SUSE-IU-2020:84-1: Security update of suse-sles-15-sp1-chost-byos-v20200922-gen2

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Sep 23 06:23:02 MDT 2020


SUSE Image Update Advisory: suse-sles-15-sp1-chost-byos-v20200922-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2020:84-1
Image Tags        : suse-sles-15-sp1-chost-byos-v20200922-gen2:20200922
Image Release     : 
Severity          : important
Type              : security
References        : 1010996 1051510 1058115 1065600 1065729 1065729 1071152 1071390
                        1071995 1071995 1083548 1085030 1085030 1093910 1100758 1106843
                        1111666 1111666 1112178 1112178 1113225 1113719 1113956 1113956
                        1114279 1120163 1121268 1130864 1133021 1136666 1142733 1144333
                        1144333 1146991 1148868 1149911 1150660 1151708 1151927 1152107
                        1152148 1152624 1153520 1153953 1154063 1154871 1155305 1155911
                        1158336 1158983 1159058 1160007 1161016 1162002 1162063 1163309
                        1163524 1165580 1165629 1166965 1166985 1167104 1168081 1168104
                        1168235 1168389 1168959 1168994 1169194 1169514 1169771 1169790
                        1169795 1170011 1170232 1170442 1170475 1170476 1170592 1170617
                        1170618 1170745 1170964 1171124 1171284 1171424 1171529 1171530
                        1171558 1171558 1171656 1171688 1171732 1171739 1171743 1171753
                        1171759 1171835 1171841 1171868 1171878 1171904 1171988 1172073
                        1172085 1172108 1172195 1172247 1172247 1172257 1172344 1172418
                        1172428 1172458 1172484 1172537 1172538 1172597 1172687 1172719
                        1172745 1172759 1172775 1172781 1172782 1172783 1172807 1172810
                        1172824 1172871 1172871 1172872 1172872 1172873 1172963 1172999
                        1173060 1173060 1173074 1173146 1173227 1173229 1173238 1173240
                        1173265 1173280 1173284 1173338 1173357 1173411 1173422 1173428
                        1173485 1173514 1173539 1173567 1173573 1173659 1173746 1173798
                        1173818 1173820 1173825 1173826 1173833 1173838 1173839 1173845
                        1173857 1173866 1173954 1174003 1174026 1174070 1174091 1174113
                        1174115 1174120 1174122 1174123 1174154 1174186 1174187 1174205
                        1174260 1174296 1174320 1174343 1174356 1174387 1174409 1174421
                        1174438 1174443 1174444 1174462 1174484 1174543 1174547 1174549
                        1174550 1174551 1174618 1174625 1174658 1174673 1174685 1174689
                        1174699 1174734 1174736 1174757 1174771 1174782 1174840 1174841
                        1174843 1174844 1174845 1174847 1174852 1174873 1174887 1174904
                        1174926 1174968 1175036 1175060 1175062 1175063 1175064 1175065
                        1175066 1175067 1175109 1175112 1175127 1175128 1175149 1175198
                        1175199 1175213 1175228 1175232 1175250 1175251 1175284 1175393
                        1175394 1175396 1175397 1175398 1175399 1175400 1175401 1175402
                        1175403 1175404 1175405 1175406 1175407 1175408 1175409 1175410
                        1175411 1175412 1175413 1175414 1175415 1175416 1175417 1175418
                        1175419 1175420 1175421 1175422 1175423 1175440 1175493 1175515
                        1175518 1175526 1175550 1175626 1175654 1175656 1175666 1175667
                        1175668 1175669 1175670 1175691 1175767 1175768 1175769 1175770
                        1175771 1175772 1175786 1175811 1175830 1175831 1175873 1176069
                        1176179 927831 941629 973042 CVE-2018-18751 CVE-2019-16746 CVE-2019-20810
                        CVE-2019-20907 CVE-2019-20908 CVE-2020-0305 CVE-2020-10135 CVE-2020-10713
                        CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773
                        CVE-2020-10781 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14314
                        CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-14416 CVE-2020-15393
                        CVE-2020-15705 CVE-2020-15719 CVE-2020-15780 CVE-2020-16166 CVE-2020-1749
                        CVE-2020-24394 CVE-2020-24977 CVE-2020-8231 
-----------------------------------------------------------------

The container suse-sles-15-sp1-chost-byos-v20200922-gen2 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1370-1
Released:    Thu May 21 19:06:00 2020
Summary:     Recommended update for systemd-presets-branding-SLE
Type:        recommended
Severity:    moderate
References:  1171656
This update for systemd-presets-branding-SLE fixes the following issues:

Cleanup of outdated autostart services (bsc#1171656):
- Remove acpid.service. acpid is only available on SLE via openSUSE
  backports.  In openSUSE acpid.service is *not* autostarted. I see no
  reason why it should be on SLE.
- Remove spamassassin.timer. This timer never seems to have existed.
  Instead spamassassin ships a 'sa-update.timer'. But it is not
  default-enabled and nobody ever complained about this.
- Remove snapd.apparmor.service: This service was proactively added a year
  ago, but snapd didn't even make it into openSUSE yet. There's no reason
  to keep this entry unless snapd actually enters SLE which is not
  foreseeable.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2099-1
Released:    Fri Jul 31 08:06:40 2020
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1173227,1173229,1173422
This update for systemd fixes the following issues:

- migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229)

  The marker is used to make sure the script is run only once. Instead
  of storing it in /usr, use /var which is more appropriate for such
  file.
  Also make it owned by systemd package.

- Fix inconsistent file modes for some ghost files (bsc#1173227)

  Ghost files are assumed by rpm to have mode 000 by default which is
  not consistent with file permissions set at runtime.
  Also /var/lib/systemd/random-seed was tracked wrongly as a
  directory.

  Also don't track (ghost) /etc/systemd/system/runlevel*.target
  aliases since we're not supposed to track units or aliases user
  might define/override.

- Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2107-1
Released:    Mon Aug  3 16:45:00 2020
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1051510,1065729,1071995,1085030,1111666,1112178,1113956,1114279,1144333,1148868,1150660,1151927,1152107,1152624,1158983,1159058,1161016,1162002,1162063,1163309,1166985,1167104,1168081,1168959,1169194,1169514,1169771,1169795,1170011,1170442,1170592,1170617,1170618,1171124,1171424,1171529,1171530,1171558,1171732,1171739,1171743,1171753,1171759,1171835,1171841,1171868,1171904,1172247,1172257,1172344,1172458,1172484,1172537,1172538,1172687,1172719,1172759,1172775,1172781,1172782,1172783,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173514,1173567,1173573,1173659,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174186,1174187,1174296,1174343,1174356,1174409,1174438,1174462,1174543,CVE-2019-16746,CVE-2019-20810,CVE-2019-20908,CVE-2020-0305,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-202
 0-14416,CVE-2020-15393,CVE-2020-15780
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:


- CVE-2020-15780: A lockdown bypass for loading unsigned modules using ACPI table injection was fixed. (bsc#1173573)
- CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514).
- CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732).
- CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868).
- CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999).
- CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002).
- CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783).
- CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781).
- CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782).
- CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775).
- CVE-2020-0305: Fixed a possible use-after-free due to a race condition incdev_get of char_dev.c. This could lead to local escalation of privilege. User interaction is not needed for exploitation (bnc#1174462).
- CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265).
- CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation (bnc#1173074).
- CVE-2019-20908: Fixed incorrect access permissions for the efivar_ssdt ACPI variable, which could be used by attackers to bypass lockdown or secure boot restrictions (bnc#1173567).
- CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458).
- CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c, related to invalid length checks for variable elements in a beacon head (bnc#1152107).

The following non-security bugs were fixed:

- ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666).
- ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666).
- ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753).
- ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510).
- ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666).
- ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666).
- ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666).
- ALSA: es1688: Add the missed snd_card_free() (bsc#1051510).
- ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666).
- ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666).
- ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666).
- ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666).
- ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666).
- ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666).
- ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666).
- ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666).
- ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666).
- ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666).
- ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666).
- ALSA: opl3: fix infoleak in opl3 (bsc#1111666).
- ALSA: pcm: disallow linking stream to itself (bsc#1111666).
- ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666).
- ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666).
- ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666).
- ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666).
- ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666).
- ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666).
- ALSA: usb-audio: Fix packet size calculation (bsc#1111666).
- ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666).
- ALSA: usb-audio: Improve frames size computation (bsc#1111666).
- ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666).
- ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666).
- amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes).
- arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423).
- ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666).
- ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666).
- ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666).
- ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666).
- ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27).
- b43: Fix connection problem with WPA3 (bsc#1111666).
- b43_legacy: Fix connection problem with WPA3 (bsc#1111666).
- bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)).
- be2net: fix link failure after ethtool offline test (git-fixes).
- block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818).
- block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)).
- block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)).
- Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666).
- bnxt_en: Fix AER reset logic on 57500 chips (git-fixes).
- bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes).
- bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes).
- bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes).
- bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes).
- bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12).
- bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12).
- bnxt_en: Improve AER slot reset (networking-stable-20_05_12).
- brcmfmac: fix wrong location to get firmware feature (bsc#1111666).
- brcmfmac: Transform compatible string for FW loading (bsc#1169771).
- btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438).
- btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438).
- btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438).
- btrfs: do not zero f_bavail if we have available space (bsc#1168081).
- btrfs: do not zero f_bavail if we have available space (bsc#1168081).
- btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438).
- btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438).
- btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438).
- btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438).
- btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438).
- btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438).
- btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247).
- btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438).
- btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438).
- btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438).
- btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124).
- bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666).
- carl9170: remove P2P_GO support (bsc#1111666).
- CDC-ACM: heed quirk also in error handling (git-fixes).
- ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104).
- ceph: request expedited service on session's last cap flush (bsc#1167104).
- cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857).
- char/random: Add a newline at the end of the file (jsc#SLE-12423).
- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333).
- cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016).
- cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016).
- clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510).
- clk: clk-flexgen: fix clock-critical handling (bsc#1051510).
- clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510).
- clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666).
- compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)).
- compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)).
- copy_{to,from}_user(): consolidate object size checks (git fixes).
- crypto: algboss - do not wait during notifier callback (bsc#1111666).
- crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666).
- crypto: caam - update xts sector size for large input length (bsc#1111666).
- crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666).
- crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes).
- Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666).
- crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666).
- crypto: talitos - fix IPsec cipher in length (git-fixes).
- crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes).
- debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746).
- devinet: fix memleak in inetdev_init() (networking-stable-20_06_07).
- dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666).
- dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)).
- dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)).
- dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)).
- dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)).
- dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)).
- dm: various cleanups to md->queue initialization code (git fixes).
- dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)).
- dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)).
- dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27).
- driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753).
- Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618).
- drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510).
- drm: amd/display: fix Kconfig help text (bsc#1113956) 	* only fix DEBUG_KERNEL_DC
- drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666).
- drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956)  * context changes
- drm: encoder_slave: fix refcouting error for modules (bsc#1111666).
- drm: encoder_slave: fix refcouting error for modules (bsc#1114279)
- drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178)
- drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666).
- drm/mediatek: Check plane visibility in atomic_update (bsc#1113956)  * context changes
- drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666).
- drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666).
- drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666).
- drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956)
- drm/radeon: fix double free (bsc#1113956)
- drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956)
- drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666).
- drm/tegra: hub: Do not enable orphaned window group (bsc#1111666).
- drm/vkms: Hold gem object while still in-use (bsc#1113956)  * context changes
- e1000: Distribute switch variables for initialization (bsc#1111666).
- e1000e: Disable TSO for buffer overrun workaround (bsc#1051510).
- e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510).
- e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666).
- EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279).
- efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423).
- efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423).
- efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423).
- efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423).
- evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510).
- evm: Fix a small race in init_desc() (bsc#1051510).
- ext4: fix a data race at inode->i_blocks (bsc#1171835).
- ext4: fix partial cluster initialization when splitting extent (bsc#1173839).
- ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838).
- ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833).
- extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510).
- fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719).
- fdt: add support for rng-seed (jsc#SLE-12423).
- fdt: Update CRC check for rng-seed (jsc#SLE-12423).
- firmware: imx: scu: Fix corruption of header (git-fixes).
- firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666).
- Fix boot crash with MD (bsc#1174343)
- fix multiplication overflow in copy_fdtable() (bsc#1173825).
- fpga: dfl: afu: Corrected error handling levels (git-fixes).
- fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12).
- gpiolib: Document that GPIO line names are not globally unique (bsc#1051510).
- gpu: host1x: Detach driver on unregister (bsc#1111666).
- gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666).
- HID: magicmouse: do not set up autorepeat (git-fixes).
- HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510).
- hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes).
- hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666).
- hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666).
- hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666).
- i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666).
- i2c: eg20t: Load module automatically if ID matches (bsc#1111666).
- i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666).
- i40e: reduce stack usage in i40e_set_fc (git-fixes).
- IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409).
- IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409).
- ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397).
- ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369).
- ibmvnic: Flush existing work items before device removal (bsc#1065729).
- ibmvnic: Harden device login requests (bsc#1170011 ltc#183538).
- iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510).
- iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666).
- iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666).
- iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666).
- iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666).
- iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510).
- iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666).
- iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666).
- ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510).
- ima: Fix ima digest hash table key calculation (bsc#1051510).
- include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868).
- Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666).
- input: i8042 - Remove special PowerPC handling (git-fixes).
- Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666).
- intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115).
- intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666).
- ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes).
- ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes).
- jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845).
- jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833).
- kabi: hv: prevent struct device_node to become defined (bsc#1172871).
- kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423).
- kABI: protect struct mlx5_cmd_work_ent (kabi).
- kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi).
- kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666).
- KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279).
- KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279).
- KVM: x86: Fix APIC page invalidation race (bsc#1174122).
- kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904).
- KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904).
- KVM: x86: only do L1TF workaround on affected processors (bsc#1171904).
- l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07).
- l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07).
- libceph: do not omit recovery_deletes in target_copy() (bsc#1174113).
- libceph: ignore pool overlay and cache logic on redirects (bsc#1173146).
- libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753).
- libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753).
- libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753).
- libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753).
- libnvdimm: cover up nd_pfn_sb changes (bsc#1171759).
- libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759).
- libnvdimm/label: Remove the dpa align check (bsc#1171759).
- libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739).
- libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743).
- libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759).
- libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743).
- libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743).
- libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6).
- libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743).
- libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759).
- livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995).
- livepatch: Disallow vmlinux.ko (bsc#1071995).
- livepatch: Make klp_apply_object_relocs static (bsc#1071995).
- livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995).
- livepatch: Remove .klp.arch (bsc#1071995).
- loop: replace kill_bdev with invalidate_bdev (bsc#1173820).
- lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530).
- lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060).
- mac80211: add option for setting control flags (bsc#1111666).
- mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666).
- mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes).
- md: Avoid namespace collision with bitmap API (git fixes (block drivers)).
- mdraid: fix read/write bytes accounting (bsc#1172537).
- md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)).
- media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes).
- media: si2157: Better check for running tuner in init (bsc#1111666).
- mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes).
- mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes).
- mlxsw: pci: Return error on PCI reset timeout (git-fixes).
- mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12).
- mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes).
- mlxsw: spectrum_dpipe: Add missing error path (git-fixes).
- mlxsw: spectrum: Prevent force of 56G (git-fixes).
- mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes).
- mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes).
- mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes).
- mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes).
- mmc: block: Fix request completion in the CQE timeout path (bsc#1111666).
- mmc: block: Fix use-after-free issue for rpmb (bsc#1111666).
- mmc: fix compilation of user API (bsc#1051510).
- mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666).
- mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666).
- Move upstreamed lpfc patches into sorted section
- mvpp2: remove misleading comment (git-fixes).
- net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07).
- net: check untrusted gso_size at kernel entry (networking-stable-20_06_07).
- net/cxgb4: Check the return from t4_query_params properly (git-fixes).
- net: dsa: loop: Add module soft dependency (networking-stable-20_05_16).
- net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27).
- net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes).
- net: ena: add missing ethtool TX timestamping indication (git-fixes).
- net: ena: avoid memory access violation by validating req_id properly (git-fixes).
- net: ena: do not wake up tx queue when down (git-fixes).
- net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes).
- net: ena: ethtool: use correct value for crc32 hash (git-fixes).
- net: ena: fix continuous keep-alive resets (git-fixes).
- net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes).
- net: ena: fix default tx interrupt moderation interval (git-fixes).
- net: ena: fix incorrect default RSS key (git-fixes).
- net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes).
- net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes).
- net: ena: fix potential crash when rxfh key is NULL (git-fixes).
- net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes).
- net: ena: fix uses of round_jiffies() (git-fixes).
- net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes).
- net: ena: reimplement set/get_coalesce() (git-fixes).
- net: ena: rss: do not allocate key when not supported (git-fixes).
- net: ena: rss: fix failure to get indirection table (git-fixes).
- net: ena: rss: store hash function as values and not bits (git-fixes).
- netfilter: connlabels: prefer static lock initialiser (git-fixes).
- netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795).
- netfilter: not mark a spinlock as __read_mostly (git-fixes).
- net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16).
- net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27).
- net: ipip: fix wrong address family in init error path (networking-stable-20_05_27).
- net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes).
- net: macsec: preserve ingress frame ordering (networking-stable-20_05_12).
- net/mlx4_core: drop useless LIST_HEAD (git-fixes).
- net/mlx4_core: fix a memory leak bug (git-fixes).
- net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12).
- net/mlx5: Add command entry handling completion (networking-stable-20_05_27).
- net/mlx5: Avoid panic when setting vport rate (git-fixes).
- net/mlx5: Continue driver initialization despite debugfs failure (git-fixes).
- net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes).
- net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes).
- net/mlx5e: Remove unnecessary clear_bit()s (git-fixes).
- net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27).
- net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12).
- net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07).
- net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12).
- net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes).
- net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes).
- net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16).
- netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16).
- net: qede: stop adding events on an already destroyed workqueue (git-fixes).
- net: qed: fix excessive QM ILT lines consumption (git-fixes).
- net: qed: fix NVMe login fails over VFs (git-fixes).
- net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27).
- net: revert 'net: get rid of an signed integer overflow in ip_idents_reserve()' (networking-stable-20_05_27).
- net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27).
- net: stricter validation of untrusted gso packets (networking-stable-20_05_12).
- net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12).
- net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12).
- net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12).
- net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07).
- net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07).
- net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484).
- nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes).
- NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592).
- NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592).
- nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857).
- nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666).
- nvdimm: Avoid race between probe and reading device attributes (bsc#1170442).
- nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058).
- nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058).
- nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538).
- nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538).
- nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538).
- objtool: Clean instruction state before each function validation (bsc#1169514).
- objtool: Ignore empty alternatives (bsc#1169514).
- ocfs2: no need try to truncate file beyond i_size (bsc#1171841).
- overflow: Fix -Wtype-limits compilation warnings (git fixes).
- overflow.h: Add arithmetic shift helper (git fixes).
- p54usb: add AirVasT USB stick device-id (bsc#1051510).
- padata: ensure the reorder timer callback runs on the correct CPU (git-fixes).
- padata: reorder work kABI fixup (git-fixes).
- PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356).
- PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356).
- PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510).
- PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510).
- PCI: Generalize multi-function power dependency device links (bsc#1111666).
- PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872).
- PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872).
- PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872).
- PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872).
- PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872).
- PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872).
- PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872).
- PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes).
- PCI: pciehp: Support interrupts sent from D3hot (git-fixes).
- PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes).
- PCI: Program MPS for RCiEP devices (bsc#1051510).
- PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510).
- pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356).
- pcm_native: result of put_user() needs to be checked (bsc#1111666).
- perf: Allocate context task_ctx_data for child event (git-fixes).
- perf/cgroup: Fix perf cgroup hierarchy support (git-fixes).
- perf: Copy parent's address filter offsets on clone (git-fixes).
- perf/core: Add sanity check to deal with pinned event failure (git-fixes).
- perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes).
- perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes).
- perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes).
- perf/core: Fix ctx_event_type in ctx_resched() (git-fixes).
- perf/core: Fix error handling in perf_event_alloc() (git-fixes).
- perf/core: Fix exclusive events' grouping (git-fixes).
- perf/core: Fix group scheduling with mixed hw and sw events (git-fixes).
- perf/core: Fix impossible ring-buffer sizes warning (git-fixes).
- perf/core: Fix locking for children siblings group read (git-fixes).
- perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)).
