-data-2.4.46-9.37.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libldap-2_4-2-2.4.46-9.37.1 libldap-2_4-2-debuginfo-2.4.46-9.37.1 openldap2-client-2.4.46-9.37.1 openldap2-client-debuginfo-2.4.46-9.37.1 openldap2-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-2.4.46-9.37.1 openldap2-devel-static-2.4.46-9.37.1 openldap2-ppolicy-check-password-1.2-9.37.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.37.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libldap-data-2.4.46-9.37.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libldap-2_4-2-32bit-2.4.46-9.37.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.37.1 openldap2-devel-32bit-2.4.46-9.37.1 References: https://www.suse.com/security/cve/CVE-2020-8027.html https://bugzilla.suse.com/1175568 From sle-security-updates at lists.suse.com Thu Oct 22 13:20:18 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 22 Oct 2020 21:20:18 +0200 (CEST) Subject: SUSE-SU-2020:3003-1: Security update for mercurial Message-ID: <20201022192018.40451FFAB@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3003-1 Rating: low References: #1133035 Cross-References: CVE-2019-3902 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: Security issue fixed: - CVE-2019-3902: Fixed incorrect patch-checking with symlinks and subrepos (bsc#1133035). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3003=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mercurial-2.8.2-15.18.4 mercurial-debuginfo-2.8.2-15.18.4 mercurial-debugsource-2.8.2-15.18.4 References: https://www.suse.com/security/cve/CVE-2019-3902.html https://bugzilla.suse.com/1133035 From sle-security-updates at lists.suse.com Fri Oct 23 07:14:18 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 23 Oct 2020 15:14:18 +0200 (CEST) Subject: SUSE-SU-2020:3016-1: moderate: Security update for python-pip Message-ID: <20201023131418.8B8DAFFA8@maintenance.suse.de> SUSE Security Update: Security update for python-pip ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3016-1 Rating: moderate References: #1176262 SOC-11388 Cross-References: CVE-2019-20916 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in _download_http_url (bsc#1176262) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3016=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3016=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-pip-9.0.1-4.3.1 - SUSE OpenStack Cloud 9 (noarch): python-pip-9.0.1-4.3.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262 From sle-security-updates at lists.suse.com Fri Oct 23 07:15:06 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 23 Oct 2020 15:15:06 +0200 (CEST) Subject: SUSE-SU-2020:3014-1: important: Security update for the Linux Kernel Message-ID: <20201023131506.9DE47FFA8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3014-1 Rating: important References: #1055186 #1058115 #1065600 #1065729 #1094244 #1112178 #1113956 #1136666 #1140683 #1152148 #1154366 #1163524 #1165629 #1166965 #1167527 #1169972 #1170232 #1171558 #1171688 #1171742 #1172073 #1172538 #1172873 #1173060 #1173115 #1174748 #1174899 #1175228 #1175520 #1175667 #1175691 #1175749 #1175882 #1176011 #1176022 #1176038 #1176069 #1176235 #1176242 #1176278 #1176316 #1176317 #1176318 #1176319 #1176320 #1176321 #1176381 #1176395 #1176400 #1176410 #1176423 #1176482 #1176507 #1176536 #1176544 #1176545 #1176546 #1176548 #1176659 #1176698 #1176699 #1176700 #1176721 #1176722 #1176725 #1176732 #1176788 #1176789 #1176869 #1176877 #1176935 #1176946 #1176950 #1176962 #1176966 #1176990 #1177027 #1177030 #1177041 #1177042 #1177043 #1177044 #1177121 #1177206 #1177258 #1177291 #1177293 #1177294 #1177295 #1177296 #1177340 #1177511 Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14381 CVE-2020-14386 CVE-2020-14390 CVE-2020-1749 CVE-2020-25212 CVE-2020-25284 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-26088 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP1 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 78 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-25643: Added range checks in ppp_cp_parse_cr() (bsc#1177206). - CVE-2020-25641: Allowed for_each_bvec to support zero len bvec (bsc#1177121). - CVE-2020-25645: Added transport ports in route lookup for geneve (bsc#1177511). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2020-14386: Fixed a memory corruption which could have been exploited to gain root privileges from unprivileged processes (bsc#1176069). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). The following non-security bugs were fixed: - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084). - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084). - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178). - ASoC: tegra: Fix reference count leaks (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - bcache: Convert pr_ uses to a more typical style (git fixes (block drivers)). - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)). - bcm63xx_enet: correct clock usage (git-fixes). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bonding: check error value of register_netdevice() immediately (git-fixes). - bonding: check return value of register_netdevice() in bond_newlink() (git-fixes). - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - ceph: do not allow setlease on cephfs (bsc#1177041). - ceph: fix potential mdsc use-after-free crash (bsc#1177042). - ceph: fix use-after-free for fsc->mdsc (bsc#1177043). - ceph: handle zero-length feature mask in session messages (bsc#1177044). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: Add (devm_)clk_get_optional() functions (git-fixes). - constrants: fix malformed XML Closing tag of an element is "", not "". Fixes: 8b37de2eb835 ("rpm/constraints.in: Increase memory for kernel-docs") - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966). - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dm crypt: avoid truncating the logical block size (git fixes (block drivers)). - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm: report suspended device during destroy (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm: use noio when sending kobject event (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - EDAC: Fix reference count leaks (bsc#1112178). - fbcon: prevent user font height or width change from causing (bsc#1112178) - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes). - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes). - gtp: fix use-after-free in gtp_newlink() (git-fixes). - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - include: add additional sizes (bsc#1094244 ltc#168122). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293). - iommu/amd: Fix potential @entry null deref (bsc#1177294). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details. - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084). - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084). - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084). - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084). - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084). - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084). - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084). - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084). - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084). - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084). - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084). - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084). - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084). - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084). - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084). - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084). - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084). - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084). - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084). - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084). - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084). - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084). - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084). - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084). - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084). - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084). - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084). - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084). - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084). - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084). - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084). - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084). - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178). - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321). - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178). - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084). - libceph: allow setting abort_on_full for rbd (bsc#1169972). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mlx4: disable device on shutdown (git-fixes). - mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes). - mlxsw: core: Increase scope of RCU read-side critical section (git-fixes). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)). - mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes). - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes). - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes). - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes). - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes). - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes). - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes). - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes). - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes). - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: fs_enet: do not call phy_stop() in interrupts (git-fixes). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes). - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08). - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes). - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes). - net/mlx5e: Fix error path of device attach (git-fixes). - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes). - net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes). - net: mvneta: fix mtu change on port without link (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: qca_spi: Avoid packet drop during initial sync (git-fixes). - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: improve close of terminated socket (git-fixes). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: tolerate future SMCD versions (git-fixes). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes). - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes). - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes). - net: stmmac: dwmac4: fix flow control issue (git-fixes). - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes). - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes). - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes). - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes). - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes). - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes). - net: stmmac: set MSS for each tx DMA channel (git-fixes). - net: stmmac: Use correct values in TQS/RQS fields (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes). - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes). - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes). - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes). - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - NFSv4: don't mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122). - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122). - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122). - powerpc/64s: Include header file to fix a warning (bsc#1094244 ltc#168122). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122). - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208). - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436). - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122). - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664 - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field. - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) - rpm/mkspec-dtb: add mt76 based dtb package - rpm/package-descriptions: garbege collection remove old ARM and Xen flavors. - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - sched/deadline: Initialize ->dl_boosted (bsc#1112178). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: free response frame from GPN_ID (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - usblp: fix race between disconnect() and read() (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: xhci: define IDs for various ASMedia host controllers (git-fixes). - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vrf: prevent adding upper devices (git-fixes). - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xen: do not reschedule in preemption off sections (bsc#1175749). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-3014=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): cluster-md-kmp-rt-4.12.14-14.36.1 cluster-md-kmp-rt-debuginfo-4.12.14-14.36.1 dlm-kmp-rt-4.12.14-14.36.1 dlm-kmp-rt-debuginfo-4.12.14-14.36.1 gfs2-kmp-rt-4.12.14-14.36.1 gfs2-kmp-rt-debuginfo-4.12.14-14.36.1 kernel-rt-4.12.14-14.36.1 kernel-rt-base-4.12.14-14.36.1 kernel-rt-base-debuginfo-4.12.14-14.36.1 kernel-rt-debuginfo-4.12.14-14.36.1 kernel-rt-debugsource-4.12.14-14.36.1 kernel-rt-devel-4.12.14-14.36.1 kernel-rt-devel-debuginfo-4.12.14-14.36.1 kernel-rt_debug-debuginfo-4.12.14-14.36.1 kernel-rt_debug-debugsource-4.12.14-14.36.1 kernel-rt_debug-devel-4.12.14-14.36.1 kernel-rt_debug-devel-debuginfo-4.12.14-14.36.1 kernel-syms-rt-4.12.14-14.36.1 ocfs2-kmp-rt-4.12.14-14.36.1 ocfs2-kmp-rt-debuginfo-4.12.14-14.36.1 - SUSE Linux Enterprise Module for Realtime 15-SP1 (noarch): kernel-devel-rt-4.12.14-14.36.1 kernel-source-rt-4.12.14-14.36.1 References: https://www.suse.com/security/cve/CVE-2020-0404.html https://www.suse.com/security/cve/CVE-2020-0427.html https://www.suse.com/security/cve/CVE-2020-0431.html https://www.suse.com/security/cve/CVE-2020-0432.html https://www.suse.com/security/cve/CVE-2020-14381.html https://www.suse.com/security/cve/CVE-2020-14386.html https://www.suse.com/security/cve/CVE-2020-14390.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-25212.html https://www.suse.com/security/cve/CVE-2020-25284.html https://www.suse.com/security/cve/CVE-2020-25641.html https://www.suse.com/security/cve/CVE-2020-25643.html https://www.suse.com/security/cve/CVE-2020-25645.html https://www.suse.com/security/cve/CVE-2020-26088.html https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1136666 https://bugzilla.suse.com/1140683 https://bugzilla.suse.com/1152148 https://bugzilla.suse.com/1154366 https://bugzilla.suse.com/1163524 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1166965 https://bugzilla.suse.com/1167527 https://bugzilla.suse.com/1169972 https://bugzilla.suse.com/1170232 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171742 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173115 https://bugzilla.suse.com/1174748 https://bugzilla.suse.com/1174899 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175520 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1175882 https://bugzilla.suse.com/1176011 https://bugzilla.suse.com/1176022 https://bugzilla.suse.com/1176038 https://bugzilla.suse.com/1176069 https://bugzilla.suse.com/1176235 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176278 https://bugzilla.suse.com/1176316 https://bugzilla.suse.com/1176317 https://bugzilla.suse.com/1176318 https://bugzilla.suse.com/1176319 https://bugzilla.suse.com/1176320 https://bugzilla.suse.com/1176321 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176395 https://bugzilla.suse.com/1176400 https://bugzilla.suse.com/1176410 https://bugzilla.suse.com/1176423 https://bugzilla.suse.com/1176482 https://bugzilla.suse.com/1176507 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176659 https://bugzilla.suse.com/1176698 https://bugzilla.suse.com/1176699 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176721 https://bugzilla.suse.com/1176722 https://bugzilla.suse.com/1176725 https://bugzilla.suse.com/1176732 https://bugzilla.suse.com/1176788 https://bugzilla.suse.com/1176789 https://bugzilla.suse.com/1176869 https://bugzilla.suse.com/1176877 https://bugzilla.suse.com/1176935 https://bugzilla.suse.com/1176946 https://bugzilla.suse.com/1176950 https://bugzilla.suse.com/1176962 https://bugzilla.suse.com/1176966 https://bugzilla.suse.com/1176990 https://bugzilla.suse.com/1177027 https://bugzilla.suse.com/1177030 https://bugzilla.suse.com/1177041 https://bugzilla.suse.com/1177042 https://bugzilla.suse.com/1177043 https://bugzilla.suse.com/1177044 https://bugzilla.suse.com/1177121 https://bugzilla.suse.com/1177206 https://bugzilla.suse.com/1177258 https://bugzilla.suse.com/1177291 https://bugzilla.suse.com/1177293 https://bugzilla.suse.com/1177294 https://bugzilla.suse.com/1177295 https://bugzilla.suse.com/1177296 https://bugzilla.suse.com/1177340 https://bugzilla.suse.com/1177511 From sle-security-updates at lists.suse.com Fri Oct 23 10:18:27 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 23 Oct 2020 18:18:27 +0200 (CEST) Subject: SUSE-SU-2020:3022-1: important: Security update for MozillaFirefox Message-ID: <20201023161827.CBDEAFFAB@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3022-1 Rating: important References: #1176756 #1177872 Cross-References: CVE-2020-15683 CVE-2020-15969 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3022=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.4.0-3.113.3 MozillaFirefox-debuginfo-78.4.0-3.113.3 MozillaFirefox-debugsource-78.4.0-3.113.3 MozillaFirefox-devel-78.4.0-3.113.3 MozillaFirefox-translations-common-78.4.0-3.113.3 MozillaFirefox-translations-other-78.4.0-3.113.3 References: https://www.suse.com/security/cve/CVE-2020-15683.html https://www.suse.com/security/cve/CVE-2020-15969.html https://bugzilla.suse.com/1176756 https://bugzilla.suse.com/1177872 From sle-security-updates at lists.suse.com Fri Oct 23 10:19:26 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 23 Oct 2020 18:19:26 +0200 (CEST) Subject: SUSE-SU-2020:3023-1: Security update for libcdio Message-ID: <20201023161926.0977CFFAB@maintenance.suse.de> SUSE Security Update: Security update for libcdio ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3023-1 Rating: low References: #1082821 Cross-References: CVE-2017-18199 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcdio fixes the following issues: The following security vulnerability was addressed: - CVE-2017-18199: Fixed a NULL pointer dereference in realloc_symlink in rock.c, which allowed remote attackers to cause a denial of service via a crafted ISO file. (bsc#1082821) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-3023=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3023=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3023=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libcdio-debugsource-0.90-6.6.5 libiso9660-8-0.90-6.6.5 libiso9660-8-debuginfo-0.90-6.6.5 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libcdio++0-0.90-6.6.5 libcdio++0-debuginfo-0.90-6.6.5 libcdio-debugsource-0.90-6.6.5 libcdio-devel-0.90-6.6.5 libiso9660-8-0.90-6.6.5 libiso9660-8-debuginfo-0.90-6.6.5 libudf0-0.90-6.6.5 libudf0-debuginfo-0.90-6.6.5 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libcdio-debugsource-0.90-6.6.5 libcdio14-0.90-6.6.5 libcdio14-debuginfo-0.90-6.6.5 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcdio14-32bit-0.90-6.6.5 libcdio14-debuginfo-32bit-0.90-6.6.5 References: https://www.suse.com/security/cve/CVE-2017-18199.html https://bugzilla.suse.com/1082821 From sle-security-updates at lists.suse.com Fri Oct 23 10:21:07 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 23 Oct 2020 18:21:07 +0200 (CEST) Subject: SUSE-SU-2020:3024-1: moderate: Security update for glibc Message-ID: <20201023162107.5569BFFAB@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3024-1 Rating: moderate References: #1149332 #1165784 #1171878 #1172085 #1176013 Cross-References: CVE-2020-10029 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a stack corruption from range reduction of pseudo-zero (bsc#1165784) - Use posix_spawn on popen (bsc#1149332, bsc#1176013) - Correct locking and cancellation cleanup in syslog functions (bsc#1172085) - Fixed concurrent changes on nscd aware files (bsc#1171878) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3024=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3024=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3024=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3024=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3024=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3024=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3024=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3024=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3024=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3024=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3024=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): glibc-2.22-113.4 glibc-32bit-2.22-113.4 glibc-debuginfo-2.22-113.4 glibc-debuginfo-32bit-2.22-113.4 glibc-debugsource-2.22-113.4 glibc-devel-2.22-113.4 glibc-devel-32bit-2.22-113.4 glibc-devel-debuginfo-2.22-113.4 glibc-devel-debuginfo-32bit-2.22-113.4 glibc-locale-2.22-113.4 glibc-locale-32bit-2.22-113.4 glibc-locale-debuginfo-2.22-113.4 glibc-locale-debuginfo-32bit-2.22-113.4 glibc-profile-2.22-113.4 glibc-profile-32bit-2.22-113.4 nscd-2.22-113.4 nscd-debuginfo-2.22-113.4 - SUSE OpenStack Cloud Crowbar 8 (noarch): glibc-html-2.22-113.4 glibc-i18ndata-2.22-113.4 glibc-info-2.22-113.4 - SUSE OpenStack Cloud 8 (x86_64): glibc-2.22-113.4 glibc-32bit-2.22-113.4 glibc-debuginfo-2.22-113.4 glibc-debuginfo-32bit-2.22-113.4 glibc-debugsource-2.22-113.4 glibc-devel-2.22-113.4 glibc-devel-32bit-2.22-113.4 glibc-devel-debuginfo-2.22-113.4 glibc-devel-debuginfo-32bit-2.22-113.4 glibc-locale-2.22-113.4 glibc-locale-32bit-2.22-113.4 glibc-locale-debuginfo-2.22-113.4 glibc-locale-debuginfo-32bit-2.22-113.4 glibc-profile-2.22-113.4 glibc-profile-32bit-2.22-113.4 nscd-2.22-113.4 nscd-debuginfo-2.22-113.4 - SUSE OpenStack Cloud 8 (noarch): glibc-html-2.22-113.4 glibc-i18ndata-2.22-113.4 glibc-info-2.22-113.4 - SUSE OpenStack Cloud 7 (s390x x86_64): glibc-2.22-113.4 glibc-32bit-2.22-113.4 glibc-debuginfo-2.22-113.4 glibc-debuginfo-32bit-2.22-113.4 glibc-debugsource-2.22-113.4 glibc-devel-2.22-113.4 glibc-devel-32bit-2.22-113.4 glibc-devel-debuginfo-2.22-113.4 glibc-devel-debuginfo-32bit-2.22-113.4 glibc-locale-2.22-113.4 glibc-locale-32bit-2.22-113.4 glibc-locale-debuginfo-2.22-113.4 glibc-locale-debuginfo-32bit-2.22-113.4 glibc-profile-2.22-113.4 glibc-profile-32bit-2.22-113.4 nscd-2.22-113.4 nscd-debuginfo-2.22-113.4 - SUSE OpenStack Cloud 7 (noarch): glibc-html-2.22-113.4 glibc-i18ndata-2.22-113.4 glibc-info-2.22-113.4 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): glibc-2.22-113.4 glibc-debuginfo-2.22-113.4 glibc-debugsource-2.22-113.4 glibc-devel-2.22-113.4 glibc-devel-debuginfo-2.22-113.4 glibc-locale-2.22-113.4 glibc-locale-debuginfo-2.22-113.4 glibc-profile-2.22-113.4 nscd-2.22-113.4 nscd-debuginfo-2.22-113.4 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): glibc-32bit-2.22-113.4 glibc-debuginfo-32bit-2.22-113.4 glibc-devel-32bit-2.22-113.4 glibc-devel-debuginfo-32bit-2.22-113.4 glibc-locale-32bit-2.22-113.4 glibc-locale-debuginfo-32bit-2.22-113.4 glibc-profile-32bit-2.22-113.4 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): glibc-html-2.22-113.4 glibc-i18ndata-2.22-113.4 glibc-info-2.22-113.4 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): glibc-2.22-113.4 glibc-debuginfo-2.22-113.4 glibc-debugsource-2.22-113.4 glibc-devel-2.22-113.4 glibc-devel-debuginfo-2.22-113.4 glibc-locale-2.22-113.4 glibc-locale-debuginfo-2.22-113.4 glibc-profile-2.22-113.4 nscd-2.22-113.4 nscd-debuginfo-2.22-113.4 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): glibc-html-2.22-113.4 glibc-i18ndata-2.22-113.4 glibc-info-2.22-113.4 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): glibc-32bit-2.22-113.4 glibc-debuginfo-32bit-2.22-113.4 glibc-devel-32bit-2.22-113.4 glibc-devel-debuginfo-32bit-2.22-113.4 glibc-locale-32bit-2.22-113.4 glibc-locale-debuginfo-32bit-2.22-113.4 glibc-profile-32bit-2.22-113.4 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): glibc-2.22-113.4 glibc-debuginfo-2.22-113.4 glibc-debugsource-2.22-113.4 glibc-devel-2.22-113.4 glibc-devel-debuginfo-2.22-113.4 glibc-locale-2.22-113.4 glibc-locale-debuginfo-2.22-113.4 glibc-profile-2.22-113.4 nscd-2.22-113.4 nscd-debuginfo-2.22-113.4 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): glibc-32bit-2.22-113.4 glibc-debuginfo-32bit-2.22-113.4 glibc-devel-32bit-2.22-113.4 glibc-devel-debuginfo-32bit-2.22-113.4 glibc-locale-32bit-2.22-113.4 glibc-locale-debuginfo-32bit-2.22-113.4 glibc-profile-32bit-2.22-113.4 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): glibc-html-2.22-113.4 glibc-i18ndata-2.22-113.4 glibc-info-2.22-113.4 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): glibc-html-2.22-113.4 glibc-i18ndata-2.22-113.4 glibc-info-2.22-113.4 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): glibc-2.22-113.4 glibc-32bit-2.22-113.4 glibc-debuginfo-2.22-113.4 glibc-debuginfo-32bit-2.22-113.4 glibc-debugsource-2.22-113.4 glibc-devel-2.22-113.4 glibc-devel-32bit-2.22-113.4 glibc-devel-debuginfo-2.22-113.4 glibc-devel-debuginfo-32bit-2.22-113.4 glibc-locale-2.22-113.4 glibc-locale-32bit-2.22-113.4 glibc-locale-debuginfo-2.22-113.4 glibc-locale-debuginfo-32bit-2.22-113.4 glibc-profile-2.22-113.4 glibc-profile-32bit-2.22-113.4 nscd-2.22-113.4 nscd-debuginfo-2.22-113.4 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): glibc-2.22-113.4 glibc-debuginfo-2.22-113.4 glibc-debugsource-2.22-113.4 glibc-devel-2.22-113.4 glibc-devel-debuginfo-2.22-113.4 glibc-locale-2.22-113.4 glibc-locale-debuginfo-2.22-113.4 glibc-profile-2.22-113.4 nscd-2.22-113.4 nscd-debuginfo-2.22-113.4 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): glibc-32bit-2.22-113.4 glibc-debuginfo-32bit-2.22-113.4 glibc-devel-32bit-2.22-113.4 glibc-devel-debuginfo-32bit-2.22-113.4 glibc-locale-32bit-2.22-113.4 glibc-locale-debuginfo-32bit-2.22-113.4 glibc-profile-32bit-2.22-113.4 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): glibc-html-2.22-113.4 glibc-i18ndata-2.22-113.4 glibc-info-2.22-113.4 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glibc-2.22-113.4 glibc-32bit-2.22-113.4 glibc-debuginfo-2.22-113.4 glibc-debuginfo-32bit-2.22-113.4 glibc-debugsource-2.22-113.4 glibc-devel-2.22-113.4 glibc-devel-32bit-2.22-113.4 glibc-devel-debuginfo-2.22-113.4 glibc-devel-debuginfo-32bit-2.22-113.4 glibc-locale-2.22-113.4 glibc-locale-32bit-2.22-113.4 glibc-locale-debuginfo-2.22-113.4 glibc-locale-debuginfo-32bit-2.22-113.4 glibc-profile-2.22-113.4 glibc-profile-32bit-2.22-113.4 nscd-2.22-113.4 nscd-debuginfo-2.22-113.4 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glibc-html-2.22-113.4 glibc-i18ndata-2.22-113.4 glibc-info-2.22-113.4 - SUSE Enterprise Storage 5 (aarch64 x86_64): glibc-2.22-113.4 glibc-debuginfo-2.22-113.4 glibc-debugsource-2.22-113.4 glibc-devel-2.22-113.4 glibc-devel-debuginfo-2.22-113.4 glibc-locale-2.22-113.4 glibc-locale-debuginfo-2.22-113.4 glibc-profile-2.22-113.4 nscd-2.22-113.4 nscd-debuginfo-2.22-113.4 - SUSE Enterprise Storage 5 (noarch): glibc-html-2.22-113.4 glibc-i18ndata-2.22-113.4 glibc-info-2.22-113.4 - SUSE Enterprise Storage 5 (x86_64): glibc-32bit-2.22-113.4 glibc-debuginfo-32bit-2.22-113.4 glibc-devel-32bit-2.22-113.4 glibc-devel-debuginfo-32bit-2.22-113.4 glibc-locale-32bit-2.22-113.4 glibc-locale-debuginfo-32bit-2.22-113.4 glibc-profile-32bit-2.22-113.4 - HPE Helion Openstack 8 (noarch): glibc-html-2.22-113.4 glibc-i18ndata-2.22-113.4 glibc-info-2.22-113.4 - HPE Helion Openstack 8 (x86_64): glibc-2.22-113.4 glibc-32bit-2.22-113.4 glibc-debuginfo-2.22-113.4 glibc-debuginfo-32bit-2.22-113.4 glibc-debugsource-2.22-113.4 glibc-devel-2.22-113.4 glibc-devel-32bit-2.22-113.4 glibc-devel-debuginfo-2.22-113.4 glibc-devel-debuginfo-32bit-2.22-113.4 glibc-locale-2.22-113.4 glibc-locale-32bit-2.22-113.4 glibc-locale-debuginfo-2.22-113.4 glibc-locale-debuginfo-32bit-2.22-113.4 glibc-profile-2.22-113.4 glibc-profile-32bit-2.22-113.4 nscd-2.22-113.4 nscd-debuginfo-2.22-113.4 References: https://www.suse.com/security/cve/CVE-2020-10029.html https://bugzilla.suse.com/1149332 https://bugzilla.suse.com/1165784 https://bugzilla.suse.com/1171878 https://bugzilla.suse.com/1172085 https://bugzilla.suse.com/1176013 From sle-security-updates at lists.suse.com Fri Oct 23 10:23:53 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 23 Oct 2020 18:23:53 +0200 (CEST) Subject: SUSE-SU-2020:3021-1: important: Security update for MozillaFirefox Message-ID: <20201023162353.D9C2BFFA8@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3021-1 Rating: important References: #1176756 #1177872 Cross-References: CVE-2020-15683 CVE-2020-15969 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3021=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.4.0-8.11.2 MozillaFirefox-debuginfo-78.4.0-8.11.2 MozillaFirefox-debugsource-78.4.0-8.11.2 MozillaFirefox-devel-78.4.0-8.11.2 MozillaFirefox-translations-common-78.4.0-8.11.2 MozillaFirefox-translations-other-78.4.0-8.11.2 References: https://www.suse.com/security/cve/CVE-2020-15683.html https://www.suse.com/security/cve/CVE-2020-15969.html https://bugzilla.suse.com/1176756 https://bugzilla.suse.com/1177872 From sle-security-updates at lists.suse.com Mon Oct 26 03:28:33 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Oct 2020 10:28:33 +0100 (CET) Subject: SUSE-CU-2020:561-1: Security update of suse/sle15 Message-ID: <20201026092833.BDD6EFFAB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:561-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.286 Container Release : 4.22.286 Severity : moderate Type : security References : 1175847 1176086 1176123 1176181 1176671 1177479 CVE-2020-24659 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2978-1 Released: Wed Oct 21 11:36:05 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1175847,1177479 This update for openssl-1_1 fixes the following issues: FIPS: * Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1175847, bsc#1177479). * Add shared secret KAT to FIPS DH selftest (bsc#1175847). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2988-1 Released: Wed Oct 21 17:35:34 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) From sle-security-updates at lists.suse.com Mon Oct 26 03:39:04 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Oct 2020 10:39:04 +0100 (CET) Subject: SUSE-CU-2020:564-1: Security update of suse/sle15 Message-ID: <20201026093904.E3158FFA8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:564-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.332 Container Release : 6.2.332 Severity : moderate Type : security References : 1176086 1176123 1176181 1176671 CVE-2020-24659 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2988-1 Released: Wed Oct 21 17:35:34 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) From sle-security-updates at lists.suse.com Mon Oct 26 08:16:57 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Oct 2020 15:16:57 +0100 (CET) Subject: SUSE-SU-2020:14522-1: important: Security update for MozillaFirefox Message-ID: <20201026141657.62E06FFAB@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14522-1 Rating: important References: #1177872 Cross-References: CVE-2020-15683 CVE-2020-15969 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14522=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-14522=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-78.4.0-78.99.1 MozillaFirefox-translations-common-78.4.0-78.99.1 MozillaFirefox-translations-other-78.4.0-78.99.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): MozillaFirefox-debuginfo-78.4.0-78.99.1 References: https://www.suse.com/security/cve/CVE-2020-15683.html https://www.suse.com/security/cve/CVE-2020-15969.html https://bugzilla.suse.com/1177872 From sle-security-updates at lists.suse.com Mon Oct 26 08:19:38 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Oct 2020 15:19:38 +0100 (CET) Subject: SUSE-SU-2020:3034-1: important: Security update for bluez Message-ID: <20201026141938.B4F3BFFAB@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3034-1 Rating: important References: #1166751 #1177895 Cross-References: CVE-2020-0556 CVE-2020-27153 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bluez fixes the following issues: - CVE-2020-27153: Fixed crash on disconnect (bsc#1177895). - CVE-2020-0556: Fixed potential escalation of privilege and denial of service via adjacent access, caused by improper access control (bsc#1166751). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3034=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3034=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3034=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): bluez-cups-5.48-13.3.1 bluez-cups-debuginfo-5.48-13.3.1 bluez-debuginfo-5.48-13.3.1 bluez-debugsource-5.48-13.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.48-13.3.1 bluez-debugsource-5.48-13.3.1 bluez-devel-5.48-13.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): bluez-5.48-13.3.1 bluez-debuginfo-5.48-13.3.1 bluez-debugsource-5.48-13.3.1 libbluetooth3-5.48-13.3.1 libbluetooth3-debuginfo-5.48-13.3.1 References: https://www.suse.com/security/cve/CVE-2020-0556.html https://www.suse.com/security/cve/CVE-2020-27153.html https://bugzilla.suse.com/1166751 https://bugzilla.suse.com/1177895 From sle-security-updates at lists.suse.com Mon Oct 26 08:20:37 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Oct 2020 15:20:37 +0100 (CET) Subject: SUSE-SU-2020:3030-1: moderate: Security update for SDL Message-ID: <20201026142037.C15F2FFAB@maintenance.suse.de> SUSE Security Update: Security update for SDL ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3030-1 Rating: moderate References: #1141844 Cross-References: CVE-2019-13616 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for SDL fixes the following issues: Secuirty issue fixed: - CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3030=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3030=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.14.2 libSDL-devel-1.2.15-15.14.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.14.2 libSDL-1_2-0-1.2.15-15.14.2 libSDL-1_2-0-debuginfo-1.2.15-15.14.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libSDL-1_2-0-32bit-1.2.15-15.14.2 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.14.2 References: https://www.suse.com/security/cve/CVE-2019-13616.html https://bugzilla.suse.com/1141844 From sle-security-updates at lists.suse.com Mon Oct 26 08:21:30 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Oct 2020 15:21:30 +0100 (CET) Subject: SUSE-SU-2020:3036-1: important: Security update for rmt-server Message-ID: <20201026142130.333E1FFAB@maintenance.suse.de> SUSE Security Update: Security update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3036-1 Rating: important References: #1165548 #1168554 #1172177 #1172182 #1172184 #1172186 #1173351 Cross-References: CVE-2019-16770 CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 CVE-2020-11076 CVE-2020-11077 CVE-2020-15169 CVE-2020-5247 CVE-2020-5249 CVE-2020-5267 CVE-2020-8164 CVE-2020-8165 CVE-2020-8166 CVE-2020-8167 CVE-2020-8184 CVE-2020-8185 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for rmt-server fixes the following issues: Update to version 2.6.5: - Solved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one. - Add web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf. - Instead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name. - Fix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps. - Fixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail. - Friendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits: * `rmt-cli mirror repositories` now works for custom repositories. * Custom repository IDs can be the same across RMT instances. * No more confusing "SCC ID" vs "ID" in `rmt-cli` output. Deprecation Warnings: * RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility. - Updated rails and puma dependencies for security fixes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-3036=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-3036=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): rmt-server-2.6.5-3.3.1 rmt-server-config-2.6.5-3.3.1 rmt-server-debuginfo-2.6.5-3.3.1 rmt-server-debugsource-2.6.5-3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.6.5-3.3.1 rmt-server-debugsource-2.6.5-3.3.1 rmt-server-pubcloud-2.6.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-16770.html https://www.suse.com/security/cve/CVE-2019-5418.html https://www.suse.com/security/cve/CVE-2019-5419.html https://www.suse.com/security/cve/CVE-2019-5420.html https://www.suse.com/security/cve/CVE-2020-11076.html https://www.suse.com/security/cve/CVE-2020-11077.html https://www.suse.com/security/cve/CVE-2020-15169.html https://www.suse.com/security/cve/CVE-2020-5247.html https://www.suse.com/security/cve/CVE-2020-5249.html https://www.suse.com/security/cve/CVE-2020-5267.html https://www.suse.com/security/cve/CVE-2020-8164.html https://www.suse.com/security/cve/CVE-2020-8165.html https://www.suse.com/security/cve/CVE-2020-8166.html https://www.suse.com/security/cve/CVE-2020-8167.html https://www.suse.com/security/cve/CVE-2020-8184.html https://www.suse.com/security/cve/CVE-2020-8185.html https://bugzilla.suse.com/1165548 https://bugzilla.suse.com/1168554 https://bugzilla.suse.com/1172177 https://bugzilla.suse.com/1172182 https://bugzilla.suse.com/1172184 https://bugzilla.suse.com/1172186 https://bugzilla.suse.com/1173351 From sle-security-updates at lists.suse.com Mon Oct 26 14:13:32 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Oct 2020 21:13:32 +0100 (CET) Subject: SUSE-SU-2020:3037-1: important: Security update for libvirt Message-ID: <20201026201332.2C89EFFAC@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3037-1 Rating: important References: #1174955 #1175465 #1175574 #1176430 #1177155 #1177480 Cross-References: CVE-2020-15708 CVE-2020-25637 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). - qemu: Adjust max memlock on mdev hotplug (bsc#1177480). - Xen: Don't add dom0 twice on driver reload (bsc#1176430). - virdevmapper: Handle kernel without device-mapper support (bsc#1175465). - Fixed an issue where building was failing (bsc#1175574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-3037=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3037=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libvirt-5.1.0-8.24.1 libvirt-admin-5.1.0-8.24.1 libvirt-admin-debuginfo-5.1.0-8.24.1 libvirt-client-5.1.0-8.24.1 libvirt-client-debuginfo-5.1.0-8.24.1 libvirt-daemon-5.1.0-8.24.1 libvirt-daemon-config-network-5.1.0-8.24.1 libvirt-daemon-config-nwfilter-5.1.0-8.24.1 libvirt-daemon-debuginfo-5.1.0-8.24.1 libvirt-daemon-driver-interface-5.1.0-8.24.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-8.24.1 libvirt-daemon-driver-lxc-5.1.0-8.24.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-8.24.1 libvirt-daemon-driver-network-5.1.0-8.24.1 libvirt-daemon-driver-network-debuginfo-5.1.0-8.24.1 libvirt-daemon-driver-nodedev-5.1.0-8.24.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-8.24.1 libvirt-daemon-driver-nwfilter-5.1.0-8.24.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-8.24.1 libvirt-daemon-driver-qemu-5.1.0-8.24.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-8.24.1 libvirt-daemon-driver-secret-5.1.0-8.24.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-8.24.1 libvirt-daemon-driver-storage-5.1.0-8.24.1 libvirt-daemon-driver-storage-core-5.1.0-8.24.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-8.24.1 libvirt-daemon-driver-storage-disk-5.1.0-8.24.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-8.24.1 libvirt-daemon-driver-storage-iscsi-5.1.0-8.24.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-8.24.1 libvirt-daemon-driver-storage-logical-5.1.0-8.24.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-8.24.1 libvirt-daemon-driver-storage-mpath-5.1.0-8.24.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-8.24.1 libvirt-daemon-driver-storage-scsi-5.1.0-8.24.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-8.24.1 libvirt-daemon-hooks-5.1.0-8.24.1 libvirt-daemon-lxc-5.1.0-8.24.1 libvirt-daemon-qemu-5.1.0-8.24.1 libvirt-debugsource-5.1.0-8.24.1 libvirt-devel-5.1.0-8.24.1 libvirt-lock-sanlock-5.1.0-8.24.1 libvirt-lock-sanlock-debuginfo-5.1.0-8.24.1 libvirt-nss-5.1.0-8.24.1 libvirt-nss-debuginfo-5.1.0-8.24.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-5.1.0-8.24.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-8.24.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): libvirt-bash-completion-5.1.0-8.24.1 libvirt-doc-5.1.0-8.24.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (x86_64): libvirt-daemon-driver-libxl-5.1.0-8.24.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-8.24.1 libvirt-daemon-xen-5.1.0-8.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-5.1.0-8.24.1 libvirt-libs-5.1.0-8.24.1 libvirt-libs-debuginfo-5.1.0-8.24.1 References: https://www.suse.com/security/cve/CVE-2020-15708.html https://www.suse.com/security/cve/CVE-2020-25637.html https://bugzilla.suse.com/1174955 https://bugzilla.suse.com/1175465 https://bugzilla.suse.com/1175574 https://bugzilla.suse.com/1176430 https://bugzilla.suse.com/1177155 https://bugzilla.suse.com/1177480 From sle-security-updates at lists.suse.com Tue Oct 27 05:15:40 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Oct 2020 12:15:40 +0100 (CET) Subject: SUSE-SU-2020:3038-1: important: Security update for libvirt Message-ID: <20201027111540.4EB37FFAF@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3038-1 Rating: important References: #1171701 #1174955 #1177155 Cross-References: CVE-2020-15708 CVE-2020-25637 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). - libxl: Fixed lock manager lock ordering (bsc#1171701). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3038=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3038=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3038=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3038=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libvirt-4.0.0-8.23.1 libvirt-admin-4.0.0-8.23.1 libvirt-admin-debuginfo-4.0.0-8.23.1 libvirt-client-4.0.0-8.23.1 libvirt-client-debuginfo-4.0.0-8.23.1 libvirt-daemon-4.0.0-8.23.1 libvirt-daemon-config-network-4.0.0-8.23.1 libvirt-daemon-config-nwfilter-4.0.0-8.23.1 libvirt-daemon-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-interface-4.0.0-8.23.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-libxl-4.0.0-8.23.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-lxc-4.0.0-8.23.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-network-4.0.0-8.23.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-nodedev-4.0.0-8.23.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-nwfilter-4.0.0-8.23.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-qemu-4.0.0-8.23.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-secret-4.0.0-8.23.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-4.0.0-8.23.1 libvirt-daemon-driver-storage-core-4.0.0-8.23.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-disk-4.0.0-8.23.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.23.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-logical-4.0.0-8.23.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.23.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-rbd-4.0.0-8.23.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.23.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.23.1 libvirt-daemon-hooks-4.0.0-8.23.1 libvirt-daemon-lxc-4.0.0-8.23.1 libvirt-daemon-qemu-4.0.0-8.23.1 libvirt-daemon-xen-4.0.0-8.23.1 libvirt-debugsource-4.0.0-8.23.1 libvirt-doc-4.0.0-8.23.1 libvirt-libs-4.0.0-8.23.1 libvirt-libs-debuginfo-4.0.0-8.23.1 libvirt-lock-sanlock-4.0.0-8.23.1 libvirt-lock-sanlock-debuginfo-4.0.0-8.23.1 libvirt-nss-4.0.0-8.23.1 libvirt-nss-debuginfo-4.0.0-8.23.1 - SUSE OpenStack Cloud 9 (x86_64): libvirt-4.0.0-8.23.1 libvirt-admin-4.0.0-8.23.1 libvirt-admin-debuginfo-4.0.0-8.23.1 libvirt-client-4.0.0-8.23.1 libvirt-client-debuginfo-4.0.0-8.23.1 libvirt-daemon-4.0.0-8.23.1 libvirt-daemon-config-network-4.0.0-8.23.1 libvirt-daemon-config-nwfilter-4.0.0-8.23.1 libvirt-daemon-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-interface-4.0.0-8.23.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-libxl-4.0.0-8.23.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-lxc-4.0.0-8.23.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-network-4.0.0-8.23.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-nodedev-4.0.0-8.23.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-nwfilter-4.0.0-8.23.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-qemu-4.0.0-8.23.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-secret-4.0.0-8.23.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-4.0.0-8.23.1 libvirt-daemon-driver-storage-core-4.0.0-8.23.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-disk-4.0.0-8.23.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.23.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-logical-4.0.0-8.23.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.23.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-rbd-4.0.0-8.23.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.23.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.23.1 libvirt-daemon-hooks-4.0.0-8.23.1 libvirt-daemon-lxc-4.0.0-8.23.1 libvirt-daemon-qemu-4.0.0-8.23.1 libvirt-daemon-xen-4.0.0-8.23.1 libvirt-debugsource-4.0.0-8.23.1 libvirt-doc-4.0.0-8.23.1 libvirt-libs-4.0.0-8.23.1 libvirt-libs-debuginfo-4.0.0-8.23.1 libvirt-lock-sanlock-4.0.0-8.23.1 libvirt-lock-sanlock-debuginfo-4.0.0-8.23.1 libvirt-nss-4.0.0-8.23.1 libvirt-nss-debuginfo-4.0.0-8.23.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libvirt-4.0.0-8.23.1 libvirt-admin-4.0.0-8.23.1 libvirt-admin-debuginfo-4.0.0-8.23.1 libvirt-client-4.0.0-8.23.1 libvirt-client-debuginfo-4.0.0-8.23.1 libvirt-daemon-4.0.0-8.23.1 libvirt-daemon-config-network-4.0.0-8.23.1 libvirt-daemon-config-nwfilter-4.0.0-8.23.1 libvirt-daemon-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-interface-4.0.0-8.23.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-lxc-4.0.0-8.23.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-network-4.0.0-8.23.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-nodedev-4.0.0-8.23.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-nwfilter-4.0.0-8.23.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-qemu-4.0.0-8.23.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-secret-4.0.0-8.23.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-4.0.0-8.23.1 libvirt-daemon-driver-storage-core-4.0.0-8.23.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-disk-4.0.0-8.23.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.23.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-logical-4.0.0-8.23.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.23.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.23.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.23.1 libvirt-daemon-hooks-4.0.0-8.23.1 libvirt-daemon-lxc-4.0.0-8.23.1 libvirt-daemon-qemu-4.0.0-8.23.1 libvirt-debugsource-4.0.0-8.23.1 libvirt-doc-4.0.0-8.23.1 libvirt-libs-4.0.0-8.23.1 libvirt-libs-debuginfo-4.0.0-8.23.1 libvirt-lock-sanlock-4.0.0-8.23.1 libvirt-lock-sanlock-debuginfo-4.0.0-8.23.1 libvirt-nss-4.0.0-8.23.1 libvirt-nss-debuginfo-4.0.0-8.23.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libvirt-daemon-driver-libxl-4.0.0-8.23.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-rbd-4.0.0-8.23.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.23.1 libvirt-daemon-xen-4.0.0-8.23.