- perf/core: Fix perf_event_read_value() locking (git-fixes).
- perf/core: Fix perf_pmu_unregister() locking (git-fixes).
- perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)).
- perf/core: Fix perf_sample_regs_user() mm check (git-fixes).
- perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes).
- perf/core: Fix race between close() and fork() (git-fixes).
- perf/core: Fix the address filtering fix (git-fixes).
- perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes).
- perf/core: Force USER_DS when recording user stack data (git-fixes).
- perf/core: Restore mmap record type correctly (git-fixes).
- perf: Fix header.size for namespace events (git-fixes).
- perf/ioctl: Add check for the sample_period value (git-fixes).
- perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes).
- perf: Return proper values for user stack errors (git-fixes).
- perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes).
- perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes).
- perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes).
- perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes).
- perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes).
- perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable).
- perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes).
- perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable).
- perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes).
- perf/x86: Fix incorrect PEBS_REGS (git-fixes).
- perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes).
- perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes).
- perf/x86/intel/bts: Fix the use of page_private() (git-fixes).
- perf/x86/intel: Fix PT PMI handling (git-fixes).
- perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes).
- perf/x86/intel/uncore: Add Node ID mask (git-fixes).
- perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes).
- perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes).
- perf/x86/uncore: Fix event group support (git-fixes).
- pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)).
- pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510).
- pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510).
- pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510).
- platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666).
- platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666).
- PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes).
- pnp: Use list_for_each_entry() instead of open coding (git fixes).
- powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729).
- powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729).
- powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759).
- powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729).
- powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010).
- powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030).
- powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729).
- power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510).
- power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510).
- power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510).
- power: vexpress: add suppress_bind_attrs to true (bsc#1111666).
- pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16).
- qed: reduce maximum stack frame size (git-fixes).
- qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes).
- r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27).
- raid5: remove gfp flags from scribble_alloc() (bsc#1166985).
- RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666)
- RDMA/efa: Set maximum pkeys device attribute (bsc#1111666)
- RDMA/efa: Support remote read access in MR registration (bsc#1111666)
- RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666)
- README.BRANCH: Add Takashi Iwai as primary maintainer.
- regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666).
- resolve KABI warning for perf-pt-coresight (git-fixes).
- Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)).
- Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (bsc#1111666).
- Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)).
- Revert 'thermal: mediatek: fix register index error' (bsc#1111666).
- Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove'
- s390/bpf: Maintain 8-byte stack alignment (bsc#1169194).
- s390: fix syscall_get_error for compat processes (git-fixes).
- s390/qdio: consistently restore the IRQ handler (git-fixes).
- s390/qdio: lock device while installing IRQ handler (git-fixes).
- s390/qdio: put thinint indicator after early error (git-fixes).
- s390/qdio: tear down thinint indicator after early error (git-fixes).
- s390/qeth: fix error handling for isolation mode cmds (git-fixes).
- sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12).
- sch_sfq: validate silly quantum values (networking-stable-20_05_12).
- scsi: aacraid: fix a signedness bug (bsc#1174296).
- scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296).
- scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814).
- scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530).
- scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530).
- scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530).
- scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530).
- scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530).
- scsi: lpfc: Fix inconsistent indenting (bsc#1158983).
- scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983).
- scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530).
- scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530).
- scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983).
- scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530).
- scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530).
- scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530).
- scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530).
- scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530).
- scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530).
- scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983).
- scsi: megaraid_sas: Fix a compilation warning (bsc#1174296).
- scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296).
- scsi: qedf: Add port_id getter (bsc#1150660).
- scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296).
- scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983).
- sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27).
- sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27).
- spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510).
- spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666).
- spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666).
- spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666).
- spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666).
- spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666).
- staging: comedi: verify array index is correct before using it (bsc#1111666).
- staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510).
- staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510).
- SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624).
- tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284).
- timers: Add a function to start/reduce a timer (networking-stable-20_05_27).
- tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666).
- tpm_tis: Remove the HID IFX0102 (bsc#1111666).
- tracing: Fix event trigger to accept redundant spaces (git-fixes).
- tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510).
- tty: n_gsm: Fix SOF skipping (bsc#1051510).
- tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510).
- tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12).
- ubifs: remove broken lazytime support (bsc#1173826).
- usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes).
- USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666).
- usb: chipidea: core: add wakeup support for extcon (bsc#1111666).
- usb: dwc2: Fix shutdown callback in platform (bsc#1111666).
- usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510).
- usb: dwc3: gadget: introduce cancelled_list (git-fixes).
- usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes).
- usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes).
- usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes).
- USB: ehci: reopen solution for Synopsys HC bug (git-fixes).
- usb: gadget: fix potential double-free in m66592_probe (bsc#1111666).
- usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510).
- usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666).
- usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666).
- usb: gadget: udc: Potential Oops in error handling code (bsc#1111666).
- USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510).
- usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666).
- USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510).
- usb: musb: Fix runtime PM imbalance on error (bsc#1051510).
- usb: musb: start session in resume for host port (bsc#1051510).
- usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666).
- USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666).
- USB: serial: ch341: add new Product ID for CH340 (bsc#1111666).
- USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666).
- USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666).
- USB: serial: option: add GosunCn GM500 series (bsc#1111666).
- USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666).
- USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510).
- USB: serial: qcserial: add DW5816e QDL support (bsc#1051510).
- USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510).
- USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes).
- vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123).
- vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6).
- virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)).
- vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484).
- vmxnet3: add support to get/set rx flow hash (bsc#1172484).
- vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484).
- vmxnet3: avoid format strint overflow warning (bsc#1172484).
- vmxnet3: prepare for version 4 changes (bsc#1172484).
- vmxnet3: Remove always false conditional statement (bsc#1172484).
- vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484).
- vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484).
- vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484).
- vmxnet3: update to version 4 (bsc#1172484).
- vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484).
- vsock: fix timeout in vsock_accept() (networking-stable-20_06_07).
- vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes).
- w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510).
- watchdog: sp805: fix restart handler (bsc#1111666).
- wil6210: add general initialization/size checks (bsc#1111666).
- wil6210: check rx_buff_mgmt before accessing it (bsc#1111666).
- wil6210: ignore HALP ICR if already handled (bsc#1111666).
- wil6210: make sure Rx ring sizes are correlated (git-fixes).
- work around mvfs bug (bsc#1162063).
- x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309).
- x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279).
- x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes).
- x86: Fix early boot crash on gcc-10, third try (bsc#1114279).
- x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257).
- x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279).
- xfrm: fix error in comment (git fixes).
- xhci: Fix incorrect EP_STATE_MASK (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2124-1
Released:    Wed Aug  5 09:24:47 2020
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1172597
This update for lvm2 fixes the following issues:

- Fixed an issue where the system hangs for 90 seconds before it actually shuts down (bsc#1172597)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2127-1
Released:    Wed Aug  5 10:28:23 2020
Summary:     Recommended update for python-azure-agent
Type:        recommended
Severity:    important
References:  1173866
This update for python-azure-agent fixes the following issues:

- Properly set the DHCP configuration to push the hostname to the DHCP server. (bsc#1173866)
- Do not bring the interface down to push the hostname, just use 'ifup'. (bsc#1173866)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2165-1
Released:    Fri Aug  7 11:04:59 2020
Summary:     Recommended update for Linux Kernel
Type:        recommended
Severity:    important
References:  1174887

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive the following fixes:

Fix a regression where virt-manager generated KVM setups and possible others could fail to boot the kernel (bsc#1174887)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2182-1
Released:    Mon Aug 10 11:39:48 2020
Summary:     Recommended update for open-lldp
Type:        recommended
Severity:    moderate
References:  1153520,1170745,1171284
This update for open-lldp fixes the following issues:

- Fix for a segementation fault, when agents change their MAC address (bsc#1171284)
- lldapd will now transmit the permanent MAC address (the MAC address of the
  underlying physical device) as port id, thus allowing the switch or any
  management application to differentiate between those ports. (bsc#1153520)
- Fix for a segmentation fault, when lldapd registers an interface and it
  gets shortly removed afterwards. (bsc#1170745)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2208-1
Released:    Tue Aug 11 17:25:45 2020
Summary:     Recommended update for rsyslog
Type:        recommended
Severity:    important
References:  1173338
This update for rsyslog fixes the following issues:

- Fix for logrotate to avoid unexpected exit with coredump after logrotate. (bsc#1173338)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2219-1
Released:    Wed Aug 12 15:47:42 2020
Summary:     Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata
Type:        recommended
Severity:    moderate
References:  1170475,1170476,1173238,1173240,1173357,1174618,1174847
This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues:

supportutils-plugin-suse-public-cloud:

- Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt
  are installed at the same time (bsc#1174618)
- Sensitive information like credentials (such as access keys) will be removed when the
  metadata is being collected (bsc#1170475, bsc#1170476)

python3-azuremetadata:

- Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240)
- Detects when the VM is running in ASM (Azure Classic) and does now handle the condition
  to generate the data without requiring access to the full IMDS available, only in ARM
  instances (bsc#1173357, bsc#1174847)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2222-1
Released:    Thu Aug 13 09:08:46 2020
Summary:     Recommended update for SUSEConnect
Type:        recommended
Severity:    moderate
References:  1130864,1155911,1160007
This update for SUSEConnect fixes the following issues:

Update from version 0.3.22 to version 0.3.25
  
- Don't fail de-activation when '-release' package already got removed.
- Fix cloud_provider detection on AWS large instances. (bsc#1160007)
- Forbid de-registration for on-demand Public Cloud instances. (bsc#1155911)
- Setup customer_center on read-only boot system. (bsc#1130864)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2224-1
Released:    Thu Aug 13 09:15:47 2020
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1171878,1172085
This update for glibc fixes the following issues:

- Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178)
- Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2245-1
Released:    Fri Aug 14 15:27:45 2020
Summary:     Recommended update for grub2
Type:        recommended
Severity:    important
References:  1174782,1175036,1175060
This update for grub2 fixes the following issues:

- A potential regression has been fixed that would cause systems with an
  updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker
  symbol. (bsc#1174782)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2256-1
Released:    Mon Aug 17 15:08:46 2020
Summary:     Recommended update for sysfsutils
Type:        recommended
Severity:    moderate
References:  1155305
This update for sysfsutils fixes the following issue:

- Fix cdev name comparison. (bsc#1155305)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2277-1
Released:    Wed Aug 19 13:24:03 2020
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1174091,CVE-2019-20907
This update for python3 fixes the following issues:

- bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2278-1
Released:    Wed Aug 19 21:26:08 2020
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1149911,1151708,1168235,1168389
This update for util-linux fixes the following issues:

- blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235)
- nologin: Add support for -c to prevent error from su -c. (bsc#1151708)
- Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389)
- mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2284-1
Released:    Thu Aug 20 16:04:17 2020
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    important
References:  1010996,1071152,1071390,1154871,1174673,973042
This update for ca-certificates-mozilla fixes the following issues:

update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)

Removed CAs:

  * AddTrust External CA Root
  * AddTrust Class 1 CA Root
  * LuxTrust Global Root 2
  * Staat der Nederlanden Root CA - G2
  * Symantec Class 1 Public Primary Certification Authority - G4
  * Symantec Class 2 Public Primary Certification Authority - G4
  * VeriSign Class 3 Public Primary Certification Authority - G3

Added CAs:

  * certSIGN Root CA G2
  * e-Szigno Root CA 2017
  * Microsoft ECC Root Certificate Authority 2017
  * Microsoft RSA Root Certificate Authority 2017

- reverted p11-kit nss trust integration as it breaks in fresh installations (bsc#1154871)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2296-1
Released:    Mon Aug 24 10:34:37 2020
Summary:     Security update for gettext-runtime
Type:        security
Severity:    moderate
References:  1106843,1113719,941629,CVE-2018-18751
This update for gettext-runtime fixes the following issues:

- Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629) 
- Added msgfmt-double-free.patch to fix a double free error
  (CVE-2018-18751 bsc#1113719)
- Add patch msgfmt-reset-msg-length-after-remove.patch
  which does reset the length of message string after a line
  has been removed (bsc#1106843)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2307-1
Released:    Tue Aug 25 14:48:39 2020
Summary:     Security update for grub2
Type:        security
Severity:    important
References:  1172745,1174421,CVE-2020-15705
This update for grub2 fixes the following issues:

- CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421).
- Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2337-1
Released:    Wed Aug 26 13:00:47 2020
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1172807
This update for dracut fixes the following issue:

- Fix typo in did setup conditional. (bsc#1172807)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2350-1
Released:    Wed Aug 26 17:17:02 2020
Summary:     Recommended update for hyper-v
Type:        recommended
Severity:    moderate
References:  1093910,1100758,1174443,1174444
This update for hyper-v fixes the following issues:

- Remove dependency to network-online.target now that gethostname is used in kvp_daemon. (bsc#1174443, bsc#1174444)
- Reopen the devices if read() or write() returns errors
- Use either python2 or python3 for lsvmbus. (bsc#1093910)
- Remove sysv init scripts
- Enable build on aarch64
- Use gethostname for async name resolution. (bsc#1100758)
- Asynchronous name resolution in kvp_daemon. (bsc#1100758)
- kvp: eliminate 'may be used uninitialized' warning
- Fixed Python pep8/flake8 warnings for lsvmbus
- Replace GPLv2 boilerplate/reference with SPDX
- Fix a warning of buffer overflow with gcc 8.0.1
- fcopy: set 'error' in case an unknown operation was requested
- vss: fix loop device detection.
- Fix IP reporting by KVP daemon with SRIOV
- Fix a bug in the key delete code
- Fix compiler warnings about major/target_fname

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2352-1
Released:    Thu Aug 27 07:29:16 2020
Summary:     Recommended update for samba
Type:        recommended
Severity:    moderate
References:  1172810,1174120
This update for samba fixes the following issues:

- Add 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810)
- Fix for command 'net' as it is unable to negotiate with 'SMB2'. (bsc#1174120)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2378-1
Released:    Fri Aug 28 14:52:31 2020
Summary:     Recommended update for python-azure-agent
Type:        recommended
Severity:    moderate
References:  1175198
This update for python-azure-agent contains the following fix:

- Drop paa_sudo_sle15_nopwd.patch (bsc#1175198)
  + sudoers file is managed by cloud-init we no longer need this hack

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2380-1
Released:    Fri Aug 28 14:54:08 2020
Summary:     Recommended update for supportutils-plugin-suse-public-cloud
Type:        recommended
Severity:    moderate
References:  1175250,1175251
This update for supportutils-plugin-suse-public-cloud contains the following fix:

- Update to version 1.0.5: (bsc#1175250, bsc#1175251)
  + Query for new GCE initialization code packages

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2384-1
Released:    Sat Aug 29 00:57:13 2020
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    low
References:  1170964
This update for e2fsprogs fixes the following issues:

- Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2411-1
Released:    Tue Sep  1 13:28:47 2020
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1142733,1146991,1158336,1172195,1172824,1173539
This update for systemd fixes the following issues:

- Improve logging when PID1 fails at setting a namespace up when spawning a command specified by
  'Exec*='. (bsc#1172824, bsc#1142733)
  
  pid1: improve message when setting up namespace fails.
  
  execute: let's close glibc syslog channels too.
  
  execute: normalize logging in *execute.c*.
  
  execute: fix typo in error message.
  
  execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary.
  
  execute: make use of the new logging mode in *execute.c*
  
  log: add a mode where we open the log fds for every single log message.
  
  log: let's make use of the fact that our functions return the negative error code for *log_oom()* too.
  
  execute: downgrade a log message ERR → WARNING, since we proceed ignoring its result.
  
  execute: rework logging in *setup_keyring()* to include unit info.
  
  execute: improve and augment execution log messages.
  
- vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539)
- fix infinite timeout. (bsc#1158336)
- bpf: mount bpffs by default on boot. (bsc#1146991)
- man: explain precedence for options which take a list.
- man: unify titling, fix description of precedence in sysusers.d(5)
- udev-event: fix timeout log messages.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2420-1
Released:    Tue Sep  1 13:48:35 2020
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1174551,1174736
This update for zlib provides the following fixes:

- Permit a deflateParams() parameter change as soon as possible. (bsc#1174736)
- Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2425-1
Released:    Tue Sep  1 13:54:05 2020
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    moderate
References:  1174260
This update for nfs-utils fixes the following issues:

- Fix a bug when concurrent 'gssd' requests arrive from kernel, causing hanging NFS mounts. (bsc#1174260)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2441-1
Released:    Tue Sep  1 22:16:10 2020
Summary:     Recommended update for avahi
Type:        recommended
Severity:    moderate
References:  1154063
This update for avahi fixes the following issues:

- When changing ownership of /var/lib/autoipd, only change
  ownership of files owned by avahi, to mitigate against
  possible exploits (bsc#1154063).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2446-1
Released:    Wed Sep  2 09:33:22 2020
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1175109,CVE-2020-8231
This update for curl fixes the following issues:

- An application that performs multiple requests with libcurl's
  multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in
  rare circumstances experience that when subsequently using the
  setup connect-only transfer, libcurl will pick and use the wrong
  connection and instead pick another one the application has
  created since then. [bsc#1175109, CVE-2020-8231]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2458-1
Released:    Wed Sep  2 15:44:30 2020
Summary:     Recommended update for iputils
Type:        recommended
Severity:    moderate
References:  927831
This update for iputils fixes the following issue:

- ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2575-1
Released:    Wed Sep  9 07:15:49 2020
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1058115,1065600,1065729,1071995,1083548,1085030,1111666,1112178,1113956,1120163,1133021,1136666,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171558,1171688,1171988,1172073,1172108,1172247,1172418,1172428,1172871,1172872,1172873,1172963,1173060,1173485,1173798,1173954,1174003,1174026,1174070,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175691,1175767,1175768,1175769,1
 175770,1175771,1175772,1175786,1175873,1176069,CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629).
- CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798).
- CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213).
- CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205).
- CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757).
- CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518).
- CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988).
- CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).
    