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libvirt-4.0.0-8.23.1 libvirt-admin-4.0.0-8.23.1 libvirt-admin-debuginfo-4.0.0-8.23.1 libvirt-client-4.0.0-8.23.1 libvirt-client-debuginfo-4.0.0-8.23.1 libvirt-daemon-4.0.0-8.23.1 libvirt-daemon-config-network-4.0.0-8.23.1 libvirt-daemon-config-nwfilter-4.0.0-8.23.1 libvirt-daemon-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-interface-4.0.0-8.23.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-lxc-4.0.0-8.23.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-network-4.0.0-8.23.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-nodedev-4.0.0-8.23.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-nwfilter-4.0.0-8.23.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-qemu-4.0.0-8.23.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-secret-4.0.0-8.23.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-4.0.0-8.23.1 libvirt-daemon-driver-storage-core-4.0.0-8.23.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-disk-4.0.0-8.23.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.23.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-logical-4.0.0-8.23.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.23.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.23.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.23.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.23.1 libvirt-daemon-hooks-4.0.0-8.23.1 libvirt-daemon-lxc-4.0.0-8.23.1 libvirt-daemon-qemu-4.0.0-8.23.1 libvirt-debugsource-4.0.0-8.23.1 libvirt-doc-4.0.0-8.23.1 libvirt-libs-4.0.0-8.23.1 libvirt-libs-debuginfo-4.0.0-8.23.1 libvirt-lock-sanlock-4.0.0-8.23.1 libvirt-lock-sanlock-debuginfo-4.0.0-8.23.1 libvirt-nss-4.0.0-8.23.1 libvirt-nss-debuginfo-4.0.0-8.23.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-4.0.0-8.23.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.23.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): libvirt-daemon-driver-libxl-4.0.0-8.23.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.23.1 libvirt-daemon-xen-4.0.0-8.23.1 References: https://www.suse.com/security/cve/CVE-2020-15708.html https://www.suse.com/security/cve/CVE-2020-25637.html https://bugzilla.suse.com/1171701 https://bugzilla.suse.com/1174955 https://bugzilla.suse.com/1177155 From sle-security-updates at lists.suse.com Tue Oct 27 05:16:48 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Oct 2020 12:16:48 +0100 (CET) Subject: SUSE-SU-2020:3039-1: important: Security update for libvirt Message-ID: <20201027111648.AD22BFFAC@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3039-1 Rating: important References: #1174955 #1175574 #1176430 #1177155 #1177480 Cross-References: CVE-2020-15708 CVE-2020-25637 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). - qemu: Adjust max memlock on mdev hotplug (bsc#1177480). - Xen: Don't add dom0 twice on driver reload (bsc#1176430). - Fixed an issue where building was failing (bsc#1175574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3039=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3039=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-5.1.0-13.19.1 libvirt-devel-5.1.0-13.19.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libvirt-5.1.0-13.19.1 libvirt-admin-5.1.0-13.19.1 libvirt-admin-debuginfo-5.1.0-13.19.1 libvirt-client-5.1.0-13.19.1 libvirt-client-debuginfo-5.1.0-13.19.1 libvirt-daemon-5.1.0-13.19.1 libvirt-daemon-config-network-5.1.0-13.19.1 libvirt-daemon-config-nwfilter-5.1.0-13.19.1 libvirt-daemon-debuginfo-5.1.0-13.19.1 libvirt-daemon-driver-interface-5.1.0-13.19.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-13.19.1 libvirt-daemon-driver-lxc-5.1.0-13.19.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-13.19.1 libvirt-daemon-driver-network-5.1.0-13.19.1 libvirt-daemon-driver-network-debuginfo-5.1.0-13.19.1 libvirt-daemon-driver-nodedev-5.1.0-13.19.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-13.19.1 libvirt-daemon-driver-nwfilter-5.1.0-13.19.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-13.19.1 libvirt-daemon-driver-qemu-5.1.0-13.19.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-13.19.1 libvirt-daemon-driver-secret-5.1.0-13.19.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-13.19.1 libvirt-daemon-driver-storage-5.1.0-13.19.1 libvirt-daemon-driver-storage-core-5.1.0-13.19.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-13.19.1 libvirt-daemon-driver-storage-disk-5.1.0-13.19.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-13.19.1 libvirt-daemon-driver-storage-iscsi-5.1.0-13.19.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-13.19.1 libvirt-daemon-driver-storage-logical-5.1.0-13.19.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-13.19.1 libvirt-daemon-driver-storage-mpath-5.1.0-13.19.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-13.19.1 libvirt-daemon-driver-storage-scsi-5.1.0-13.19.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-13.19.1 libvirt-daemon-hooks-5.1.0-13.19.1 libvirt-daemon-lxc-5.1.0-13.19.1 libvirt-daemon-qemu-5.1.0-13.19.1 libvirt-debugsource-5.1.0-13.19.1 libvirt-doc-5.1.0-13.19.1 libvirt-libs-5.1.0-13.19.1 libvirt-libs-debuginfo-5.1.0-13.19.1 libvirt-lock-sanlock-5.1.0-13.19.1 libvirt-lock-sanlock-debuginfo-5.1.0-13.19.1 libvirt-nss-5.1.0-13.19.1 libvirt-nss-debuginfo-5.1.0-13.19.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-5.1.0-13.19.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-13.19.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libvirt-daemon-driver-libxl-5.1.0-13.19.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-13.19.1 libvirt-daemon-xen-5.1.0-13.19.1 References: https://www.suse.com/security/cve/CVE-2020-15708.html https://www.suse.com/security/cve/CVE-2020-25637.html https://bugzilla.suse.com/1174955 https://bugzilla.suse.com/1175574 https://bugzilla.suse.com/1176430 https://bugzilla.suse.com/1177155 https://bugzilla.suse.com/1177480 From sle-security-updates at lists.suse.com Tue Oct 27 11:14:27 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Oct 2020 18:14:27 +0100 (CET) Subject: SUSE-SU-2020:3045-1: moderate: Security update for virt-bootstrap Message-ID: <20201027171427.AF575FFAC@maintenance.suse.de> SUSE Security Update: Security update for virt-bootstrap ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3045-1 Rating: moderate References: #1140750 Cross-References: CVE-2019-13314 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for virt-bootstrap fixes the following issues: Security issue fixed: - CVE-2019-13314: Allow providing the container's root password using a file (bsc#1140750). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-3045=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-3045=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): python3-virt-bootstrap-1.0.0-5.3.124 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): python3-virt-bootstrap-1.0.0-5.3.124 References: https://www.suse.com/security/cve/CVE-2019-13314.html https://bugzilla.suse.com/1140750 From sle-security-updates at lists.suse.com Tue Oct 27 14:13:50 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Oct 2020 21:13:50 +0100 (CET) Subject: SUSE-SU-2020:3054-1: important: Security update for pacemaker Message-ID: <20201027201350.EE30EFFAB@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3054-1 Rating: important References: #1167171 #1173668 #1175557 #1177916 ECO-1611 SLE-12239 SLE-12240 Cross-References: CVE-2020-25654 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability, contains three features and has three fixes is now available. Description: This update for pacemaker fixes the following issues: Update to 2.0.4: - based: use crm_exit to free qb-logging - cibsecret: don't use pssh -q option unless supported - crm_error: use g_free for a proper match - crm_mon: NULL output-pointer when buffer is freed - crm_resource: avoid unnecessary issus with dynamic allocation - crm_ticket: avoid unnecessary issues with dynamic allocation - executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916) - fencer: avoid infinite loop if device is removed during operation - fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916) - libcrmcommon: free basename after setting prgname - libcrmcommon: return ENOMEM directly instead of errno - libpe_status: Modify filtering of inactive resources. - libreplace: closedir when bailing out dir traversal - move bcond_with/without up front for e.g. pcmk_release - pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916) - resources: attribute name parameter doesn't have to be unique - rpm: add spec option for enabling CIB secrets - rpm: put user-configurable items at top of spec - rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171) - scheduler: Add the node name back to bundle instances. - silence some false positives static analysis stumbled over - tools: check resource separately from managing parameter in cibsecret - tools: free IPC memory after closing connection - tools: improve cibsecret help - tools: verify newly created CIB connection is not NULL Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-3054=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.4+20200616.2deceaa3a-3.3.1 libpacemaker3-2.0.4+20200616.2deceaa3a-3.3.1 libpacemaker3-debuginfo-2.0.4+20200616.2deceaa3a-3.3.1 pacemaker-2.0.4+20200616.2deceaa3a-3.3.1 pacemaker-cli-2.0.4+20200616.2deceaa3a-3.3.1 pacemaker-cli-debuginfo-2.0.4+20200616.2deceaa3a-3.3.1 pacemaker-debuginfo-2.0.4+20200616.2deceaa3a-3.3.1 pacemaker-debugsource-2.0.4+20200616.2deceaa3a-3.3.1 pacemaker-remote-2.0.4+20200616.2deceaa3a-3.3.1 pacemaker-remote-debuginfo-2.0.4+20200616.2deceaa3a-3.3.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): pacemaker-cts-2.0.4+20200616.2deceaa3a-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-25654.html https://bugzilla.suse.com/1167171 https://bugzilla.suse.com/1173668 https://bugzilla.suse.com/1175557 https://bugzilla.suse.com/1177916 From sle-security-updates at lists.suse.com Tue Oct 27 14:15:06 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Oct 2020 21:15:06 +0100 (CET) Subject: SUSE-SU-2020:3053-1: important: Security update for MozillaFirefox Message-ID: <20201027201506.AE504FFAB@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3053-1 Rating: important References: #1176756 #1177872 Cross-References: CVE-2020-15683 CVE-2020-15969 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3053=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3053=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3053=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3053=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3053=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3053=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3053=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3053=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3053=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3053=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3053=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3053=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3053=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3053=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3053=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3053=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3053=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-78.4.0-112.28.1 MozillaFirefox-debuginfo-78.4.0-112.28.1 MozillaFirefox-debugsource-78.4.0-112.28.1 MozillaFirefox-devel-78.4.0-112.28.1 MozillaFirefox-translations-common-78.4.0-112.28.1 References: https://www.suse.com/security/cve/CVE-2020-15683.html https://www.suse.com/security/cve/CVE-2020-15969.html https://bugzilla.suse.com/1176756 https://bugzilla.suse.com/1177872 From sle-security-updates at lists.suse.com Tue Oct 27 14:16:10 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Oct 2020 21:16:10 +0100 (CET) Subject: SUSE-SU-2020:3052-1: important: Security update for xen Message-ID: <20201027201610.5B3E6FFAB@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3052-1 Rating: important References: #1177409 #1177412 #1177413 #1177414 Cross-References: CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27673 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3052=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3052=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3052=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): xen-4.10.4_18-3.44.1 xen-debugsource-4.10.4_18-3.44.1 xen-devel-4.10.4_18-3.44.1 xen-libs-4.10.4_18-3.44.1 xen-libs-debuginfo-4.10.4_18-3.44.1 xen-tools-4.10.4_18-3.44.1 xen-tools-debuginfo-4.10.4_18-3.44.1 xen-tools-domU-4.10.4_18-3.44.1 xen-tools-domU-debuginfo-4.10.4_18-3.44.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): xen-4.10.4_18-3.44.1 xen-debugsource-4.10.4_18-3.44.1 xen-devel-4.10.4_18-3.44.1 xen-libs-4.10.4_18-3.44.1 xen-libs-debuginfo-4.10.4_18-3.44.1 xen-tools-4.10.4_18-3.44.1 xen-tools-debuginfo-4.10.4_18-3.44.1 xen-tools-domU-4.10.4_18-3.44.1 xen-tools-domU-debuginfo-4.10.4_18-3.44.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): xen-4.10.4_18-3.44.1 xen-debugsource-4.10.4_18-3.44.1 xen-devel-4.10.4_18-3.44.1 xen-libs-4.10.4_18-3.44.1 xen-libs-debuginfo-4.10.4_18-3.44.1 xen-tools-4.10.4_18-3.44.1 xen-tools-debuginfo-4.10.4_18-3.44.1 xen-tools-domU-4.10.4_18-3.44.1 xen-tools-domU-debuginfo-4.10.4_18-3.44.1 References: https://www.suse.com/security/cve/CVE-2020-27670.html https://www.suse.com/security/cve/CVE-2020-27671.html https://www.suse.com/security/cve/CVE-2020-27672.html https://www.suse.com/security/cve/CVE-2020-27673.html https://bugzilla.suse.com/1177409 https://bugzilla.suse.com/1177412 https://bugzilla.suse.com/1177413 https://bugzilla.suse.com/1177414 From sle-security-updates at lists.suse.com Tue Oct 27 14:17:16 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Oct 2020 21:17:16 +0100 (CET) Subject: SUSE-SU-2020:3049-1: important: Security update for xen Message-ID: <20201027201716.F1AF5FFAB@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3049-1 Rating: important References: #1177409 #1177412 #1177413 #1177414 Cross-References: CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27673 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-3049=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3049=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.1_10-3.13.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): xen-4.13.1_10-3.13.1 xen-debugsource-4.13.1_10-3.13.1 xen-devel-4.13.1_10-3.13.1 xen-tools-4.13.1_10-3.13.1 xen-tools-debuginfo-4.13.1_10-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): xen-debugsource-4.13.1_10-3.13.1 xen-libs-4.13.1_10-3.13.1 xen-libs-debuginfo-4.13.1_10-3.13.1 xen-tools-domU-4.13.1_10-3.13.1 xen-tools-domU-debuginfo-4.13.1_10-3.13.1 References: https://www.suse.com/security/cve/CVE-2020-27670.html https://www.suse.com/security/cve/CVE-2020-27671.html https://www.suse.com/security/cve/CVE-2020-27672.html https://www.suse.com/security/cve/CVE-2020-27673.html https://bugzilla.suse.com/1177409 https://bugzilla.suse.com/1177412 https://bugzilla.suse.com/1177413 https://bugzilla.suse.com/1177414 From sle-security-updates at lists.suse.com Tue Oct 27 14:18:23 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Oct 2020 21:18:23 +0100 (CET) Subject: SUSE-SU-2020:3050-1: important: Security update for xen Message-ID: <20201027201823.DAE55FFAB@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3050-1 Rating: important References: #1177409 #1177412 #1177413 #1177414 Cross-References: CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27673 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3050=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3050=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.3_10-3.27.1 xen-devel-4.12.3_10-3.27.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.3_10-3.27.1 xen-debugsource-4.12.3_10-3.27.1 xen-doc-html-4.12.3_10-3.27.1 xen-libs-32bit-4.12.3_10-3.27.1 xen-libs-4.12.3_10-3.27.1 xen-libs-debuginfo-32bit-4.12.3_10-3.27.1 xen-libs-debuginfo-4.12.3_10-3.27.1 xen-tools-4.12.3_10-3.27.1 xen-tools-debuginfo-4.12.3_10-3.27.1 xen-tools-domU-4.12.3_10-3.27.1 xen-tools-domU-debuginfo-4.12.3_10-3.27.1 References: https://www.suse.com/security/cve/CVE-2020-27670.html https://www.suse.com/security/cve/CVE-2020-27671.html https://www.suse.com/security/cve/CVE-2020-27672.html https://www.suse.com/security/cve/CVE-2020-27673.html https://bugzilla.suse.com/1177409 https://bugzilla.suse.com/1177412 https://bugzilla.suse.com/1177413 https://bugzilla.suse.com/1177414 From sle-security-updates at lists.suse.com Tue Oct 27 14:19:31 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Oct 2020 21:19:31 +0100 (CET) Subject: SUSE-SU-2020:3051-1: important: Security update for xen Message-ID: <20201027201931.40ECAFFAB@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3051-1 Rating: important References: #1177409 #1177412 #1177413 #1177414 Cross-References: CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27673 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-3051=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3051=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (x86_64): xen-4.12.3_10-3.31.1 xen-debugsource-4.12.3_10-3.31.1 xen-devel-4.12.3_10-3.31.1 xen-tools-4.12.3_10-3.31.1 xen-tools-debuginfo-4.12.3_10-3.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): xen-debugsource-4.12.3_10-3.31.1 xen-libs-4.12.3_10-3.31.1 xen-libs-debuginfo-4.12.3_10-3.31.1 xen-tools-domU-4.12.3_10-3.31.1 xen-tools-domU-debuginfo-4.12.3_10-3.31.1 References: https://www.suse.com/security/cve/CVE-2020-27670.html https://www.suse.com/security/cve/CVE-2020-27671.html https://www.suse.com/security/cve/CVE-2020-27672.html https://www.suse.com/security/cve/CVE-2020-27673.html https://bugzilla.suse.com/1177409 https://bugzilla.suse.com/1177412 https://bugzilla.suse.com/1177413 https://bugzilla.suse.com/1177414 From sle-security-updates at lists.suse.com Wed Oct 28 01:04:24 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 08:04:24 +0100 (CET) Subject: SUSE-CU-2020:567-1: Security update of harbor/harbor-core Message-ID: <20201028070424.D726AFFAC@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-core ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:567-1 Container Tags : harbor/harbor-core:2.1.0 , harbor/harbor-core:2.1.0-rev1 , harbor/harbor-core:2.1.0-rev1-build2.50 Container Release : 2.50 Severity : moderate Type : security References : 1158830 1172798 1172846 1173972 1174753 1174817 1175168 1176123 CVE-2020-13844 ----------------------------------------------------------------- The container harbor/harbor-core was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) From sle-security-updates at lists.suse.com Wed Oct 28 01:05:15 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 08:05:15 +0100 (CET) Subject: SUSE-CU-2020:568-1: Security update of harbor/harbor-db Message-ID: <20201028070515.0D6D3FFAC@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:568-1 Container Tags : harbor/harbor-db:2.1.0 , harbor/harbor-db:2.1.0-rev1 , harbor/harbor-db:2.1.0-rev1-build2.49 Container Release : 2.49 Severity : moderate Type : security References : 1158830 1172798 1172846 1173972 1174753 1174817 1175168 1176123 CVE-2020-13844 ----------------------------------------------------------------- The container harbor/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) From sle-security-updates at lists.suse.com Wed Oct 28 01:06:06 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 08:06:06 +0100 (CET) Subject: SUSE-CU-2020:570-1: Security update of harbor/harbor-jobservice Message-ID: <20201028070606.1B00BFFAC@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-jobservice ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:570-1 Container Tags : harbor/harbor-jobservice:2.1.0 , harbor/harbor-jobservice:2.1.0-rev1 , harbor/harbor-jobservice:2.1.0-rev1-build2.51 Container Release : 2.51 Severity : moderate Type : security References : 1158830 1172798 1172846 1173972 1174753 1174817 1175168 1176123 CVE-2020-13844 ----------------------------------------------------------------- The container harbor/harbor-jobservice was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) From sle-security-updates at lists.suse.com Wed Oct 28 01:06:51 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 08:06:51 +0100 (CET) Subject: SUSE-CU-2020:571-1: Security update of harbor/harbor-nginx Message-ID: <20201028070651.727AEFFAC@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:571-1 Container Tags : harbor/harbor-nginx:2.1.0 , harbor/harbor-nginx:2.1.0-rev1 , harbor/harbor-nginx:2.1.0-rev1-build2.51 Container Release : 2.51 Severity : important Type : security References : 1158830 1172798 1172846 1173972 1174753 1174817 1175168 1176123 1177914 CVE-2020-13844 CVE-2020-15999 ----------------------------------------------------------------- The container harbor/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2995-1 Released: Thu Oct 22 10:03:09 2020 Summary: Security update for freetype2 Type: security Severity: important References: 1177914,CVE-2020-15999 This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). From sle-security-updates at lists.suse.com Wed Oct 28 01:07:16 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 08:07:16 +0100 (CET) Subject: SUSE-CU-2020:572-1: Security update of harbor/harbor-notary-server Message-ID: <20201028070716.5D357FFAC@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-notary-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:572-1 Container Tags : harbor/harbor-notary-server:2.1.0 , harbor/harbor-notary-server:2.1.0-rev1 , harbor/harbor-notary-server:2.1.0-rev1-build1.24 Container Release : 1.24 Severity : moderate Type : security References : 1158830 1172798 1172846 1173972 1174753 1174817 1175168 1176123 CVE-2020-13844 ----------------------------------------------------------------- The container harbor/harbor-notary-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) From sle-security-updates at lists.suse.com Wed Oct 28 01:07:41 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 08:07:41 +0100 (CET) Subject: SUSE-CU-2020:573-1: Security update of harbor/harbor-notary-signer Message-ID: <20201028070741.1FFD4FFAC@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-notary-signer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:573-1 Container Tags : harbor/harbor-notary-signer:2.1.0 , harbor/harbor-notary-signer:2.1.0-rev1 , harbor/harbor-notary-signer:2.1.0-rev1-build1.23 Container Release : 1.23 Severity : moderate Type : security References : 1158830 1172798 1172846 1173972 1174753 1174817 1175168 1176123 CVE-2020-13844 ----------------------------------------------------------------- The container harbor/harbor-notary-signer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) From sle-security-updates at lists.suse.com Wed Oct 28 01:08:33 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 08:08:33 +0100 (CET) Subject: SUSE-CU-2020:574-1: Security update of harbor/harbor-portal Message-ID: <20201028070833.48F50FFAC@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:574-1 Container Tags : harbor/harbor-portal:2.1.0 , harbor/harbor-portal:2.1.0-rev1 , harbor/harbor-portal:2.1.0-rev1-build2.38 Container Release : 2.38 Severity : important Type : security References : 1158830 1172798 1172846 1173972 1174753 1174817 1175168 1176123 1177914 CVE-2020-13844 CVE-2020-15999 ----------------------------------------------------------------- The container harbor/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2995-1 Released: Thu Oct 22 10:03:09 2020 Summary: Security update for freetype2 Type: security Severity: important References: 1177914,CVE-2020-15999 This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). From sle-security-updates at lists.suse.com Wed Oct 28 01:09:13 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 08:09:13 +0100 (CET) Subject: SUSE-CU-2020:575-1: Security update of harbor/harbor-redis Message-ID: <20201028070913.DD129FFAC@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-redis ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:575-1 Container Tags : harbor/harbor-redis:2.1.0 , harbor/harbor-redis:2.1.0-rev1 , harbor/harbor-redis:2.1.0-rev1-build4.2 Container Release : 4.2 Severity : moderate Type : security References : 1158830 1172798 1172846 1173972 1174753 1174817 1175168 1176123 CVE-2020-13844 ----------------------------------------------------------------- The container harbor/harbor-redis was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) From sle-security-updates at lists.suse.com Wed Oct 28 01:10:04 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 08:10:04 +0100 (CET) Subject: SUSE-CU-2020:577-1: Security update of harbor/harbor-registry Message-ID: <20201028071004.AF455FFAC@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:577-1 Container Tags : harbor/harbor-registry:2.1.0 , harbor/harbor-registry:2.1.0-rev1 , harbor/harbor-registry:2.1.0-rev1-build2.52 Container Release : 2.52 Severity : moderate Type : security References : 1158830 1172798 1172846 1173972 1174753 1174817 1175168 1176123 CVE-2020-13844 ----------------------------------------------------------------- The container harbor/harbor-registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) From sle-security-updates at lists.suse.com Wed Oct 28 01:10:48 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 08:10:48 +0100 (CET) Subject: SUSE-CU-2020:578-1: Security update of harbor/harbor-registryctl Message-ID: <20201028071048.2BD43FFAC@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-registryctl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:578-1 Container Tags : harbor/harbor-registryctl:2.1.0 , harbor/harbor-registryctl:2.1.0-rev1 , harbor/harbor-registryctl:2.1.0-rev1-build2.52 Container Release : 2.52 Severity : moderate Type : security References : 1158830 1172798 1172846 1173972 1174753 1174817 1175168 1176123 CVE-2020-13844 ----------------------------------------------------------------- The container harbor/harbor-registryctl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) From sle-security-updates at lists.suse.com Wed Oct 28 01:11:39 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 08:11:39 +0100 (CET) Subject: SUSE-CU-2020:579-1: Security update of harbor/harbor-test Message-ID: <20201028071139.C473CFFAC@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-test ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:579-1 Container Tags : harbor/harbor-test:2.1.0 , harbor/harbor-test:2.1.0-rev1 , harbor/harbor-test:2.1.0-rev1-build4.20 Container Release : 4.20 Severity : moderate Type : security References : 1158830 1172798 1172846 1173972 1174753 1174817 1175168 1175281 1176123 CVE-2020-13844 ----------------------------------------------------------------- The container harbor/harbor-test was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2936-1 Released: Thu Oct 15 13:41:33 2020 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1175281 This update for iproute2 provides the following fix: - Add the iproute2-arpd sub-package to the SLE Basesystem module. (bsc#1175281) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) From sle-security-updates at lists.suse.com Wed Oct 28 01:12:22 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 08:12:22 +0100 (CET) Subject: SUSE-CU-2020:580-1: Security update of harbor/harbor-trivy-adapter Message-ID: <20201028071222.53E16FFAC@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:580-1 Container Tags : harbor/harbor-trivy-adapter:2.1.0 , harbor/harbor-trivy-adapter:2.1.0-rev1 , harbor/harbor-trivy-adapter:2.1.0-rev1-build2.51 Container Release : 2.51 Severity : moderate Type : security References : 1158830 1172798 1172846 1173972 1174753 1174817 1175168 1176123 CVE-2020-13844 ----------------------------------------------------------------- The container harbor/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) From sle-security-updates at lists.suse.com Wed Oct 28 01:22:12 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 08:22:12 +0100 (CET) Subject: SUSE-CU-2020:582-1: Security update of suse/sles12sp3 Message-ID: <20201028072212.B9C1DFFAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:582-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.220 , suse/sles12sp3:latest Container Release : 24.220 Severity : moderate Type : security References : 1149332 1165784 1171878 1172085 1176013 CVE-2020-10029 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3024-1 Released: Fri Oct 23 14:21:54 2020 Summary: Security update for glibc Type: security Severity: moderate References: 1149332,1165784,1171878,1172085,1176013,CVE-2020-10029 This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a stack corruption from range reduction of pseudo-zero (bsc#1165784) - Use posix_spawn on popen (bsc#1149332, bsc#1176013) - Correct locking and cancellation cleanup in syslog functions (bsc#1172085) - Fixed concurrent changes on nscd aware files (bsc#1171878) From sle-security-updates at lists.suse.com Wed Oct 28 05:16:28 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 12:16:28 +0100 (CET) Subject: SUSE-SU-2020:3064-1: moderate: Security update for zeromq Message-ID: <20201028111628.5EBA5FFAB@maintenance.suse.de> SUSE Security Update: Security update for zeromq ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3064-1 Rating: moderate References: #1176257 #1176258 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for zeromq fixes the following issues: - Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257) - Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-3064=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-3064=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2020-3064=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-3064=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3064=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2020-3064=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2020-3064=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3064=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): libzmq3-4.0.4-15.6.1 libzmq3-debuginfo-4.0.4-15.6.1 zeromq-debugsource-4.0.4-15.6.1 - SUSE Manager Server 3.2 (ppc64le s390x x86_64): libzmq3-4.0.4-15.6.1 libzmq3-debuginfo-4.0.4-15.6.1 zeromq-debugsource-4.0.4-15.6.1 - SUSE Manager Proxy 3.2 (x86_64): libzmq3-4.0.4-15.6.1 libzmq3-debuginfo-4.0.4-15.6.1 zeromq-debugsource-4.0.4-15.6.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libzmq3-4.0.4-15.6.1 libzmq3-debuginfo-4.0.4-15.6.1 zeromq-debugsource-4.0.4-15.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libzmq3-4.0.4-15.6.1 libzmq3-debuginfo-4.0.4-15.6.1 zeromq-debugsource-4.0.4-15.6.1 zeromq-devel-4.0.4-15.6.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): libzmq3-4.0.4-15.6.1 libzmq3-debuginfo-4.0.4-15.6.1 zeromq-debugsource-4.0.4-15.6.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): libzmq3-4.0.4-15.6.1 libzmq3-debuginfo-4.0.4-15.6.1 zeromq-debugsource-4.0.4-15.6.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libzmq3-4.0.4-15.6.1 libzmq3-debuginfo-4.0.4-15.6.1 zeromq-debugsource-4.0.4-15.6.1 References: https://bugzilla.suse.com/1176257 https://bugzilla.suse.com/1176258 From sle-security-updates at lists.suse.com Wed Oct 28 05:18:25 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 12:18:25 +0100 (CET) Subject: SUSE-SU-2020:3060-1: moderate: Security update for binutils Message-ID: <20201028111825.CA66CFFAB@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3060-1 Rating: moderate References: #1126826 #1126829 #1126831 #1140126 #1142649 #1143609 #1153768 #1153770 #1157755 #1160254 #1160590 #1163333 #1163744 ECO-2373 SLE-7464 SLE-7903 Cross-References: CVE-2019-12972 CVE-2019-14250 CVE-2019-14444 CVE-2019-17450 CVE-2019-17451 CVE-2019-9074 CVE-2019-9075 CVE-2019-9077 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves 8 vulnerabilities, contains three features and has 5 fixes is now available. Description: This update for binutils fixes the following issues: binutils was updated to version 2.35. (jsc#ECO-2373) Update to binutils 2.35: * The assembler can now produce DWARF-5 format line number tables. * Readelf now has a "lint" mode to enable extra checks of the files it is processing. * Readelf will now display "[...]" when it has to truncate a symbol name. The old behaviour - of displaying as many characters as possible, up to the 80 column limit - can be restored by the use of the --silent-truncation option. * The linker can now produce a dependency file listing the inputs that it has processed, much like the -M -MP option supported by the compiler. - fix DT_NEEDED order with -flto [bsc#1163744] Update to binutils 2.34: * The disassembler (objdump --disassemble) now has an option to generate ascii art thats show the arcs between that start and end points of control flow instructions. * The binutils tools now have support for debuginfod. Debuginfod is a HTTP service for distributing ELF/DWARF debugging information as well as source code. The tools can now connect to debuginfod servers in order to download debug information about the files that they are processing. * The assembler and linker now support the generation of ELF format files for the Z80 architecture. - Add new subpackages for libctf and libctf-nobfd. - Disable LTO due to bsc#1163333. - Includes fixes for these CVEs: bsc#1153768 aka CVE-2019-17451 aka PR25070 bsc#1153770 aka CVE-2019-17450 aka PR25078 - fix various build fails on aarch64 (PR25210, bsc#1157755). Update to binutils 2.33.1: * Adds support for the Arm Scalable Vector Extension version 2 (SVE2) instructions, the Arm Transactional Memory Extension (TME) instructions and the Armv8.1-M Mainline and M-profile Vector Extension (MVE) instructions. * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE, Cortex-A76AE, and Cortex-A77 processors. * Adds a .float16 directive for both Arm and AArch64 to allow encoding of 16-bit floating point literals. * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure time option to set the default behavior. Set the default if the configure option is not used to "no". * The Cortex-A53 Erratum 843419 workaround now supports a choice of which workaround to use. The option --fix-cortex-a53-843419 now takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be used to force a particular workaround to be used. See --help for AArch64 for more details. * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the AArch64 ELF linker. * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI on inputs and use PLTs protected with BTI. * Add -z pac-plt for AArch64 to pick PAC enabled PLTs. * Add --source-comment[=] option to objdump which if present, provides a prefix to source code lines displayed in a disassembly. * Add --set-section-alignment = option to objcopy to allow the changing of section alignments. * Add --verilog-data-width option to objcopy for verilog targets to control width of data elements in verilog hex format. * The separate debug info file options of readelf (--debug-dump=links and --debug-dump=follow) and objdump (--dwarf=links and --dwarf=follow-links) will now display and/or follow multiple links if more than one are present in a file. (This usually happens when gcc's -gsplit-dwarf option is used). In addition objdump's --dwarf=follow-links now also affects its other display options, so that for example, when combined with --syms it will cause the symbol tables in any linked debug info files to also be displayed. In addition when combined with --disassemble the --dwarf= follow-links option will ensure that any symbol tables in the linked files are read and used when disassembling code in the main file. * Add support for dumping types encoded in the Compact Type Format to objdump and readelf. - Includes fixes for these CVEs: bsc#1126826 aka CVE-2019-9077 aka PR1126826 bsc#1126829 aka CVE-2019-9075 aka PR1126829 bsc#1126831 aka CVE-2019-9074 aka PR24235 bsc#1140126 aka CVE-2019-12972 aka PR23405 bsc#1143609 aka CVE-2019-14444 aka PR24829 bsc#1142649 aka CVE-2019-14250 aka PR90924 * Add xBPF target * Fix various problems with DWARF 5 support in gas * fix nm -B for objects compiled with -flto and -fcommon. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-3060=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-3060=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-3060=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-3060=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3060=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3060=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.35-7.11.1 binutils-debugsource-2.35-7.11.1 binutils-gold-2.35-7.11.1 binutils-gold-debuginfo-2.35-7.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.35-7.11.1 binutils-debugsource-2.35-7.11.1 binutils-gold-2.35-7.11.1 binutils-gold-debuginfo-2.35-7.11.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): binutils-debugsource-2.35-7.11.1 binutils-devel-32bit-2.35-7.11.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): binutils-debugsource-2.35-7.11.1 binutils-devel-32bit-2.35-7.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): binutils-2.35-7.11.1 binutils-debuginfo-2.35-7.11.1 binutils-debugsource-2.35-7.11.1 binutils-devel-2.35-7.11.1 libctf-nobfd0-2.35-7.11.1 libctf-nobfd0-debuginfo-2.35-7.11.1 libctf0-2.35-7.11.1 libctf0-debuginfo-2.35-7.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): binutils-2.35-7.11.1 binutils-debuginfo-2.35-7.11.1 binutils-debugsource-2.35-7.11.1 binutils-devel-2.35-7.11.1 libctf-nobfd0-2.35-7.11.1 libctf-nobfd0-debuginfo-2.35-7.11.1 libctf0-2.35-7.11.1 libctf0-debuginfo-2.35-7.11.1 References: https://www.suse.com/security/cve/CVE-2019-12972.html https://www.suse.com/security/cve/CVE-2019-14250.html https://www.suse.com/security/cve/CVE-2019-14444.html https://www.suse.com/security/cve/CVE-2019-17450.html https://www.suse.com/security/cve/CVE-2019-17451.html https://www.suse.com/security/cve/CVE-2019-9074.html https://www.suse.com/security/cve/CVE-2019-9075.html https://www.suse.com/security/cve/CVE-2019-9077.html https://bugzilla.suse.com/1126826 https://bugzilla.suse.com/1126829 https://bugzilla.suse.com/1126831 https://bugzilla.suse.com/1140126 https://bugzilla.suse.com/1142649 https://bugzilla.suse.com/1143609 https://bugzilla.suse.com/1153768 https://bugzilla.suse.com/1153770 https://bugzilla.suse.com/1157755 https://bugzilla.suse.com/1160254 https://bugzilla.suse.com/1160590 https://bugzilla.suse.com/1163333 https://bugzilla.suse.com/1163744 From sle-security-updates at lists.suse.com Wed Oct 28 08:13:54 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 15:13:54 +0100 (CET) Subject: SUSE-SU-2020:3070-1: moderate: Security update for spice Message-ID: <20201028141354.470D7FFAC@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3070-1 Rating: moderate References: #1177158 Cross-References: CVE-2020-14355 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-3070=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.14.2-3.3.1 libspice-server1-0.14.2-3.3.1 libspice-server1-debuginfo-0.14.2-3.3.1 spice-debugsource-0.14.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-14355.html https://bugzilla.suse.com/1177158 From sle-security-updates at lists.suse.com Wed Oct 28 08:14:45 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 15:14:45 +0100 (CET) Subject: SUSE-SU-2020:3065-1: important: Security update for sane-backends Message-ID: <20201028141445.40111FFAB@maintenance.suse.de> SUSE Security Update: Security update for sane-backends ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3065-1 Rating: important References: #1172524 ECO-2418 PM-2118 SLE-15560 SLE-15561 Cross-References: CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities, contains four features is now available. Description: This update for sane-backends fixes the following issues: sane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560) and also fix various security issues: - CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524) - CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524) - CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524) The upstream changelogs can be found here: - https://gitlab.com/sane-project/backends/-/releases/1.0.28 - https://gitlab.com/sane-project/backends/-/releases/1.0.29 - https://gitlab.com/sane-project/backends/-/releases/1.0.30 - https://gitlab.com/sane-project/backends/-/releases/1.0.31 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-3065=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-3065=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3065=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3065=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): sane-backends-32bit-1.0.31-6.3.2 sane-backends-32bit-debuginfo-1.0.31-6.3.2 sane-backends-debugsource-1.0.31-6.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): sane-backends-32bit-1.0.31-6.3.2 sane-backends-32bit-debuginfo-1.0.31-6.3.2 sane-backends-debugsource-1.0.31-6.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): sane-backends-1.0.31-6.3.2 sane-backends-autoconfig-1.0.31-6.3.2 sane-backends-debuginfo-1.0.31-6.3.2 sane-backends-debugsource-1.0.31-6.3.2 sane-backends-devel-1.0.31-6.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): sane-backends-1.0.31-6.3.2 sane-backends-autoconfig-1.0.31-6.3.2 sane-backends-debuginfo-1.0.31-6.3.2 sane-backends-debugsource-1.0.31-6.3.2 sane-backends-devel-1.0.31-6.3.2 References: https://www.suse.com/security/cve/CVE-2020-12861.html https://www.suse.com/security/cve/CVE-2020-12862.html https://www.suse.com/security/cve/CVE-2020-12863.html https://www.suse.com/security/cve/CVE-2020-12864.html https://www.suse.com/security/cve/CVE-2020-12865.html https://www.suse.com/security/cve/CVE-2020-12866.html https://www.suse.com/security/cve/CVE-2020-12867.html https://bugzilla.suse.com/1172524 From sle-security-updates at lists.suse.com Wed Oct 28 08:15:39 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 15:15:39 +0100 (CET) Subject: SUSE-SU-2020:3068-1: moderate: Security update for tomcat Message-ID: <20201028141539.29A32FFAB@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3068-1 Rating: moderate References: #1177582 Cross-References: CVE-2020-13943 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up (bsc#1177582) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-3068=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): tomcat-9.0.36-3.12.3 tomcat-admin-webapps-9.0.36-3.12.3 tomcat-el-3_0-api-9.0.36-3.12.3 tomcat-jsp-2_3-api-9.0.36-3.12.3 tomcat-lib-9.0.36-3.12.3 tomcat-servlet-4_0-api-9.0.36-3.12.3 tomcat-webapps-9.0.36-3.12.3 References: https://www.suse.com/security/cve/CVE-2020-13943.html https://bugzilla.suse.com/1177582 From sle-security-updates at lists.suse.com Wed Oct 28 08:16:30 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 15:16:30 +0100 (CET) Subject: SUSE-SU-2020:3069-1: moderate: Security update for tomcat Message-ID: <20201028141630.8DF50FFAB@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3069-1 Rating: moderate References: #1177582 Cross-References: CVE-2020-13943 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up (bsc#1177582) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-3069=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): tomcat-9.0.36-4.47.3 tomcat-admin-webapps-9.0.36-4.47.3 tomcat-el-3_0-api-9.0.36-4.47.3 tomcat-jsp-2_3-api-9.0.36-4.47.3 tomcat-lib-9.0.36-4.47.3 tomcat-servlet-4_0-api-9.0.36-4.47.3 tomcat-webapps-9.0.36-4.47.3 References: https://www.suse.com/security/cve/CVE-2020-13943.html https://bugzilla.suse.com/1177582 From sle-security-updates at lists.suse.com Wed Oct 28 08:17:23 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 15:17:23 +0100 (CET) Subject: SUSE-SU-2020:3067-1: important: Security update for apache2 Message-ID: <20201028141723.35C72FFAB@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3067-1 Rating: important References: #1175070 #1175071 #1178074 Cross-References: CVE-2020-11993 CVE-2020-9490 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for apache2 fixes the following issues: - Enables the patch for CVE-2020-11993 and CVE-2020-9490. The patch was included but not applied in the previous update. (bsc#1178074) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3067=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3067=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-3067=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3067=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3067=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): apache2-2.4.33-3.41.1 apache2-debuginfo-2.4.33-3.41.1 apache2-debugsource-2.4.33-3.41.1 apache2-devel-2.4.33-3.41.1 apache2-prefork-2.4.33-3.41.1 apache2-prefork-debuginfo-2.4.33-3.41.1 apache2-utils-2.4.33-3.41.1 apache2-utils-debuginfo-2.4.33-3.41.1 apache2-worker-2.4.33-3.41.1 apache2-worker-debuginfo-2.4.33-3.41.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): apache2-doc-2.4.33-3.41.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): apache2-2.4.33-3.41.1 apache2-debuginfo-2.4.33-3.41.1 apache2-debugsource-2.4.33-3.41.1 apache2-devel-2.4.33-3.41.1 apache2-prefork-2.4.33-3.41.1 apache2-prefork-debuginfo-2.4.33-3.41.1 apache2-utils-2.4.33-3.41.1 apache2-utils-debuginfo-2.4.33-3.41.1 apache2-worker-2.4.33-3.41.1 apache2-worker-debuginfo-2.4.33-3.41.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): apache2-doc-2.4.33-3.41.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.41.1 apache2-debuginfo-2.4.33-3.41.1 apache2-debugsource-2.4.33-3.41.1 apache2-devel-2.4.33-3.41.1 apache2-prefork-2.4.33-3.41.1 apache2-prefork-debuginfo-2.4.33-3.41.1 apache2-utils-2.4.33-3.41.1 apache2-utils-debuginfo-2.4.33-3.41.1 apache2-worker-2.4.33-3.41.1 apache2-worker-debuginfo-2.4.33-3.41.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): apache2-doc-2.4.33-3.41.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): apache2-2.4.33-3.41.1 apache2-debuginfo-2.4.33-3.41.1 apache2-debugsource-2.4.33-3.41.1 apache2-devel-2.4.33-3.41.1 apache2-prefork-2.4.33-3.41.1 apache2-prefork-debuginfo-2.4.33-3.41.1 apache2-utils-2.4.33-3.41.1 apache2-utils-debuginfo-2.4.33-3.41.1 apache2-worker-2.4.33-3.41.1 apache2-worker-debuginfo-2.4.33-3.41.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): apache2-doc-2.4.33-3.41.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): apache2-2.4.33-3.41.1 apache2-debuginfo-2.4.33-3.41.1 apache2-debugsource-2.4.33-3.41.1 apache2-devel-2.4.33-3.41.1 apache2-prefork-2.4.33-3.41.1 apache2-prefork-debuginfo-2.4.33-3.41.1 apache2-utils-2.4.33-3.41.1 apache2-utils-debuginfo-2.4.33-3.41.1 apache2-worker-2.4.33-3.41.1 apache2-worker-debuginfo-2.4.33-3.41.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): apache2-doc-2.4.33-3.41.1 References: https://www.suse.com/security/cve/CVE-2020-11993.html https://www.suse.com/security/cve/CVE-2020-9490.html https://bugzilla.suse.com/1175070 https://bugzilla.suse.com/1175071 https://bugzilla.suse.com/1178074 From sle-security-updates at lists.suse.com Wed Oct 28 08:19:20 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 15:19:20 +0100 (CET) Subject: SUSE-SU-2020:3071-1: moderate: Security update for spice-gtk Message-ID: <20201028141920.289BDFFAB@maintenance.suse.de> SUSE Security Update: Security update for spice-gtk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3071-1 Rating: moderate References: #1177158 Cross-References: CVE-2020-14355 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice-gtk fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-3071=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3071=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): spice-gtk-debuginfo-0.37-3.3.2 spice-gtk-debugsource-0.37-3.3.2 spice-gtk-devel-0.37-3.3.2 typelib-1_0-SpiceClientGlib-2_0-0.37-3.3.2 typelib-1_0-SpiceClientGtk-3_0-0.37-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libspice-client-glib-2_0-8-0.37-3.3.2 libspice-client-glib-2_0-8-debuginfo-0.37-3.3.2 libspice-client-glib-helper-0.37-3.3.2 libspice-client-glib-helper-debuginfo-0.37-3.3.2 libspice-client-gtk-3_0-5-0.37-3.3.2 libspice-client-gtk-3_0-5-debuginfo-0.37-3.3.2 spice-gtk-debuginfo-0.37-3.3.2 spice-gtk-debugsource-0.37-3.3.2 References: https://www.suse.com/security/cve/CVE-2020-14355.html https://bugzilla.suse.com/1177158 From sle-security-updates at lists.suse.com Wed Oct 28 14:17:58 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Oct 2020 21:17:58 +0100 (CET) Subject: SUSE-SU-2020:3073-1: important: Security update for pacemaker Message-ID: <20201028201758.02FF1FFAB@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3073-1 Rating: important References: #1167171 #1173668 #1175557 #1177916 Cross-References: CVE-2020-25654 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for pacemaker fixes the following issues: - executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916) - extra: add vim modelines to agents - extra: quote shell variables in agent code where appropriate (bsc#1175557) - extra: remove trailing whitespace from agent code - extra: update agent boilerplate (copyright/license notices) - extra: use 4-space indents in resource agent code - extra: use ":=" where appropriate in agent code - fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916) - move bcond_with/without up front for e.g. pcmk_release - pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916) - rpm: add spec option for enabling CIB secrets - rpm: put user-configurable items at top of spec - rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-3073=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.1+20190417.13d370ca9-3.15.1 libpacemaker3-2.0.1+20190417.13d370ca9-3.15.1 libpacemaker3-debuginfo-2.0.1+20190417.13d370ca9-3.15.1 pacemaker-2.0.1+20190417.13d370ca9-3.15.1 pacemaker-cli-2.0.1+20190417.13d370ca9-3.15.1 pacemaker-cli-debuginfo-2.0.1+20190417.13d370ca9-3.15.1 pacemaker-debuginfo-2.0.1+20190417.13d370ca9-3.15.1 pacemaker-debugsource-2.0.1+20190417.13d370ca9-3.15.1 pacemaker-remote-2.0.1+20190417.13d370ca9-3.15.1 pacemaker-remote-debuginfo-2.0.1+20190417.13d370ca9-3.15.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): pacemaker-cts-2.0.1+20190417.13d370ca9-3.15.1 References: https://www.suse.com/security/cve/CVE-2020-25654.html https://bugzilla.suse.com/1167171 https://bugzilla.suse.com/1173668 https://bugzilla.suse.com/1175557 https://bugzilla.suse.com/1177916 From sle-security-updates at lists.suse.com Thu Oct 29 08:21:24 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 15:21:24 +0100 (CET) Subject: SUSE-SU-2020:3084-1: moderate: Security update for spice Message-ID: <20201029142124.1AD8AFFAB@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3084-1 Rating: moderate References: #1177158 Cross-References: CVE-2020-14355 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3084=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3084=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3084=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3084=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3084=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3084=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3084=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3084=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3084=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3084=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3084=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3084=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3084=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libspice-server1-0.12.8-15.1 libspice-server1-debuginfo-0.12.8-15.1 spice-debugsource-0.12.8-15.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libspice-server1-0.12.8-15.1 libspice-server1-debuginfo-0.12.8-15.1 spice-debugsource-0.12.8-15.1 - SUSE OpenStack Cloud 9 (x86_64): libspice-server1-0.12.8-15.1 libspice-server1-debuginfo-0.12.8-15.1 spice-debugsource-0.12.8-15.1 - SUSE OpenStack Cloud 8 (x86_64): libspice-server1-0.12.8-15.1 libspice-server1-debuginfo-0.12.8-15.1 spice-debugsource-0.12.8-15.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.12.8-15.1 spice-debugsource-0.12.8-15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libspice-server1-0.12.8-15.1 libspice-server1-debuginfo-0.12.8-15.1 spice-debugsource-0.12.8-15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libspice-server1-0.12.8-15.1 libspice-server1-debuginfo-0.12.8-15.1 spice-debugsource-0.12.8-15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libspice-server1-0.12.8-15.1 libspice-server1-debuginfo-0.12.8-15.1 spice-debugsource-0.12.8-15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libspice-server1-0.12.8-15.1 libspice-server1-debuginfo-0.12.8-15.1 spice-debugsource-0.12.8-15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libspice-server1-0.12.8-15.1 libspice-server1-debuginfo-0.12.8-15.1 spice-debugsource-0.12.8-15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libspice-server1-0.12.8-15.1 libspice-server1-debuginfo-0.12.8-15.1 spice-debugsource-0.12.8-15.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libspice-server1-0.12.8-15.1 libspice-server1-debuginfo-0.12.8-15.1 spice-debugsource-0.12.8-15.1 - HPE Helion Openstack 8 (x86_64): libspice-server1-0.12.8-15.1 libspice-server1-debuginfo-0.12.8-15.1 spice-debugsource-0.12.8-15.1 References: https://www.suse.com/security/cve/CVE-2020-14355.html https://bugzilla.suse.com/1177158 From sle-security-updates at lists.suse.com Thu Oct 29 08:23:38 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 15:23:38 +0100 (CET) Subject: SUSE-SU-2020:3081-1: important: Security update for samba Message-ID: <20201029142338.B09B1FFAB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3081-1 Rating: important References: #1173902 #1173994 #1177613 Cross-References: CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for samba fixes the following issues: Update to samba 4.11.14 - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). - lib/util: Do not install /usr/bin/test_util - smbd: don't log success as error - idmap_ad does not deal properly with a RFC4511 section 4.4.1 response; - winbind: Fix a memleak - idmap_ad: Pass tldap debug messages on to DEBUG() - lib/replace: Move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE - ctdb disable/enable can fail due to race condition Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-3081=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3081=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-3081=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.11.14+git.202.344b137b75d-4.14.1 samba-ad-dc-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 samba-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 samba-debugsource-4.11.14+git.202.344b137b75d-4.14.1 samba-dsdb-modules-4.11.14+git.202.344b137b75d-4.14.1 samba-dsdb-modules-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.11.14+git.202.344b137b75d-4.14.1 libdcerpc-binding0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libdcerpc-devel-4.11.14+git.202.344b137b75d-4.14.1 libdcerpc-samr-devel-4.11.14+git.202.344b137b75d-4.14.1 libdcerpc-samr0-4.11.14+git.202.344b137b75d-4.14.1 libdcerpc-samr0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libdcerpc0-4.11.14+git.202.344b137b75d-4.14.1 libdcerpc0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libndr-devel-4.11.14+git.202.344b137b75d-4.14.1 libndr-krb5pac-devel-4.11.14+git.202.344b137b75d-4.14.1 libndr-krb5pac0-4.11.14+git.202.344b137b75d-4.14.1 libndr-krb5pac0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libndr-nbt-devel-4.11.14+git.202.344b137b75d-4.14.1 libndr-nbt0-4.11.14+git.202.344b137b75d-4.14.1 libndr-nbt0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libndr-standard-devel-4.11.14+git.202.344b137b75d-4.14.1 libndr-standard0-4.11.14+git.202.344b137b75d-4.14.1 libndr-standard0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libndr0-4.11.14+git.202.344b137b75d-4.14.1 libndr0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libnetapi-devel-4.11.14+git.202.344b137b75d-4.14.1 libnetapi0-4.11.14+git.202.344b137b75d-4.14.1 libnetapi0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsamba-credentials-devel-4.11.14+git.202.344b137b75d-4.14.1 libsamba-credentials0-4.11.14+git.202.344b137b75d-4.14.1 libsamba-credentials0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsamba-errors-devel-4.11.14+git.202.344b137b75d-4.14.1 libsamba-errors0-4.11.14+git.202.344b137b75d-4.14.1 libsamba-errors0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsamba-hostconfig-devel-4.11.14+git.202.344b137b75d-4.14.1 libsamba-hostconfig0-4.11.14+git.202.344b137b75d-4.14.1 libsamba-hostconfig0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsamba-passdb-devel-4.11.14+git.202.344b137b75d-4.14.1 libsamba-passdb0-4.11.14+git.202.344b137b75d-4.14.1 libsamba-passdb0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsamba-policy-devel-4.11.14+git.202.344b137b75d-4.14.1 libsamba-policy-python3-devel-4.11.14+git.202.344b137b75d-4.14.1 libsamba-policy0-python3-4.11.14+git.202.344b137b75d-4.14.1 libsamba-policy0-python3-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsamba-util-devel-4.11.14+git.202.344b137b75d-4.14.1 libsamba-util0-4.11.14+git.202.344b137b75d-4.14.1 libsamba-util0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsamdb-devel-4.11.14+git.202.344b137b75d-4.14.1 libsamdb0-4.11.14+git.202.344b137b75d-4.14.1 libsamdb0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsmbclient-devel-4.11.14+git.202.344b137b75d-4.14.1 libsmbclient0-4.11.14+git.202.344b137b75d-4.14.1 libsmbclient0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsmbconf-devel-4.11.14+git.202.344b137b75d-4.14.1 libsmbconf0-4.11.14+git.202.344b137b75d-4.14.1 libsmbconf0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsmbldap-devel-4.11.14+git.202.344b137b75d-4.14.1 libsmbldap2-4.11.14+git.202.344b137b75d-4.14.1 libsmbldap2-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libtevent-util-devel-4.11.14+git.202.344b137b75d-4.14.1 libtevent-util0-4.11.14+git.202.344b137b75d-4.14.1 libtevent-util0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libwbclient-devel-4.11.14+git.202.344b137b75d-4.14.1 libwbclient0-4.11.14+git.202.344b137b75d-4.14.1 libwbclient0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 samba-4.11.14+git.202.344b137b75d-4.14.1 samba-client-4.11.14+git.202.344b137b75d-4.14.1 samba-client-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 samba-core-devel-4.11.14+git.202.344b137b75d-4.14.1 samba-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 samba-debugsource-4.11.14+git.202.344b137b75d-4.14.1 samba-libs-4.11.14+git.202.344b137b75d-4.14.1 samba-libs-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 samba-libs-python3-4.11.14+git.202.344b137b75d-4.14.1 samba-libs-python3-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 samba-python3-4.11.14+git.202.344b137b75d-4.14.1 samba-python3-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 samba-winbind-4.11.14+git.202.344b137b75d-4.14.1 samba-winbind-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): samba-ceph-4.11.14+git.202.344b137b75d-4.14.1 samba-ceph-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libdcerpc0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libdcerpc0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libndr-krb5pac0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libndr-nbt0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libndr-standard0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libndr-standard0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libndr0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libndr0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libnetapi0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libnetapi0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsamba-credentials0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsamba-errors0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsamba-hostconfig0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsamba-passdb0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsamba-util0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libsamba-util0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsamdb0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libsamdb0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsmbconf0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libsmbconf0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libsmbldap2-32bit-4.11.14+git.202.344b137b75d-4.14.1 libsmbldap2-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libtevent-util0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libtevent-util0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 libwbclient0-32bit-4.11.14+git.202.344b137b75d-4.14.1 libwbclient0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 samba-libs-32bit-4.11.14+git.202.344b137b75d-4.14.1 samba-libs-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 samba-winbind-32bit-4.11.14+git.202.344b137b75d-4.14.1 samba-winbind-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ctdb-4.11.14+git.202.344b137b75d-4.14.1 ctdb-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 samba-debuginfo-4.11.14+git.202.344b137b75d-4.14.1 samba-debugsource-4.11.14+git.202.344b137b75d-4.14.1 References: https://www.suse.com/security/cve/CVE-2020-14318.html https://www.suse.com/security/cve/CVE-2020-14323.html https://www.suse.com/security/cve/CVE-2020-14383.html https://bugzilla.suse.com/1173902 https://bugzilla.suse.com/1173994 https://bugzilla.suse.com/1177613 From sle-security-updates at lists.suse.com Thu Oct 29 08:24:47 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 15:24:47 +0100 (CET) Subject: SUSE-SU-2020:3082-1: important: Security update for samba Message-ID: <20201029142447.1AAB8FFAB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3082-1 Rating: important References: #1173902 #1173994 #1177613 Cross-References: CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3082=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3082=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-3082=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libndr-devel-4.10.18+git.219.1d732314d96-3.20.1 libndr-krb5pac-devel-4.10.18+git.219.1d732314d96-3.20.1 libndr-nbt-devel-4.10.18+git.219.1d732314d96-3.20.1 libndr-standard-devel-4.10.18+git.219.1d732314d96-3.20.1 libsamba-util-devel-4.10.18+git.219.1d732314d96-3.20.1 libsmbclient-devel-4.10.18+git.219.1d732314d96-3.20.1 libwbclient-devel-4.10.18+git.219.1d732314d96-3.20.1 samba-core-devel-4.10.18+git.219.1d732314d96-3.20.1 samba-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 samba-debugsource-4.10.18+git.219.1d732314d96-3.20.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.10.18+git.219.1d732314d96-3.20.1 libdcerpc-binding0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libdcerpc0-4.10.18+git.219.1d732314d96-3.20.1 libdcerpc0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libndr-krb5pac0-4.10.18+git.219.1d732314d96-3.20.1 libndr-krb5pac0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libndr-nbt0-4.10.18+git.219.1d732314d96-3.20.1 libndr-nbt0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libndr-standard0-4.10.18+git.219.1d732314d96-3.20.1 libndr-standard0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libndr0-4.10.18+git.219.1d732314d96-3.20.1 libndr0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libnetapi0-4.10.18+git.219.1d732314d96-3.20.1 libnetapi0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libsamba-credentials0-4.10.18+git.219.1d732314d96-3.20.1 libsamba-credentials0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libsamba-errors0-4.10.18+git.219.1d732314d96-3.20.1 libsamba-errors0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libsamba-hostconfig0-4.10.18+git.219.1d732314d96-3.20.1 libsamba-hostconfig0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libsamba-passdb0-4.10.18+git.219.1d732314d96-3.20.1 libsamba-passdb0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libsamba-util0-4.10.18+git.219.1d732314d96-3.20.1 libsamba-util0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libsamdb0-4.10.18+git.219.1d732314d96-3.20.1 libsamdb0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libsmbclient0-4.10.18+git.219.1d732314d96-3.20.1 libsmbclient0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libsmbconf0-4.10.18+git.219.1d732314d96-3.20.1 libsmbconf0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libsmbldap2-4.10.18+git.219.1d732314d96-3.20.1 libsmbldap2-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libtevent-util0-4.10.18+git.219.1d732314d96-3.20.1 libtevent-util0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 libwbclient0-4.10.18+git.219.1d732314d96-3.20.1 libwbclient0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 samba-4.10.18+git.219.1d732314d96-3.20.1 samba-client-4.10.18+git.219.1d732314d96-3.20.1 samba-client-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 samba-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 samba-debugsource-4.10.18+git.219.1d732314d96-3.20.1 samba-libs-4.10.18+git.219.1d732314d96-3.20.1 samba-libs-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 samba-libs-python3-4.10.18+git.219.1d732314d96-3.20.1 samba-libs-python3-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 samba-winbind-4.10.18+git.219.1d732314d96-3.20.1 samba-winbind-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libdcerpc-binding0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libdcerpc-binding0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libdcerpc0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libdcerpc0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libndr-krb5pac0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libndr-krb5pac0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libndr-nbt0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libndr-nbt0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libndr-standard0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libndr-standard0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libndr0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libndr0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libnetapi0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libnetapi0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsamba-credentials0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsamba-credentials0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsamba-errors0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsamba-errors0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsamba-hostconfig0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsamba-hostconfig0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsamba-passdb0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsamba-passdb0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsamba-util0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsamba-util0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsamdb0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsamdb0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsmbclient0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsmbclient0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsmbconf0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsmbconf0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsmbldap2-32bit-4.10.18+git.219.1d732314d96-3.20.1 libsmbldap2-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libtevent-util0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libtevent-util0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 libwbclient0-32bit-4.10.18+git.219.1d732314d96-3.20.1 libwbclient0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 samba-client-32bit-4.10.18+git.219.1d732314d96-3.20.1 samba-client-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 samba-libs-32bit-4.10.18+git.219.1d732314d96-3.20.1 samba-libs-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 samba-libs-python3-32bit-4.10.18+git.219.1d732314d96-3.20.1 samba-libs-python3-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 samba-winbind-32bit-4.10.18+git.219.1d732314d96-3.20.1 samba-winbind-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.10.18+git.219.1d732314d96-3.20.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.10.18+git.219.1d732314d96-3.20.1 ctdb-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 samba-debuginfo-4.10.18+git.219.1d732314d96-3.20.1 samba-debugsource-4.10.18+git.219.1d732314d96-3.20.1 References: https://www.suse.com/security/cve/CVE-2020-14318.html https://www.suse.com/security/cve/CVE-2020-14323.html https://www.suse.com/security/cve/CVE-2020-14383.html https://bugzilla.suse.com/1173902 https://bugzilla.suse.com/1173994 https://bugzilla.suse.com/1177613 From sle-security-updates at lists.suse.com Thu Oct 29 08:25:57 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 15:25:57 +0100 (CET) Subject: SUSE-SU-2020:3083-1: important: Security update for samba Message-ID: <20201029142557.13D9AFFAB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3083-1 Rating: important References: #1173902 #1173994 Cross-References: CVE-2020-14318 CVE-2020-14323 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3083=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3083=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3083=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3083=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2020-3083=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.39.1 libdcerpc-binding0-4.4.2-38.39.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.39.1 libdcerpc-binding0-debuginfo-4.4.2-38.39.1 libdcerpc0-32bit-4.4.2-38.39.1 libdcerpc0-4.4.2-38.39.1 libdcerpc0-debuginfo-32bit-4.4.2-38.39.1 libdcerpc0-debuginfo-4.4.2-38.39.1 libndr-krb5pac0-32bit-4.4.2-38.39.1 libndr-krb5pac0-4.4.2-38.39.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.39.1 libndr-krb5pac0-debuginfo-4.4.2-38.39.1 libndr-nbt0-32bit-4.4.2-38.39.1 libndr-nbt0-4.4.2-38.39.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.39.1 libndr-nbt0-debuginfo-4.4.2-38.39.1 libndr-standard0-32bit-4.4.2-38.39.1 libndr-standard0-4.4.2-38.39.1 libndr-standard0-debuginfo-32bit-4.4.2-38.39.1 libndr-standard0-debuginfo-4.4.2-38.39.1 libndr0-32bit-4.4.2-38.39.1 libndr0-4.4.2-38.39.1 libndr0-debuginfo-32bit-4.4.2-38.39.1 libndr0-debuginfo-4.4.2-38.39.1 libnetapi0-32bit-4.4.2-38.39.1 libnetapi0-4.4.2-38.39.1 libnetapi0-debuginfo-32bit-4.4.2-38.39.1 libnetapi0-debuginfo-4.4.2-38.39.1 libsamba-credentials0-32bit-4.4.2-38.39.1 libsamba-credentials0-4.4.2-38.39.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.39.1 libsamba-credentials0-debuginfo-4.4.2-38.39.1 libsamba-errors0-32bit-4.4.2-38.39.1 libsamba-errors0-4.4.2-38.39.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.39.1 libsamba-errors0-debuginfo-4.4.2-38.39.1 libsamba-hostconfig0-32bit-4.4.2-38.39.1 libsamba-hostconfig0-4.4.2-38.39.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.39.1 libsamba-hostconfig0-debuginfo-4.4.2-38.39.1 libsamba-passdb0-32bit-4.4.2-38.39.1 libsamba-passdb0-4.4.2-38.39.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.39.1 libsamba-passdb0-debuginfo-4.4.2-38.39.1 libsamba-util0-32bit-4.4.2-38.39.1 libsamba-util0-4.4.2-38.39.1 libsamba-util0-debuginfo-32bit-4.4.2-38.39.1 libsamba-util0-debuginfo-4.4.2-38.39.1 libsamdb0-32bit-4.4.2-38.39.1 libsamdb0-4.4.2-38.39.1 libsamdb0-debuginfo-32bit-4.4.2-38.39.1 libsamdb0-debuginfo-4.4.2-38.39.1 libsmbclient0-32bit-4.4.2-38.39.1 libsmbclient0-4.4.2-38.39.1 libsmbclient0-debuginfo-32bit-4.4.2-38.39.1 libsmbclient0-debuginfo-4.4.2-38.39.1 libsmbconf0-32bit-4.4.2-38.39.1 libsmbconf0-4.4.2-38.39.1 libsmbconf0-debuginfo-32bit-4.4.2-38.39.1 libsmbconf0-debuginfo-4.4.2-38.39.1 libsmbldap0-32bit-4.4.2-38.39.1 libsmbldap0-4.4.2-38.39.1 libsmbldap0-debuginfo-32bit-4.4.2-38.39.1 libsmbldap0-debuginfo-4.4.2-38.39.1 libtevent-util0-32bit-4.4.2-38.39.1 libtevent-util0-4.4.2-38.39.1 libtevent-util0-debuginfo-32bit-4.4.2-38.39.1 libtevent-util0-debuginfo-4.4.2-38.39.1 libwbclient0-32bit-4.4.2-38.39.1 libwbclient0-4.4.2-38.39.1 libwbclient0-debuginfo-32bit-4.4.2-38.39.1 libwbclient0-debuginfo-4.4.2-38.39.1 samba-4.4.2-38.39.1 samba-client-32bit-4.4.2-38.39.1 samba-client-4.4.2-38.39.1 samba-client-debuginfo-32bit-4.4.2-38.39.1 samba-client-debuginfo-4.4.2-38.39.1 samba-debuginfo-4.4.2-38.39.1 samba-debugsource-4.4.2-38.39.1 samba-libs-32bit-4.4.2-38.39.1 samba-libs-4.4.2-38.39.1 samba-libs-debuginfo-32bit-4.4.2-38.39.1 samba-libs-debuginfo-4.4.2-38.39.1 samba-winbind-32bit-4.4.2-38.39.1 samba-winbind-4.4.2-38.39.1 samba-winbind-debuginfo-32bit-4.4.2-38.39.1 samba-winbind-debuginfo-4.4.2-38.39.1 - SUSE OpenStack Cloud 7 (noarch): samba-doc-4.4.2-38.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libdcerpc-binding0-4.4.2-38.39.1 libdcerpc-binding0-debuginfo-4.4.2-38.39.1 libdcerpc0-4.4.2-38.39.1 libdcerpc0-debuginfo-4.4.2-38.39.1 libndr-krb5pac0-4.4.2-38.39.1 libndr-krb5pac0-debuginfo-4.4.2-38.39.1 libndr-nbt0-4.4.2-38.39.1 libndr-nbt0-debuginfo-4.4.2-38.39.1 libndr-standard0-4.4.2-38.39.1 libndr-standard0-debuginfo-4.4.2-38.39.1 libndr0-4.4.2-38.39.1 libndr0-debuginfo-4.4.2-38.39.1 libnetapi0-4.4.2-38.39.1 libnetapi0-debuginfo-4.4.2-38.39.1 libsamba-credentials0-4.4.2-38.39.1 libsamba-credentials0-debuginfo-4.4.2-38.39.1 libsamba-errors0-4.4.2-38.39.1 libsamba-errors0-debuginfo-4.4.2-38.39.1 libsamba-hostconfig0-4.4.2-38.39.1 libsamba-hostconfig0-debuginfo-4.4.2-38.39.1 libsamba-passdb0-4.4.2-38.39.1 libsamba-passdb0-debuginfo-4.4.2-38.39.1 libsamba-util0-4.4.2-38.39.1 libsamba-util0-debuginfo-4.4.2-38.39.1 libsamdb0-4.4.2-38.39.1 libsamdb0-debuginfo-4.4.2-38.39.1 libsmbclient0-4.4.2-38.39.1 libsmbclient0-debuginfo-4.4.2-38.39.1 libsmbconf0-4.4.2-38.39.1 libsmbconf0-debuginfo-4.4.2-38.39.1 libsmbldap0-4.4.2-38.39.1 libsmbldap0-debuginfo-4.4.2-38.39.1 libtevent-util0-4.4.2-38.39.1 libtevent-util0-debuginfo-4.4.2-38.39.1 libwbclient0-4.4.2-38.39.1 libwbclient0-debuginfo-4.4.2-38.39.1 samba-4.4.2-38.39.1 samba-client-4.4.2-38.39.1 samba-client-debuginfo-4.4.2-38.39.1 samba-debuginfo-4.4.2-38.39.1 samba-debugsource-4.4.2-38.39.1 samba-libs-4.4.2-38.39.1 samba-libs-debuginfo-4.4.2-38.39.1 samba-winbind-4.4.2-38.39.1 samba-winbind-debuginfo-4.4.2-38.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.39.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.39.1 libdcerpc0-32bit-4.4.2-38.39.1 libdcerpc0-debuginfo-32bit-4.4.2-38.39.1 libndr-krb5pac0-32bit-4.4.2-38.39.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.39.1 libndr-nbt0-32bit-4.4.2-38.39.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.39.1 libndr-standard0-32bit-4.4.2-38.39.1 libndr-standard0-debuginfo-32bit-4.4.2-38.39.1 libndr0-32bit-4.4.2-38.39.1 libndr0-debuginfo-32bit-4.4.2-38.39.1 libnetapi0-32bit-4.4.2-38.39.1 libnetapi0-debuginfo-32bit-4.4.2-38.39.1 libsamba-credentials0-32bit-4.4.2-38.39.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.39.1 libsamba-errors0-32bit-4.4.2-38.39.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.39.1 libsamba-hostconfig0-32bit-4.4.2-38.39.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.39.1 libsamba-passdb0-32bit-4.4.2-38.39.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.39.1 libsamba-util0-32bit-4.4.2-38.39.1 libsamba-util0-debuginfo-32bit-4.4.2-38.39.1 libsamdb0-32bit-4.4.2-38.39.1 libsamdb0-debuginfo-32bit-4.4.2-38.39.1 libsmbclient0-32bit-4.4.2-38.39.1 libsmbclient0-debuginfo-32bit-4.4.2-38.39.1 libsmbconf0-32bit-4.4.2-38.39.1 libsmbconf0-debuginfo-32bit-4.4.2-38.39.1 libsmbldap0-32bit-4.4.2-38.39.1 libsmbldap0-debuginfo-32bit-4.4.2-38.39.1 libtevent-util0-32bit-4.4.2-38.39.1 libtevent-util0-debuginfo-32bit-4.4.2-38.39.1 libwbclient0-32bit-4.4.2-38.39.1 libwbclient0-debuginfo-32bit-4.4.2-38.39.1 samba-client-32bit-4.4.2-38.39.1 samba-client-debuginfo-32bit-4.4.2-38.39.1 samba-libs-32bit-4.4.2-38.39.1 samba-libs-debuginfo-32bit-4.4.2-38.39.1 samba-winbind-32bit-4.4.2-38.39.1 samba-winbind-debuginfo-32bit-4.4.2-38.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): samba-doc-4.4.2-38.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libdcerpc-binding0-4.4.2-38.39.1 libdcerpc-binding0-debuginfo-4.4.2-38.39.1 libdcerpc0-4.4.2-38.39.1 libdcerpc0-debuginfo-4.4.2-38.39.1 libndr-krb5pac0-4.4.2-38.39.1 libndr-krb5pac0-debuginfo-4.4.2-38.39.1 libndr-nbt0-4.4.2-38.39.1 libndr-nbt0-debuginfo-4.4.2-38.39.1 libndr-standard0-4.4.2-38.39.1 libndr-standard0-debuginfo-4.4.2-38.39.1 libndr0-4.4.2-38.39.1 libndr0-debuginfo-4.4.2-38.39.1 libnetapi0-4.4.2-38.39.1 libnetapi0-debuginfo-4.4.2-38.39.1 libsamba-credentials0-4.4.2-38.39.1 libsamba-credentials0-debuginfo-4.4.2-38.39.1 libsamba-errors0-4.4.2-38.39.1 libsamba-errors0-debuginfo-4.4.2-38.39.1 libsamba-hostconfig0-4.4.2-38.39.1 libsamba-hostconfig0-debuginfo-4.4.2-38.39.1 libsamba-passdb0-4.4.2-38.39.1 libsamba-passdb0-debuginfo-4.4.2-38.39.1 libsamba-util0-4.4.2-38.39.1 libsamba-util0-debuginfo-4.4.2-38.39.1 libsamdb0-4.4.2-38.39.1 libsamdb0-debuginfo-4.4.2-38.39.1 libsmbclient0-4.4.2-38.39.1 libsmbclient0-debuginfo-4.4.2-38.39.1 libsmbconf0-4.4.2-38.39.1 libsmbconf0-debuginfo-4.4.2-38.39.1 libsmbldap0-4.4.2-38.39.1 libsmbldap0-debuginfo-4.4.2-38.39.1 libtevent-util0-4.4.2-38.39.1 libtevent-util0-debuginfo-4.4.2-38.39.1 libwbclient0-4.4.2-38.39.1 libwbclient0-debuginfo-4.4.2-38.39.1 samba-4.4.2-38.39.1 samba-client-4.4.2-38.39.1 samba-client-debuginfo-4.4.2-38.39.1 samba-debuginfo-4.4.2-38.39.1 samba-debugsource-4.4.2-38.39.1 samba-libs-4.4.2-38.39.1 samba-libs-debuginfo-4.4.2-38.39.1 samba-winbind-4.4.2-38.39.1 samba-winbind-debuginfo-4.4.2-38.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.39.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.39.1 libdcerpc0-32bit-4.4.2-38.39.1 libdcerpc0-debuginfo-32bit-4.4.2-38.39.1 libndr-krb5pac0-32bit-4.4.2-38.39.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.39.1 libndr-nbt0-32bit-4.4.2-38.39.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.39.1 libndr-standard0-32bit-4.4.2-38.39.1 libndr-standard0-debuginfo-32bit-4.4.2-38.39.1 libndr0-32bit-4.4.2-38.39.1 libndr0-debuginfo-32bit-4.4.2-38.39.1 libnetapi0-32bit-4.4.2-38.39.1 libnetapi0-debuginfo-32bit-4.4.2-38.39.1 libsamba-credentials0-32bit-4.4.2-38.39.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.39.1 libsamba-errors0-32bit-4.4.2-38.39.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.39.1 libsamba-hostconfig0-32bit-4.4.2-38.39.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.39.1 libsamba-passdb0-32bit-4.4.2-38.39.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.39.1 libsamba-util0-32bit-4.4.2-38.39.1 libsamba-util0-debuginfo-32bit-4.4.2-38.39.1 libsamdb0-32bit-4.4.2-38.39.1 libsamdb0-debuginfo-32bit-4.4.2-38.39.1 libsmbclient0-32bit-4.4.2-38.39.1 libsmbclient0-debuginfo-32bit-4.4.2-38.39.1 libsmbconf0-32bit-4.4.2-38.39.1 libsmbconf0-debuginfo-32bit-4.4.2-38.39.1 libsmbldap0-32bit-4.4.2-38.39.1 libsmbldap0-debuginfo-32bit-4.4.2-38.39.1 libtevent-util0-32bit-4.4.2-38.39.1 libtevent-util0-debuginfo-32bit-4.4.2-38.39.1 libwbclient0-32bit-4.4.2-38.39.1 libwbclient0-debuginfo-32bit-4.4.2-38.39.1 samba-client-32bit-4.4.2-38.39.1 samba-client-debuginfo-32bit-4.4.2-38.39.1 samba-libs-32bit-4.4.2-38.39.1 samba-libs-debuginfo-32bit-4.4.2-38.39.1 samba-winbind-32bit-4.4.2-38.39.1 samba-winbind-debuginfo-32bit-4.4.2-38.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): samba-doc-4.4.2-38.39.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-binding0-32bit-4.4.2-38.39.1 libdcerpc-binding0-4.4.2-38.39.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.39.1 libdcerpc-binding0-debuginfo-4.4.2-38.39.1 libdcerpc0-32bit-4.4.2-38.39.1 libdcerpc0-4.4.2-38.39.1 libdcerpc0-debuginfo-32bit-4.4.2-38.39.1 libdcerpc0-debuginfo-4.4.2-38.39.1 libndr-krb5pac0-32bit-4.4.2-38.39.1 libndr-krb5pac0-4.4.2-38.39.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.39.1 libndr-krb5pac0-debuginfo-4.4.2-38.39.1 libndr-nbt0-32bit-4.4.2-38.39.1 libndr-nbt0-4.4.2-38.39.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.39.1 libndr-nbt0-debuginfo-4.4.2-38.39.1 libndr-standard0-32bit-4.4.2-38.39.1 libndr-standard0-4.4.2-38.39.1 libndr-standard0-debuginfo-32bit-4.4.2-38.39.1 libndr-standard0-debuginfo-4.4.2-38.39.1 libndr0-32bit-4.4.2-38.39.1 libndr0-4.4.2-38.39.1 libndr0-debuginfo-32bit-4.4.2-38.39.1 libndr0-debuginfo-4.4.2-38.39.1 libnetapi0-32bit-4.4.2-38.39.1 libnetapi0-4.4.2-38.39.1 libnetapi0-debuginfo-32bit-4.4.2-38.39.1 libnetapi0-debuginfo-4.4.2-38.39.1 libsamba-credentials0-32bit-4.4.2-38.39.1 libsamba-credentials0-4.4.2-38.39.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.39.1 libsamba-credentials0-debuginfo-4.4.2-38.39.1 libsamba-errors0-32bit-4.4.2-38.39.1 libsamba-errors0-4.4.2-38.39.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.39.1 libsamba-errors0-debuginfo-4.4.2-38.39.1 libsamba-hostconfig0-32bit-4.4.2-38.39.1 libsamba-hostconfig0-4.4.2-38.39.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.39.1 libsamba-hostconfig0-debuginfo-4.4.2-38.39.1 libsamba-passdb0-32bit-4.4.2-38.39.1 libsamba-passdb0-4.4.2-38.39.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.39.1 libsamba-passdb0-debuginfo-4.4.2-38.39.1 libsamba-util0-32bit-4.4.2-38.39.1 libsamba-util0-4.4.2-38.39.1 libsamba-util0-debuginfo-32bit-4.4.2-38.39.1 libsamba-util0-debuginfo-4.4.2-38.39.1 libsamdb0-32bit-4.4.2-38.39.1 libsamdb0-4.4.2-38.39.1 libsamdb0-debuginfo-32bit-4.4.2-38.39.1 libsamdb0-debuginfo-4.4.2-38.39.1 libsmbclient0-32bit-4.4.2-38.39.1 libsmbclient0-4.4.2-38.39.1 libsmbclient0-debuginfo-32bit-4.4.2-38.39.1 libsmbclient0-debuginfo-4.4.2-38.39.1 libsmbconf0-32bit-4.4.2-38.39.1 libsmbconf0-4.4.2-38.39.1 libsmbconf0-debuginfo-32bit-4.4.2-38.39.1 libsmbconf0-debuginfo-4.4.2-38.39.1 libsmbldap0-32bit-4.4.2-38.39.1 libsmbldap0-4.4.2-38.39.1 libsmbldap0-debuginfo-32bit-4.4.2-38.39.1 libsmbldap0-debuginfo-4.4.2-38.39.1 libtevent-util0-32bit-4.4.2-38.39.1 libtevent-util0-4.4.2-38.39.1 libtevent-util0-debuginfo-32bit-4.4.2-38.39.1 libtevent-util0-debuginfo-4.4.2-38.39.1 libwbclient0-32bit-4.4.2-38.39.1 libwbclient0-4.4.2-38.39.1 libwbclient0-debuginfo-32bit-4.4.2-38.39.1 libwbclient0-debuginfo-4.4.2-38.39.1 samba-4.4.2-38.39.1 samba-client-32bit-4.4.2-38.39.1 samba-client-4.4.2-38.39.1 samba-client-debuginfo-32bit-4.4.2-38.39.1 samba-client-debuginfo-4.4.2-38.39.1 samba-debuginfo-4.4.2-38.39.1 samba-debugsource-4.4.2-38.39.1 samba-libs-32bit-4.4.2-38.39.1 samba-libs-4.4.2-38.39.1 samba-libs-debuginfo-32bit-4.4.2-38.39.1 samba-libs-debuginfo-4.4.2-38.39.1 samba-winbind-32bit-4.4.2-38.39.1 samba-winbind-4.4.2-38.39.1 samba-winbind-debuginfo-32bit-4.4.2-38.39.1 samba-winbind-debuginfo-4.4.2-38.39.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): samba-doc-4.4.2-38.39.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ctdb-4.4.2-38.39.1 ctdb-debuginfo-4.4.2-38.39.1 samba-debuginfo-4.4.2-38.39.1 samba-debugsource-4.4.2-38.39.1 References: https://www.suse.com/security/cve/CVE-2020-14318.html https://www.suse.com/security/cve/CVE-2020-14323.html https://bugzilla.suse.com/1173902 https://bugzilla.suse.com/1173994 From sle-security-updates at lists.suse.com Thu Oct 29 08:29:09 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 15:29:09 +0100 (CET) Subject: SUSE-SU-2020:3085-1: moderate: Security update for spice-gtk Message-ID: <20201029142909.35219FFAB@maintenance.suse.de> SUSE Security Update: Security update for spice-gtk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3085-1 Rating: moderate References: #1177158 Cross-References: CVE-2020-14355 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice-gtk fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3085=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3085=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3085=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3085=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3085=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3085=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3085=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3085=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3085=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3085=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3085=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3085=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3085=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libspice-client-glib-2_0-8-0.33-3.9.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.9.1 libspice-client-glib-helper-0.33-3.9.1 libspice-client-glib-helper-debuginfo-0.33-3.9.1 libspice-client-gtk-3_0-5-0.33-3.9.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.9.1 libspice-controller0-0.33-3.9.1 libspice-controller0-debuginfo-0.33-3.9.1 spice-gtk-debuginfo-0.33-3.9.1 spice-gtk-debugsource-0.33-3.9.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.9.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libspice-client-glib-2_0-8-0.33-3.9.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.9.1 libspice-client-glib-helper-0.33-3.9.1 libspice-client-glib-helper-debuginfo-0.33-3.9.1 libspice-client-gtk-3_0-5-0.33-3.9.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.9.1 libspice-controller0-0.33-3.9.1 libspice-controller0-debuginfo-0.33-3.9.1 spice-gtk-debuginfo-0.33-3.9.1 spice-gtk-debugsource-0.33-3.9.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.9.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1 - SUSE OpenStack Cloud 9 (x86_64): libspice-client-glib-2_0-8-0.33-3.9.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.9.1 libspice-client-glib-helper-0.33-3.9.1 libspice-client-glib-helper-debuginfo-0.33-3.9.1 libspice-client-gtk-3_0-5-0.33-3.9.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.9.1 libspice-controller0-0.33-3.9.1 libspice-controller0-debuginfo-0.33-3.9.1 spice-gtk-debuginfo-0.33-3.9.1 spice-gtk-debugsource-0.33-3.9.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.9.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1 - SUSE OpenStack Cloud 8 (x86_64): libspice-client-glib-2_0-8-0.33-3.9.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.9.1 libspice-client-glib-helper-0.33-3.9.1 libspice-client-glib-helper-debuginfo-0.33-3.9.1 libspice-client-gtk-3_0-5-0.33-3.9.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.9.1 libspice-controller0-0.33-3.9.1 libspice-controller0-debuginfo-0.33-3.9.1 spice-gtk-debuginfo-0.33-3.9.1 spice-gtk-debugsource-0.33-3.9.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.9.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): spice-gtk-debuginfo-0.33-3.9.1 spice-gtk-debugsource-0.33-3.9.1 spice-gtk-devel-0.33-3.9.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libspice-client-glib-2_0-8-0.33-3.9.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.9.1 libspice-client-glib-helper-0.33-3.9.1 libspice-client-glib-helper-debuginfo-0.33-3.9.1 libspice-client-gtk-3_0-5-0.33-3.9.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.9.1 libspice-controller0-0.33-3.9.1 libspice-controller0-debuginfo-0.33-3.9.1 spice-gtk-debuginfo-0.33-3.9.1 spice-gtk-debugsource-0.33-3.9.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.9.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libspice-client-glib-2_0-8-0.33-3.9.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.9.1 libspice-client-glib-helper-0.33-3.9.1 libspice-client-glib-helper-debuginfo-0.33-3.9.1 libspice-client-gtk-3_0-5-0.33-3.9.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.9.1 libspice-controller0-0.33-3.9.1 libspice-controller0-debuginfo-0.33-3.9.1 spice-gtk-debuginfo-0.33-3.9.1 spice-gtk-debugsource-0.33-3.9.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.9.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libspice-client-glib-2_0-8-0.33-3.9.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.9.1 libspice-client-glib-helper-0.33-3.9.1 libspice-client-glib-helper-debuginfo-0.33-3.9.1 libspice-client-gtk-3_0-5-0.33-3.9.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.9.1 libspice-controller0-0.33-3.9.1 libspice-controller0-debuginfo-0.33-3.9.1 spice-gtk-debuginfo-0.33-3.9.1 spice-gtk-debugsource-0.33-3.9.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.9.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libspice-client-glib-2_0-8-0.33-3.9.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.9.1 libspice-client-glib-helper-0.33-3.9.1 libspice-client-glib-helper-debuginfo-0.33-3.9.1 libspice-client-gtk-3_0-5-0.33-3.9.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.9.1 libspice-controller0-0.33-3.9.1 libspice-controller0-debuginfo-0.33-3.9.1 spice-gtk-debuginfo-0.33-3.9.1 spice-gtk-debugsource-0.33-3.9.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.9.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libspice-client-glib-2_0-8-0.33-3.9.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.9.1 libspice-client-glib-helper-0.33-3.9.1 libspice-client-glib-helper-debuginfo-0.33-3.9.1 libspice-client-gtk-3_0-5-0.33-3.9.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.9.1 libspice-controller0-0.33-3.9.1 libspice-controller0-debuginfo-0.33-3.9.1 spice-gtk-debuginfo-0.33-3.9.1 spice-gtk-debugsource-0.33-3.9.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.9.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libspice-client-glib-2_0-8-0.33-3.9.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.9.1 libspice-client-glib-helper-0.33-3.9.1 libspice-client-glib-helper-debuginfo-0.33-3.9.1 libspice-client-gtk-3_0-5-0.33-3.9.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.9.1 libspice-controller0-0.33-3.9.1 libspice-controller0-debuginfo-0.33-3.9.1 spice-gtk-debuginfo-0.33-3.9.1 spice-gtk-debugsource-0.33-3.9.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.9.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libspice-client-glib-2_0-8-0.33-3.9.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.9.1 libspice-client-glib-helper-0.33-3.9.1 libspice-client-glib-helper-debuginfo-0.33-3.9.1 libspice-client-gtk-3_0-5-0.33-3.9.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.9.1 libspice-controller0-0.33-3.9.1 libspice-controller0-debuginfo-0.33-3.9.1 spice-gtk-debuginfo-0.33-3.9.1 spice-gtk-debugsource-0.33-3.9.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.9.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1 - HPE Helion Openstack 8 (x86_64): libspice-client-glib-2_0-8-0.33-3.9.1 libspice-client-glib-2_0-8-debuginfo-0.33-3.9.1 libspice-client-glib-helper-0.33-3.9.1 libspice-client-glib-helper-debuginfo-0.33-3.9.1 libspice-client-gtk-3_0-5-0.33-3.9.1 libspice-client-gtk-3_0-5-debuginfo-0.33-3.9.1 libspice-controller0-0.33-3.9.1 libspice-controller0-debuginfo-0.33-3.9.1 spice-gtk-debuginfo-0.33-3.9.1 spice-gtk-debugsource-0.33-3.9.1 typelib-1_0-SpiceClientGlib-2_0-0.33-3.9.1 typelib-1_0-SpiceClientGtk-3_0-0.33-3.9.1 References: https://www.suse.com/security/cve/CVE-2020-14355.html https://bugzilla.suse.com/1177158 From sle-security-updates at lists.suse.com Thu Oct 29 08:30:11 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 15:30:11 +0100 (CET) Subject: SUSE-SU-2020:3080-1: important: Security update for pacemaker Message-ID: <20201029143011.E7FA5FFAB@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3080-1 Rating: important References: #1167171 #1173668 #1175557 #1177916 Cross-References: CVE-2020-25654 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for pacemaker fixes the following issues: - attrd: handle shutdown more cleanly (bsc#1173668) - executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916) - extra: quote shell variables in agent code where appropriate (bsc#1175557) - fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916) - Fixes for %_libexecdir changing to /usr/libexec - move bcond_with/without up front for e.g. pcmk_release - pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916) - resources: use ocf_is_true in SysInfo - rpm: add spec option for enabling CIB secrets - rpm: put user-configurable items at top of spec - rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-3080=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.18+20180430.b12c320f5-3.27.1 libpacemaker3-1.1.18+20180430.b12c320f5-3.27.1 libpacemaker3-debuginfo-1.1.18+20180430.b12c320f5-3.27.1 pacemaker-1.1.18+20180430.b12c320f5-3.27.1 pacemaker-cli-1.1.18+20180430.b12c320f5-3.27.1 pacemaker-cli-debuginfo-1.1.18+20180430.b12c320f5-3.27.1 pacemaker-debuginfo-1.1.18+20180430.b12c320f5-3.27.1 pacemaker-debugsource-1.1.18+20180430.b12c320f5-3.27.1 pacemaker-remote-1.1.18+20180430.b12c320f5-3.27.1 pacemaker-remote-debuginfo-1.1.18+20180430.b12c320f5-3.27.1 - SUSE Linux Enterprise High Availability 15 (noarch): pacemaker-cts-1.1.18+20180430.b12c320f5-3.27.1 References: https://www.suse.com/security/cve/CVE-2020-25654.html https://bugzilla.suse.com/1167171 https://bugzilla.suse.com/1173668 https://bugzilla.suse.com/1175557 https://bugzilla.suse.com/1177916 From sle-security-updates at lists.suse.com Thu Oct 29 11:14:59 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 18:14:59 +0100 (CET) Subject: SUSE-SU-2020:3087-1: important: Security update for samba Message-ID: <20201029171459.DE139FFAB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3087-1 Rating: important References: #1173902 #1173994 #1177613 Cross-References: CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3087=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3087=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3087=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3087=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-3087=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libdcerpc-binding0-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-binding0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-samr-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-samr0-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-samr0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-policy-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-policy0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-core-devel-4.7.11+git.280.25dfd9a947d-4.51.1 samba-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-debugsource-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libdcerpc-binding0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libdcerpc-binding0-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-binding0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-samr-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-samr0-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-samr0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-policy-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-policy0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-core-devel-4.7.11+git.280.25dfd9a947d-4.51.1 samba-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-debugsource-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-binding0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-samr-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-samr0-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-samr0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-policy-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-policy0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-core-devel-4.7.11+git.280.25dfd9a947d-4.51.1 samba-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-debugsource-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-binding0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-samr-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-samr0-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-samr0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-policy-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-policy0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient-devel-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-core-devel-4.7.11+git.280.25dfd9a947d-4.51.1 samba-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-debugsource-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libdcerpc0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libndr-standard0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libndr0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libnetapi0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamba-util0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsamdb0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbclient0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbconf0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libsmbldap2-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libtevent-util0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 libwbclient0-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 samba-client-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 samba-libs-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-32bit-4.7.11+git.280.25dfd9a947d-4.51.1 samba-winbind-32bit-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ctdb-4.7.11+git.280.25dfd9a947d-4.51.1 ctdb-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1 samba-debugsource-4.7.11+git.280.25dfd9a947d-4.51.1 References: https://www.suse.com/security/cve/CVE-2020-14318.html https://www.suse.com/security/cve/CVE-2020-14323.html https://www.suse.com/security/cve/CVE-2020-14383.html https://bugzilla.suse.com/1173902 https://bugzilla.suse.com/1173994 https://bugzilla.suse.com/1177613 From sle-security-updates at lists.suse.com Thu Oct 29 11:16:08 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 18:16:08 +0100 (CET) Subject: SUSE-SU-2020:3086-1: important: Security update for pacemaker Message-ID: <20201029171608.2ED56FFAB@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3086-1 Rating: important References: #1167171 #1173668 #1175557 #1177916 Cross-References: CVE-2020-25654 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for pacemaker fixes the following issues: - attrd: handle shutdown more cleanly (bsc#1173668) - executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916) - extra: quote shell variables in agent code where appropriate (bsc#1175557) - fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916) - Fixes for %_libexecdir changing to /usr/libexec - pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916) - resources: use ocf_is_true in SysInfo - rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3086=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-3086=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.23+20200622.28dd98fad-3.9.2 pacemaker-cts-1.1.23+20200622.28dd98fad-3.9.2 pacemaker-cts-debuginfo-1.1.23+20200622.28dd98fad-3.9.2 pacemaker-debuginfo-1.1.23+20200622.28dd98fad-3.9.2 pacemaker-debugsource-1.1.23+20200622.28dd98fad-3.9.2 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): libpacemaker3-1.1.23+20200622.28dd98fad-3.9.2 libpacemaker3-debuginfo-1.1.23+20200622.28dd98fad-3.9.2 pacemaker-1.1.23+20200622.28dd98fad-3.9.2 pacemaker-cli-1.1.23+20200622.28dd98fad-3.9.2 pacemaker-cli-debuginfo-1.1.23+20200622.28dd98fad-3.9.2 pacemaker-cts-1.1.23+20200622.28dd98fad-3.9.2 pacemaker-cts-debuginfo-1.1.23+20200622.28dd98fad-3.9.2 pacemaker-debuginfo-1.1.23+20200622.28dd98fad-3.9.2 pacemaker-debugsource-1.1.23+20200622.28dd98fad-3.9.2 pacemaker-remote-1.1.23+20200622.28dd98fad-3.9.2 pacemaker-remote-debuginfo-1.1.23+20200622.28dd98fad-3.9.2 References: https://www.suse.com/security/cve/CVE-2020-25654.html https://bugzilla.suse.com/1167171 https://bugzilla.suse.com/1173668 https://bugzilla.suse.com/1175557 https://bugzilla.suse.com/1177916 From sle-security-updates at lists.suse.com Thu Oct 29 11:17:21 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 18:17:21 +0100 (CET) Subject: SUSE-SU-2020:3089-1: important: Security update for pacemaker Message-ID: <20201029171721.E12E5FFAB@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3089-1 Rating: important References: #1167171 #1173668 #1175557 #1177916 Cross-References: CVE-2020-25654 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for pacemaker fixes the following issues: - attrd: handle shutdown more cleanly (bsc#1173668) - executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916) - extra: quote shell variables in agent code where appropriate (bsc#1175557) - fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916) - Fixes for %_libexecdir changing to /usr/libexec - pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916) - resources: use ocf_is_true in SysInfo - rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-3089=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libpacemaker3-1.1.19+20181105.ccd6b5b10-3.22.1 libpacemaker3-debuginfo-1.1.19+20181105.ccd6b5b10-3.22.1 pacemaker-1.1.19+20181105.ccd6b5b10-3.22.1 pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.22.1 pacemaker-cli-debuginfo-1.1.19+20181105.ccd6b5b10-3.22.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.22.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.22.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.22.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.22.1 pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.22.1 pacemaker-remote-debuginfo-1.1.19+20181105.ccd6b5b10-3.22.1 References: https://www.suse.com/security/cve/CVE-2020-25654.html https://bugzilla.suse.com/1167171 https://bugzilla.suse.com/1173668 https://bugzilla.suse.com/1175557 https://bugzilla.suse.com/1177916 From sle-security-updates at lists.suse.com Thu Oct 29 11:18:37 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 18:18:37 +0100 (CET) Subject: SUSE-SU-2020:3088-1: important: Security update for xen Message-ID: <20201029171837.DD4B8FFAB@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3088-1 Rating: important References: #1177409 #1177412 #1177413 #1177414 Cross-References: CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27673 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3088=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3088=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3088=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3088=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_10-2.39.2 xen-debugsource-4.11.4_10-2.39.2 xen-doc-html-4.11.4_10-2.39.2 xen-libs-32bit-4.11.4_10-2.39.2 xen-libs-4.11.4_10-2.39.2 xen-libs-debuginfo-32bit-4.11.4_10-2.39.2 xen-libs-debuginfo-4.11.4_10-2.39.2 xen-tools-4.11.4_10-2.39.2 xen-tools-debuginfo-4.11.4_10-2.39.2 xen-tools-domU-4.11.4_10-2.39.2 xen-tools-domU-debuginfo-4.11.4_10-2.39.2 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_10-2.39.2 xen-debugsource-4.11.4_10-2.39.2 xen-doc-html-4.11.4_10-2.39.2 xen-libs-32bit-4.11.4_10-2.39.2 xen-libs-4.11.4_10-2.39.2 xen-libs-debuginfo-32bit-4.11.4_10-2.39.2 xen-libs-debuginfo-4.11.4_10-2.39.2 xen-tools-4.11.4_10-2.39.2 xen-tools-debuginfo-4.11.4_10-2.39.2 xen-tools-domU-4.11.4_10-2.39.2 xen-tools-domU-debuginfo-4.11.4_10-2.39.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_10-2.39.2 xen-debugsource-4.11.4_10-2.39.2 xen-doc-html-4.11.4_10-2.39.2 xen-libs-32bit-4.11.4_10-2.39.2 xen-libs-4.11.4_10-2.39.2 xen-libs-debuginfo-32bit-4.11.4_10-2.39.2 xen-libs-debuginfo-4.11.4_10-2.39.2 xen-tools-4.11.4_10-2.39.2 xen-tools-debuginfo-4.11.4_10-2.39.2 xen-tools-domU-4.11.4_10-2.39.2 xen-tools-domU-debuginfo-4.11.4_10-2.39.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_10-2.39.2 xen-debugsource-4.11.4_10-2.39.2 xen-doc-html-4.11.4_10-2.39.2 xen-libs-32bit-4.11.4_10-2.39.2 xen-libs-4.11.4_10-2.39.2 xen-libs-debuginfo-32bit-4.11.4_10-2.39.2 xen-libs-debuginfo-4.11.4_10-2.39.2 xen-tools-4.11.4_10-2.39.2 xen-tools-debuginfo-4.11.4_10-2.39.2 xen-tools-domU-4.11.4_10-2.39.2 xen-tools-domU-debuginfo-4.11.4_10-2.39.2 References: https://www.suse.com/security/cve/CVE-2020-27670.html https://www.suse.com/security/cve/CVE-2020-27671.html https://www.suse.com/security/cve/CVE-2020-27672.html https://www.suse.com/security/cve/CVE-2020-27673.html https://bugzilla.suse.com/1177409 https://bugzilla.suse.com/1177412 https://bugzilla.suse.com/1177413 https://bugzilla.suse.com/1177414 From sle-security-updates at lists.suse.com Thu Oct 29 11:19:53 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 18:19:53 +0100 (CET) Subject: SUSE-SU-2020:3090-1: Security update for graphviz Message-ID: <20201029171953.11071FFAB@maintenance.suse.de> SUSE Security Update: Security update for graphviz ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3090-1 Rating: low References: #1093447 Cross-References: CVE-2018-10196 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphviz fixes the following issues: - CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3090=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3090=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-3090=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-3090=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-3090=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): graphviz-debuginfo-2.28.0-29.3.8 graphviz-debugsource-2.28.0-29.3.8 graphviz-devel-2.28.0-29.3.8 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): graphviz-2.28.0-29.3.8 graphviz-debuginfo-2.28.0-29.3.8 graphviz-debugsource-2.28.0-29.3.8 graphviz-gd-2.28.0-29.3.17 graphviz-gd-debuginfo-2.28.0-29.3.17 graphviz-gnome-2.28.0-29.3.17 graphviz-gnome-debuginfo-2.28.0-29.3.17 graphviz-plugins-debugsource-2.28.0-29.3.17 graphviz-tcl-2.28.0-29.3.17 graphviz-tcl-debuginfo-2.28.0-29.3.17 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): graphviz-plugins-debugsource-2.28.0-29.3.17 graphviz-python-2.28.0-29.3.17 graphviz-python-debuginfo-2.28.0-29.3.17 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): graphviz-plugins-debugsource-2.28.0-29.3.17 graphviz-python-2.28.0-29.3.17 graphviz-python-debuginfo-2.28.0-29.3.17 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): graphviz-plugins-debugsource-2.28.0-29.3.17 graphviz-python-2.28.0-29.3.17 graphviz-python-debuginfo-2.28.0-29.3.17 References: https://www.suse.com/security/cve/CVE-2018-10196.html https://bugzilla.suse.com/1093447 From sle-security-updates at lists.suse.com Thu Oct 29 14:15:17 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 21:15:17 +0100 (CET) Subject: SUSE-SU-2020:1396-3: moderate: Security update for zstd Message-ID: <20201029201517.1F55FFFAC@maintenance.suse.de> SUSE Security Update: Security update for zstd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1396-3 Rating: moderate References: #1082318 #1133297 ECO-1886 Affected Products: SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that contains security fixes and contains one feature can now be installed. Description: This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2020-1396=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2020-1396=1 Package List: - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libzstd1-1.4.4-1.3.1 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libzstd1-1.4.4-1.3.1 References: https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1133297 From sle-security-updates at lists.suse.com Thu Oct 29 14:16:20 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 21:16:20 +0100 (CET) Subject: SUSE-SU-2020:3095-1: important: Security update for libvirt Message-ID: <20201029201620.708F3FFAB@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3095-1 Rating: important References: #1174955 #1177155 Cross-References: CVE-2020-15708 CVE-2020-25637 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libvirt fixes the following issues: CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3095=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3095=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3095=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3095=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3095=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3095=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3095=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libvirt-3.3.0-5.46.1 libvirt-admin-3.3.0-5.46.1 libvirt-admin-debuginfo-3.3.0-5.46.1 libvirt-client-3.3.0-5.46.1 libvirt-client-debuginfo-3.3.0-5.46.1 libvirt-daemon-3.3.0-5.46.1 libvirt-daemon-config-network-3.3.0-5.46.1 libvirt-daemon-config-nwfilter-3.3.0-5.46.1 libvirt-daemon-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-interface-3.3.0-5.46.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-libxl-3.3.0-5.46.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-lxc-3.3.0-5.46.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-network-3.3.0-5.46.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-qemu-3.3.0-5.46.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-secret-3.3.0-5.46.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.46.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-hooks-3.3.0-5.46.1 libvirt-daemon-lxc-3.3.0-5.46.1 libvirt-daemon-qemu-3.3.0-5.46.1 libvirt-daemon-xen-3.3.0-5.46.1 libvirt-debugsource-3.3.0-5.46.1 libvirt-doc-3.3.0-5.46.1 libvirt-libs-3.3.0-5.46.1 libvirt-libs-debuginfo-3.3.0-5.46.1 libvirt-lock-sanlock-3.3.0-5.46.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.46.1 libvirt-nss-3.3.0-5.46.1 libvirt-nss-debuginfo-3.3.0-5.46.1 - SUSE OpenStack Cloud 8 (x86_64): libvirt-3.3.0-5.46.1 libvirt-admin-3.3.0-5.46.1 libvirt-admin-debuginfo-3.3.0-5.46.1 libvirt-client-3.3.0-5.46.1 libvirt-client-debuginfo-3.3.0-5.46.1 libvirt-daemon-3.3.0-5.46.1 libvirt-daemon-config-network-3.3.0-5.46.1 libvirt-daemon-config-nwfilter-3.3.0-5.46.1 libvirt-daemon-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-interface-3.3.0-5.46.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-libxl-3.3.0-5.46.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-lxc-3.3.0-5.46.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-network-3.3.0-5.46.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-qemu-3.3.0-5.46.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-secret-3.3.0-5.46.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.46.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-hooks-3.3.0-5.46.1 libvirt-daemon-lxc-3.3.0-5.46.1 libvirt-daemon-qemu-3.3.0-5.46.1 libvirt-daemon-xen-3.3.0-5.46.1 libvirt-debugsource-3.3.0-5.46.1 libvirt-doc-3.3.0-5.46.1 libvirt-libs-3.3.0-5.46.1 libvirt-libs-debuginfo-3.3.0-5.46.1 libvirt-lock-sanlock-3.3.0-5.46.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.46.1 libvirt-nss-3.3.0-5.46.1 libvirt-nss-debuginfo-3.3.0-5.46.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libvirt-3.3.0-5.46.1 libvirt-admin-3.3.0-5.46.1 libvirt-admin-debuginfo-3.3.0-5.46.1 libvirt-client-3.3.0-5.46.1 libvirt-client-debuginfo-3.3.0-5.46.1 libvirt-daemon-3.3.0-5.46.1 libvirt-daemon-config-network-3.3.0-5.46.1 libvirt-daemon-config-nwfilter-3.3.0-5.46.1 libvirt-daemon-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-interface-3.3.0-5.46.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-lxc-3.3.0-5.46.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-network-3.3.0-5.46.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-qemu-3.3.0-5.46.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-secret-3.3.0-5.46.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-hooks-3.3.0-5.46.1 libvirt-daemon-lxc-3.3.0-5.46.1 libvirt-daemon-qemu-3.3.0-5.46.1 libvirt-debugsource-3.3.0-5.46.1 libvirt-doc-3.3.0-5.46.1 libvirt-libs-3.3.0-5.46.1 libvirt-libs-debuginfo-3.3.0-5.46.1 libvirt-lock-sanlock-3.3.0-5.46.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.46.1 libvirt-nss-3.3.0-5.46.1 libvirt-nss-debuginfo-3.3.0-5.46.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.46.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.46.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.46.1 libvirt-daemon-xen-3.3.0-5.46.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libvirt-3.3.0-5.46.1 libvirt-admin-3.3.0-5.46.1 libvirt-admin-debuginfo-3.3.0-5.46.1 libvirt-client-3.3.0-5.46.1 libvirt-client-debuginfo-3.3.0-5.46.1 libvirt-daemon-3.3.0-5.46.1 libvirt-daemon-config-network-3.3.0-5.46.1 libvirt-daemon-config-nwfilter-3.3.0-5.46.1 libvirt-daemon-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-interface-3.3.0-5.46.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-lxc-3.3.0-5.46.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-network-3.3.0-5.46.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-qemu-3.3.0-5.46.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-secret-3.3.0-5.46.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-hooks-3.3.0-5.46.1 libvirt-daemon-lxc-3.3.0-5.46.1 libvirt-daemon-qemu-3.3.0-5.46.1 libvirt-debugsource-3.3.0-5.46.1 libvirt-doc-3.3.0-5.46.1 libvirt-libs-3.3.0-5.46.1 libvirt-libs-debuginfo-3.3.0-5.46.1 libvirt-lock-sanlock-3.3.0-5.46.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.46.1 libvirt-nss-3.3.0-5.46.1 libvirt-nss-debuginfo-3.3.0-5.46.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-3.3.0-5.46.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.46.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.46.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.46.1 libvirt-daemon-xen-3.3.0-5.46.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libvirt-3.3.0-5.46.1 libvirt-admin-3.3.0-5.46.1 libvirt-admin-debuginfo-3.3.0-5.46.1 libvirt-client-3.3.0-5.46.1 libvirt-client-debuginfo-3.3.0-5.46.1 libvirt-daemon-3.3.0-5.46.1 libvirt-daemon-config-network-3.3.0-5.46.1 libvirt-daemon-config-nwfilter-3.3.0-5.46.1 libvirt-daemon-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-interface-3.3.0-5.46.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-libxl-3.3.0-5.46.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-lxc-3.3.0-5.46.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-network-3.3.0-5.46.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-qemu-3.3.0-5.46.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-secret-3.3.0-5.46.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.46.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-hooks-3.3.0-5.46.1 libvirt-daemon-lxc-3.3.0-5.46.1 libvirt-daemon-qemu-3.3.0-5.46.1 libvirt-daemon-xen-3.3.0-5.46.1 libvirt-debugsource-3.3.0-5.46.1 libvirt-doc-3.3.0-5.46.1 libvirt-libs-3.3.0-5.46.1 libvirt-libs-debuginfo-3.3.0-5.46.1 libvirt-lock-sanlock-3.3.0-5.46.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.46.1 libvirt-nss-3.3.0-5.46.1 libvirt-nss-debuginfo-3.3.0-5.46.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libvirt-3.3.0-5.46.1 libvirt-admin-3.3.0-5.46.1 libvirt-admin-debuginfo-3.3.0-5.46.1 libvirt-client-3.3.0-5.46.1 libvirt-client-debuginfo-3.3.0-5.46.1 libvirt-daemon-3.3.0-5.46.1 libvirt-daemon-config-network-3.3.0-5.46.1 libvirt-daemon-config-nwfilter-3.3.0-5.46.1 libvirt-daemon-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-interface-3.3.0-5.46.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-lxc-3.3.0-5.46.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-network-3.3.0-5.46.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-qemu-3.3.0-5.46.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-secret-3.3.0-5.46.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.46.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-hooks-3.3.0-5.46.1 libvirt-daemon-lxc-3.3.0-5.46.1 libvirt-daemon-qemu-3.3.0-5.46.1 libvirt-debugsource-3.3.0-5.46.1 libvirt-doc-3.3.0-5.46.1 libvirt-libs-3.3.0-5.46.1 libvirt-libs-debuginfo-3.3.0-5.46.1 libvirt-lock-sanlock-3.3.0-5.46.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.46.1 libvirt-nss-3.3.0-5.46.1 libvirt-nss-debuginfo-3.3.0-5.46.1 - SUSE Enterprise Storage 5 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.46.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.46.1 libvirt-daemon-xen-3.3.0-5.46.1 - HPE Helion Openstack 8 (x86_64): libvirt-3.3.0-5.46.1 libvirt-admin-3.3.0-5.46.1 libvirt-admin-debuginfo-3.3.0-5.46.1 libvirt-client-3.3.0-5.46.1 libvirt-client-debuginfo-3.3.0-5.46.1 libvirt-daemon-3.3.0-5.46.1 libvirt-daemon-config-network-3.3.0-5.46.1 libvirt-daemon-config-nwfilter-3.3.0-5.46.1 libvirt-daemon-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-interface-3.3.0-5.46.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-libxl-3.3.0-5.46.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-lxc-3.3.0-5.46.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-network-3.3.0-5.46.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-3.3.0-5.46.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-3.3.0-5.46.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-qemu-3.3.0-5.46.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-secret-3.3.0-5.46.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-3.3.0-5.46.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-3.3.0-5.46.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-3.3.0-5.46.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.46.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.46.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.46.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.46.1 libvirt-daemon-hooks-3.3.0-5.46.1 libvirt-daemon-lxc-3.3.0-5.46.1 libvirt-daemon-qemu-3.3.0-5.46.1 libvirt-daemon-xen-3.3.0-5.46.1 libvirt-debugsource-3.3.0-5.46.1 libvirt-doc-3.3.0-5.46.1 libvirt-libs-3.3.0-5.46.1 libvirt-libs-debuginfo-3.3.0-5.46.1 libvirt-lock-sanlock-3.3.0-5.46.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.46.1 libvirt-nss-3.3.0-5.46.1 libvirt-nss-debuginfo-3.3.0-5.46.1 References: https://www.suse.com/security/cve/CVE-2020-15708.html https://www.suse.com/security/cve/CVE-2020-25637.html https://bugzilla.suse.com/1174955 https://bugzilla.suse.com/1177155 From sle-security-updates at lists.suse.com Thu Oct 29 14:17:25 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 21:17:25 +0100 (CET) Subject: SUSE-SU-2020:3091-1: important: Security update for MozillaThunderbird and mozilla-nspr Message-ID: <20201029201725.786DAFFAB@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird and mozilla-nspr ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3091-1 Rating: important References: #1174230 #1176384 #1176756 #1176899 #1177977 Cross-References: CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 CVE-2020-15683 CVE-2020-15969 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for MozillaThunderbird and mozilla-nspr fixes the following issues: - Mozilla Thunderbird 78.4 * new: MailExtensions: browser.tabs.sendMessage API added * new: MailExtensions: messageDisplayScripts API added * changed: Yahoo and AOL mail users using password authentication will be migrated to OAuth2 * changed: MailExtensions: messageDisplay APIs extended to support multiple selected messages * changed: MailExtensions: compose.begin functions now support creating a message with attachments * fixed: Thunderbird could freeze when updating global search index * fixed: Multiple issues with handling of self-signed SSL certificates addressed * fixed: Recipient address fields in compose window could expand to fill all available space * fixed: Inserting emoji characters in message compose window caused unexpected behavior * fixed: Button to restore default folder icon color was not keyboard accessible * fixed: Various keyboard navigation fixes * fixed: Various color-related theme fixes * fixed: MailExtensions: Updating attachments with onBeforeSend.addListener() did not work MFSA 2020-47 (bsc#1177977) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Thunderbird 78.4 - Mozilla Thunderbird 78.3.3 * OpenPGP: Improved support for encrypting with subkeys * OpenPGP message status icons were not visible in message header pane * Creating a new calendar event did not require an event title - Mozilla Thunderbird 78.3.2 (bsc#1176899) * OpenPGP: Improved support for encrypting with subkeys * OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly * Single-click deletion of recipient pills with middle mouse button restored * Searching an address book list did not display results * Dark mode, high contrast, and Windows theming fixes - Mozilla Thunderbird 78.3.1 * fix crash in nsImapProtocol::CreateNewLineFromSocket - Mozilla Thunderbird 78.3.0 MFSA 2020-44 (bsc#1176756) * CVE-2020-15677 Download origin spoofing via redirect * CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element * CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario * CVE-2020-15673 Memory safety bugs fixed in Thunderbird 78.3 - update mozilla-nspr to version 4.25.1 * The macOS platform code for shared library loading was changed to support macOS 11. * Dependency needed for the MozillaThunderbird udpate Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3091=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3091=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3091=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3091=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): MozillaThunderbird-78.4.0-3.99.1 MozillaThunderbird-debuginfo-78.4.0-3.99.1 MozillaThunderbird-debugsource-78.4.0-3.99.1 MozillaThunderbird-translations-common-78.4.0-3.99.1 MozillaThunderbird-translations-other-78.4.0-3.99.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-78.4.0-3.99.1 MozillaThunderbird-debuginfo-78.4.0-3.99.1 MozillaThunderbird-debugsource-78.4.0-3.99.1 MozillaThunderbird-translations-common-78.4.0-3.99.1 MozillaThunderbird-translations-other-78.4.0-3.99.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): mozilla-nspr-4.25.1-3.15.2 mozilla-nspr-debuginfo-4.25.1-3.15.2 mozilla-nspr-debugsource-4.25.1-3.15.2 mozilla-nspr-devel-4.25.1-3.15.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): mozilla-nspr-32bit-4.25.1-3.15.2 mozilla-nspr-32bit-debuginfo-4.25.1-3.15.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): mozilla-nspr-4.25.1-3.15.2 mozilla-nspr-debuginfo-4.25.1-3.15.2 mozilla-nspr-debugsource-4.25.1-3.15.2 mozilla-nspr-devel-4.25.1-3.15.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): mozilla-nspr-32bit-4.25.1-3.15.2 mozilla-nspr-32bit-debuginfo-4.25.1-3.15.2 References: https://www.suse.com/security/cve/CVE-2020-15673.html https://www.suse.com/security/cve/CVE-2020-15676.html https://www.suse.com/security/cve/CVE-2020-15677.html https://www.suse.com/security/cve/CVE-2020-15678.html https://www.suse.com/security/cve/CVE-2020-15683.html https://www.suse.com/security/cve/CVE-2020-15969.html https://bugzilla.suse.com/1174230 https://bugzilla.suse.com/1176384 https://bugzilla.suse.com/1176756 https://bugzilla.suse.com/1176899 https://bugzilla.suse.com/1177977 From sle-security-updates at lists.suse.com Thu Oct 29 14:18:43 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 21:18:43 +0100 (CET) Subject: SUSE-SU-2020:3096-1: important: Security update for python-Jinja2 Message-ID: <20201029201843.5049EFFAB@maintenance.suse.de> SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3096-1 Rating: important References: #1125815 #1132323 Cross-References: CVE-2019-10906 CVE-2019-8341 Affected Products: SUSE Manager Tools 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Jinja2 fixes the following issues: - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323). - CVE-2019-8341: Fixed a command injection in function from_string (bsc#1125815). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-3096=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-3096=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2020-3096=1 Package List: - SUSE Manager Tools 12 (noarch): python-Jinja2-2.8-19.20.1 python3-Jinja2-2.8-19.20.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-Jinja2-2.8-19.20.1 python3-Jinja2-2.8-19.20.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): python-Jinja2-2.8-19.20.1 python3-Jinja2-2.8-19.20.1 References: https://www.suse.com/security/cve/CVE-2019-10906.html https://www.suse.com/security/cve/CVE-2019-8341.html https://bugzilla.suse.com/1125815 https://bugzilla.suse.com/1132323 From sle-security-updates at lists.suse.com Thu Oct 29 14:19:50 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 21:19:50 +0100 (CET) Subject: SUSE-SU-2020:3093-1: important: Security update for samba Message-ID: <20201029201950.09B20FFAB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3093-1 Rating: important References: #1173902 #1173994 #1177613 Cross-References: CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3093=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3093=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3093=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3093=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3093=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3093=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3093=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3093=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3093=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-3093=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-3093=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-3093=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3093=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): samba-doc-4.6.16+git.248.c833312e640-3.58.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-4.6.16+git.248.c833312e640-3.58.1 samba-client-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debugsource-4.6.16+git.248.c833312e640-3.58.1 samba-libs-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-4.6.16+git.248.c833312e640-3.58.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-4.6.16+git.248.c833312e640-3.58.1 samba-client-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debugsource-4.6.16+git.248.c833312e640-3.58.1 samba-libs-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-4.6.16+git.248.c833312e640-3.58.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): samba-doc-4.6.16+git.248.c833312e640-3.58.1 - SUSE OpenStack Cloud 9 (noarch): samba-doc-4.6.16+git.248.c833312e640-3.58.1 - SUSE OpenStack Cloud 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-4.6.16+git.248.c833312e640-3.58.1 samba-client-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debugsource-4.6.16+git.248.c833312e640-3.58.1 samba-libs-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-4.6.16+git.248.c833312e640-3.58.1 - SUSE OpenStack Cloud 8 (noarch): samba-doc-4.6.16+git.248.c833312e640-3.58.1 - SUSE OpenStack Cloud 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-4.6.16+git.248.c833312e640-3.58.1 samba-client-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debugsource-4.6.16+git.248.c833312e640-3.58.1 samba-libs-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr0-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-4.6.16+git.248.c833312e640-3.58.1 samba-client-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debugsource-4.6.16+git.248.c833312e640-3.58.1 samba-libs-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): samba-doc-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr0-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-4.6.16+git.248.c833312e640-3.58.1 samba-client-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debugsource-4.6.16+git.248.c833312e640-3.58.1 samba-libs-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): samba-doc-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr0-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-4.6.16+git.248.c833312e640-3.58.1 samba-client-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debugsource-4.6.16+git.248.c833312e640-3.58.1 samba-libs-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): samba-doc-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr0-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-4.6.16+git.248.c833312e640-3.58.1 samba-client-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debugsource-4.6.16+git.248.c833312e640-3.58.1 samba-libs-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): samba-doc-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): samba-doc-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libdcerpc-binding0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-4.6.16+git.248.c833312e640-3.58.1 samba-client-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debugsource-4.6.16+git.248.c833312e640-3.58.1 samba-libs-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ctdb-4.6.16+git.248.c833312e640-3.58.1 ctdb-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debugsource-4.6.16+git.248.c833312e640-3.58.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.16+git.248.c833312e640-3.58.1 ctdb-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debugsource-4.6.16+git.248.c833312e640-3.58.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ctdb-4.6.16+git.248.c833312e640-3.58.1 ctdb-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr0-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-4.6.16+git.248.c833312e640-3.58.1 samba-ceph-4.6.16+git.248.c833312e640-3.58.1 samba-ceph-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-client-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debugsource-4.6.16+git.248.c833312e640-3.58.1 samba-libs-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-4.6.16+git.248.c833312e640-3.58.1 - SUSE Enterprise Storage 5 (noarch): samba-doc-4.6.16+git.248.c833312e640-3.58.1 - SUSE Enterprise Storage 5 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 - HPE Helion Openstack 8 (noarch): samba-doc-4.6.16+git.248.c833312e640-3.58.1 - HPE Helion Openstack 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc-binding0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libdcerpc0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-krb5pac0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-nbt0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr-standard0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libndr0-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libndr0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libnetapi0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-credentials0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-errors0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-hostconfig0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-passdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamba-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsamdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbconf0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libsmbldap0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libtevent-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 libwbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-4.6.16+git.248.c833312e640-3.58.1 samba-client-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-client-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-debugsource-4.6.16+git.248.c833312e640-3.58.1 samba-libs-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-libs-debuginfo-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1 samba-winbind-debuginfo-4.6.16+git.248.c833312e640-3.58.1 References: https://www.suse.com/security/cve/CVE-2020-14318.html https://www.suse.com/security/cve/CVE-2020-14323.html https://www.suse.com/security/cve/CVE-2020-14383.html https://bugzilla.suse.com/1173902 https://bugzilla.suse.com/1173994 https://bugzilla.suse.com/1177613 From sle-security-updates at lists.suse.com Thu Oct 29 14:20:59 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 21:20:59 +0100 (CET) Subject: SUSE-SU-2020:3094-1: important: Security update for pacemaker Message-ID: <20201029202059.60803FFAB@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3094-1 Rating: important References: #1167171 #1173668 #1175557 #1177916 Cross-References: CVE-2020-25654 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for pacemaker fixes the following issues: - attrd: handle shutdown more cleanly (bsc#1173668) - executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916) - extra: quote shell variables in agent code where appropriate (bsc#1175557) - fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916) - Fixes for %_libexecdir changing to /usr/libexec - pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916) - resources: use ocf_is_true in SysInfo - rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-3094=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): libpacemaker3-1.1.16-6.23.1 libpacemaker3-debuginfo-1.1.16-6.23.1 pacemaker-1.1.16-6.23.1 pacemaker-cli-1.1.16-6.23.1 pacemaker-cli-debuginfo-1.1.16-6.23.1 pacemaker-cts-1.1.16-6.23.1 pacemaker-cts-debuginfo-1.1.16-6.23.1 pacemaker-debuginfo-1.1.16-6.23.1 pacemaker-debugsource-1.1.16-6.23.1 pacemaker-remote-1.1.16-6.23.1 pacemaker-remote-debuginfo-1.1.16-6.23.1 References: https://www.suse.com/security/cve/CVE-2020-25654.html https://bugzilla.suse.com/1167171 https://bugzilla.suse.com/1173668 https://bugzilla.suse.com/1175557 https://bugzilla.suse.com/1177916 From sle-security-updates at lists.suse.com Thu Oct 29 14:22:14 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Oct 2020 21:22:14 +0100 (CET) Subject: SUSE-SU-2020:3092-1: important: Security update for samba Message-ID: <20201029202214.5072AFFAB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3092-1 Rating: important References: #1173902 #1173994 #1177613 Cross-References: CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-3092=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3092=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-3092=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2020-3092=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): libsamba-policy0-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-policy0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-ad-dc-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-ad-dc-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-debugsource-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-dsdb-modules-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-dsdb-modules-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-libs-python-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-libs-python-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-python-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-python-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.383.7b7f8f14df8-3.47.1 libdcerpc-binding0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libdcerpc-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libdcerpc-samr-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libdcerpc-samr0-4.9.5+git.383.7b7f8f14df8-3.47.1 libdcerpc-samr0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libdcerpc0-4.9.5+git.383.7b7f8f14df8-3.47.1 libdcerpc0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-krb5pac-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-krb5pac0-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-krb5pac0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-nbt-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-nbt0-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-nbt0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-standard-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-standard0-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-standard0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr0-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libnetapi-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libnetapi0-4.9.5+git.383.7b7f8f14df8-3.47.1 libnetapi0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-credentials-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-credentials0-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-credentials0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-errors-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-errors0-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-errors0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-hostconfig-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-hostconfig0-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-hostconfig0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-passdb-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-passdb0-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-passdb0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-policy-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-policy-python3-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-policy0-python3-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-policy0-python3-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-util-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-util0-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-util0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamdb-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamdb0-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamdb0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsmbclient-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libsmbclient0-4.9.5+git.383.7b7f8f14df8-3.47.1 libsmbclient0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsmbconf-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libsmbconf0-4.9.5+git.383.7b7f8f14df8-3.47.1 libsmbconf0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsmbldap-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libsmbldap2-4.9.5+git.383.7b7f8f14df8-3.47.1 libsmbldap2-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libtevent-util-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libtevent-util0-4.9.5+git.383.7b7f8f14df8-3.47.1 libtevent-util0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libwbclient-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 libwbclient0-4.9.5+git.383.7b7f8f14df8-3.47.1 libwbclient0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-client-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-client-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-core-devel-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-debugsource-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-libs-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-libs-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-libs-python3-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-libs-python3-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-python3-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-python3-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-winbind-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-winbind-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libdcerpc0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libdcerpc0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-krb5pac0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-nbt0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-standard0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr-standard0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libndr0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libnetapi0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libnetapi0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-credentials0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-errors0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-hostconfig0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-passdb0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-util0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamba-util0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamdb0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libsamdb0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsmbconf0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libsmbconf0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libsmbldap2-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libsmbldap2-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libtevent-util0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libtevent-util0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 libwbclient0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 libwbclient0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-libs-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-libs-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-winbind-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-winbind-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-4.9.5+git.383.7b7f8f14df8-3.47.1 ctdb-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-debugsource-4.9.5+git.383.7b7f8f14df8-3.47.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): samba-ceph-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-ceph-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1 samba-debugsource-4.9.5+git.383.7b7f8f14df8-3.47.1 References: https://www.suse.com/security/cve/CVE-2020-14318.html https://www.suse.com/security/cve/CVE-2020-14323.html https://www.suse.com/security/cve/CVE-2020-14383.html https://bugzilla.suse.com/1173902 https://bugzilla.suse.com/1173994 https://bugzilla.suse.com/1177613 From sle-security-updates at lists.suse.com Fri Oct 30 08:14:42 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 30 Oct 2020 15:14:42 +0100 (CET) Subject: SUSE-SU-2020:3107-1: Security update for liblouis Message-ID: <20201030141442.DAAB0FFA8@maintenance.suse.de> SUSE Security Update: Security update for liblouis ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3107-1 Rating: low References: #1109319 Cross-References: CVE-2018-17294 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for liblouis, python-luis and python3-louis fixes the following issue: Security issue fixed: - CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function which could allow a remote attacker to cause Denail of Service (bsc#1109319). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3107=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3107=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): liblouis-debugsource-2.6.4-6.9.24 liblouis-devel-2.6.4-6.9.24 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): liblouis-data-2.6.4-6.9.24 liblouis-debugsource-2.6.4-6.9.24 liblouis9-2.6.4-6.9.24 liblouis9-debuginfo-2.6.4-6.9.24 python-louis-2.6.4-6.9.39 python3-louis-2.6.4-6.9.41 References: https://www.suse.com/security/cve/CVE-2018-17294.html https://bugzilla.suse.com/1109319 From sle-security-updates at lists.suse.com Fri Oct 30 08:16:32 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 30 Oct 2020 15:16:32 +0100 (CET) Subject: SUSE-SU-2020:14524-1: Security update for graphviz Message-ID: <20201030141632.1AC8CFFA8@maintenance.suse.de> SUSE Security Update: Security update for graphviz ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14524-1 Rating: low References: #1093447 Cross-References: CVE-2018-10196 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphviz fixes the following issues: - CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-graphviz-14524=1 Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ppc64 s390x x86_64): graphviz-python-2.20.2-8.3.6 References: https://www.suse.com/security/cve/CVE-2018-10196.html https://bugzilla.suse.com/1093447 From sle-security-updates at lists.suse.com Fri Oct 30 11:17:28 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 30 Oct 2020 18:17:28 +0100 (CET) Subject: SUSE-SU-2020:14525-1: important: Security update for samba Message-ID: <20201030171728.7EB0FFFAB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14525-1 Rating: important References: #1173902 #1173994 Cross-References: CVE-2020-14318 CVE-2020-14323 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-samba-14525=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-samba-14525=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-14525=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-14525=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): ldapsmb-1.34b-94.31.1 libldb1-3.6.3-94.31.1 libsmbclient0-3.6.3-94.31.1 libtalloc2-3.6.3-94.31.1 libtdb1-3.6.3-94.31.1 libtevent0-3.6.3-94.31.1 libwbclient0-3.6.3-94.31.1 samba-3.6.3-94.31.1 samba-client-3.6.3-94.31.1 samba-krb-printing-3.6.3-94.31.1 samba-winbind-3.6.3-94.31.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-94.31.1 libtalloc2-32bit-3.6.3-94.31.1 libtdb1-32bit-3.6.3-94.31.1 libtevent0-32bit-3.6.3-94.31.1 libwbclient0-32bit-3.6.3-94.31.1 samba-32bit-3.6.3-94.31.1 samba-client-32bit-3.6.3-94.31.1 samba-winbind-32bit-3.6.3-94.31.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): samba-doc-3.6.3-94.31.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): samba-doc-3.6.3-94.31.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ldapsmb-1.34b-94.31.1 libldb1-3.6.3-94.31.1 libsmbclient0-3.6.3-94.31.1 libtalloc2-3.6.3-94.31.1 libtdb1-3.6.3-94.31.1 libtevent0-3.6.3-94.31.1 libwbclient0-3.6.3-94.31.1 samba-3.6.3-94.31.1 samba-client-3.6.3-94.31.1 samba-krb-printing-3.6.3-94.31.1 samba-winbind-3.6.3-94.31.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): samba-debuginfo-3.6.3-94.31.1 samba-debugsource-3.6.3-94.31.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-94.31.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): samba-debuginfo-3.6.3-94.31.1 samba-debugsource-3.6.3-94.31.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): samba-debuginfo-32bit-3.6.3-94.31.1 References: https://www.suse.com/security/cve/CVE-2020-14318.html https://www.suse.com/security/cve/CVE-2020-14323.html https://bugzilla.suse.com/1173902 https://bugzilla.suse.com/1173994