The following non-security bugs were fixed:

- ACPI: kABI fixes for subsys exports (bsc#1174968).
- ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968).
- ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968).
- ACPI: PM: Introduce 'poweroff' callbacks for ACPI PM domain and LPSS (bsc#1174968).
- ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968).
- af_key: pfkey_dump needs parameter validation (git-fixes).
- agp/intel: Fix a memory leak on module initialisation failure (git-fixes).
- ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666).
- ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666).
- ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666).
- ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666).
- ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666).
- ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666).
- ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666).
- ALSA: hda: fix NULL pointer dereference during suspend (git-fixes).
- ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666).
- ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666).
- ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666).
- ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes).
- ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666).
- ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666).
- ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666).
- ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666).
- ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes).
- ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes).
- ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666).
- ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666).
- ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666).
- ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666).
- ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666).
- ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666).
- ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666).
- ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666).
- ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666).
- ALSA: hda/realtek: Fix add a 'ultra_low_power' function for intel reference board (alc256) (bsc#1111666).
- ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666).
- ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666).
- ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666).
- ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666).
- ALSA: hda/realtek - Fix unused variable warning (bsc#1111666).
- ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666).
- ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666).
- ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes).
- ALSA: pci: delete repeated words in comments (bsc#1111666).
- ALSA: seq: oss: Serialize ioctls (bsc#1111666).
- ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes).
- ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666).
- ALSA: usb-audio: add startech usb audio dock name (bsc#1111666).
- ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666).
- ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666).
- ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666).
- ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666).
- ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625).
- ALSA: usb-audio: fix spelling mistake 'buss' -> 'bus' (bsc#1111666).
- ALSA: usb-audio: ignore broken processing/extension unit (git-fixes).
- ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666).
- ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666).
- arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547).
- arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547).
- arm64: add sysfs vulnerability show for meltdown (bsc#1174547).
- arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547).
- arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547).
- arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). 
- arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). 
- arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). 
- arm64: Always enable ssb vulnerability detection (bsc#1174547). 
- arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397).
- arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547).
- arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547).
- arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). 
- arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398).
- arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393).
- arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default
- arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394).
- arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547).
- arm64: errata: Update stale comment (bsc#1174547).
- arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547).
- arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547).
- arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547).
- arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547).
- arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547).
- arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021).
- arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547).
- arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). 
- arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). 
- arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547).
- arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396).
- arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). 
- arm64: ssbd: explicitly depend on <linux/prctl.h> (bsc#1175399).
- arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547).
- arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669).
- arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400).
- arm64/sve: <uapi/asm/ptrace.h> should not depend on <uapi/linux/prctl.h> (bsc#1175401).
- arm64: tlbflush: avoid writing RES0 bits (bsc#1175402).
- arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547).
- ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). 
- ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021).
- ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021).
- ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666).
- ASoC: intel: Fix memleak in sst_media_open (git-fixes).
- ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes).
- AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes).
- AX.25: Prevent integer overflows in connect and sendmsg (git-fixes).
- AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes).
- ax88172a: fix ax88172a_unbind() failures (git-fixes).
- b43: Remove uninitialized_var() usage (git-fixes).
- bcache: allocate meta data pages as compound pages (bsc#1172873).
- block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148).
- block: Fix use-after-free in blkdev_get() (bsc#1174843).
- block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148).
- Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666).
- Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666).
- Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666).
- bonding: fix active-backup failover for current ARP slave (bsc#1174771).
- bonding: fix a potential double-unregister (git-fixes).
- bonding: show saner speed for broadcast mode (git-fixes).
- bpf: Fix map leak in HASH_OF_MAPS map (git-fixes).
- brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666).
- brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666).
- brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666).
- btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247).
- btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247).
- btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149).
- btrfs: fix block group leak when removing fails (bsc#1175149).
- btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149).
- btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149).
- btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149).
- btrfs: fix double free on ulist after backref resolution failure (bsc#1175149).
- btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149).
- btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550).
- btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149).
- btrfs: fix race between block group removal and block group creation (bsc#1175149).
- btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149).
- btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149).
- btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149).
- btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484).
- btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247).
- btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247).
- btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247).
- btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149).
- btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163).
- btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247).
- btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163).
- btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163).
- btrfs: Rename and export clear_btree_io_tree (bsc#1175149).
- btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493).
- bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658).
- bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658).
- bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658).
- cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes).
- cfg80211: check vendor command doit pointer before use (git-fixes).
- char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667).
- cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428).
- cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428).
- cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428).
- cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428).
- cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428).
- cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428).
- cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428).
- cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428).
- cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428).
- clk: at91: clk-generated: check best_rate against ranges (bsc#1111666).
- clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666).
- clk: iproc: round clock rate to the closest (bsc#1111666).
- clk: spear: Remove uninitialized_var() usage (git-fixes).
- clk: st: Remove uninitialized_var() usage (git-fixes).
- config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549
- console: newport_con: fix an issue about leak related system resources (git-fixes).
- constrants: fix malformed XML Closing tag of an element is '</foo>', not '<foo/>'. Fixes: 8b37de2eb835 ('rpm/constraints.in: Increase memory for kernel-docs')
- Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel.
- crypto: ccp - Fix use of merged scatterlists (git-fixes).
- crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes).
- crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes).
- crypto: rockchip - fix scatterlist nents error (git-fixes).
- crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes).
- crypto: talitos - check AES key size (git-fixes).
- crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes).
- crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes).
- dev: Defer free of skbs in flush_backlog (git-fixes).
- device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes).
- devres: keep both device name and resource name in pretty name (git-fixes).
- dlm: Fix kobject memleak (bsc#1175768).
- dlm: remove BUG() before panic() (bsc#1174844).
- dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes).
- Documentation/networking: Add net DIM documentation (bsc#1174852).
- dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403).
- dpaa2-eth: free already allocated channels on probe defer (bsc#1175404).
- dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405).
- dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550).
- dpaa_eth: add newline in dev_err() msg (bsc#1174550).
- dpaa_eth: avoid timestamp read on error paths (bsc#1175406).
- dpaa_eth: change DMA device (bsc#1174550).
- dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550).
- dpaa_eth: defer probing after qbman (bsc#1174550).
- dpaa_eth: extend delays in ndo_stop (bsc#1174550).
- dpaa_eth: fix DMA mapping leak (bsc#1174550).
- dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550).
- dpaa_eth: FMan erratum A050385 workaround (bsc#1174550).
- dpaa_eth: perform DMA unmapping before read (bsc#1175407).
- dpaa_eth: register a device link for the qman portal used (bsc#1174550).
- dpaa_eth: remove netdev_err() for user errors (bsc#1174550).
- dpaa_eth: remove redundant code (bsc#1174550).
- dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550).
- dpaa_eth: use a page to store the SGT (bsc#1174550).
- dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550).
- dpaa_eth: use only one buffer pool per interface (bsc#1174550).
- dpaa_eth: use page backed rx buffers (bsc#1174550).
- driver core: Avoid binding drivers to dead devices (git-fixes).
- Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes).
- Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes).
- Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128).
- Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes).
- drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408).
- drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410).
- drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409).
- drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666).
- drm/amd/display: fix pow() crashing when given base 0 (git-fixes).
- drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666).
- drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666).
- drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) 	* refresh for context changes
- drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes).
- drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956)
- drm/arm: fix unintentional integer overflow on left shift (git-fixes).
- drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) 	* refreshed for context changes
- drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes).
- drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) 	* move drm_mipi_dbi.c -> tinydrm/mipi-drm.c 	* refresh for context changes
- drm/debugfs: fix plain echo to connector 'force' attribute (bsc#1111666).
- drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes).
- drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666).
- drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) 	* updated names of get/put functions
- drm: hold gem reference until object is no longer accessed (bsc#1113956)
- drm/imx: fix use after free (git-fixes).
- drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes).
- drm/imx: tve: fix regulator_disable error path (git-fixes).
- drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes).
- drm/msm/adreno: fix updating ring fence (git-fixes).
- drm/msm: ratelimit crtc event overflow error (bsc#1111666).
- drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes).
- drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes).
- drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666).
- drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes).
- drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes).
- drm/radeon: disable AGP by default (bsc#1111666).
- drm/radeon: fix array out-of-bounds read and write issues (git-fixes).
- drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666).
- drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411).
- drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666).
- drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232).
- drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666).
- drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666).
- drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600).
- efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685).
- ext4: check journal inode extents more carefully (bsc#1173485).
- ext4: do not allow overlapping system zones (bsc#1173485).
- ext4: fix checking of directory entry validity for inline directories (bsc#1175771).
- ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840).
- ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485).
- fat: do not allow to mount if the FAT length == 0 (bsc#1174845).
- fbdev: Detect integer underflow at 'struct fbcon_ops'->clear_margins. (bsc#1112178) 	* move files drivers/video/fbdev/core -> drivers/video/console 	* refresh for context changes
- firmware: google: check if size is valid when decoding VPD data (git-fixes).
- firmware: google: increment VPD key_len properly (git-fixes).
- fpga: dfl: fix bug in port reset handshake (git-fixes).
- fsl/fman: add API to get the device behind a fman port (bsc#1174550).
- fsl/fman: check dereferencing null pointer (git-fixes).
- fsl/fman: detect FMan erratum A050385 (bsc#1174550).
- fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550).
- fsl/fman: fix dereference null return value (git-fixes).
- fsl/fman: fix eth hash table allocation (git-fixes).
- fsl/fman: fix unreachable code (git-fixes).
- fsl/fman: remove unused struct member (bsc#1174550).
- fsl/fman: use 32-bit unsigned integer (git-fixes).
- fuse: fix memleak in cuse_channel_open (bsc#1174926).
- fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904).
- fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062).
- fuse: fix weird page warning (bsc#1175063).
- fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064).
- fuse: truncate pending writes on O_TRUNC (bsc#1175065).
- fuse: verify attributes (bsc#1175066).
- fuse: verify nlink (bsc#1175067).
- genetlink: remove genl_bind (networking-stable-20_07_17).
- go7007: add sanity checking for endpoints (git-fixes).
- gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666).
- HID: hiddev: fix mess in hiddev_open() (git-fixes).
- HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658).
- HISI LPC: Stop using MFD APIs (bsc#1174658).
- hv_balloon: Balloon up according to request page number (git-fixes).
- hv_balloon: Use a static page for the balloon_up send buffer (git-fixes).
- hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes).
- hv_netvsc: do not use VF device if link is down (git-fixes).
- hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes).
- hv_netvsc: Fix error handling in netvsc_attach() (git-fixes).
- hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes).
- hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes).
- hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes).
- hv_netvsc: flag software created hash value (git-fixes).
- hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes).
- i2c: rcar: in slave mode, clear NACK earlier (git-fixes).
- i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666).
- i40e: Fix crash during removing i40e driver (git-fixes).
- i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes).
- ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506).
- ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459).
- ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922).
- include/linux/poison.h: remove obsolete comment (git fixes (poison)).
- Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes).
- Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666).
- integrity: remove redundant initialization of variable ret (git-fixes).
- io-mapping: indicate mapping failure (git-fixes).
- ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes).
- ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28).
- ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515).
- ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515).
- ip_tunnel: Emit events for post-register MTU changes (git-fixes).
- ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28).
- ip_tunnel: restore binding to ifaces with a large mtu (git-fixes).
- ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17).
- ipv4: Silence suspicious RCU usage warning (git-fixes).
- ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes).
- ipvlan: fix device features (git-fixes).
- ipvs: allow connection reuse for unconfirmed conntrack (git-fixes).
- ipvs: fix refcount usage for conns in ops mode (git-fixes).
- ipvs: fix the connection sync failed in some cases (bsc#1174699).
- irqchip/gic: Atomically update affinity (bsc#1111666).
- iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666).
- jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772).
- kabi: genetlink: remove genl_bind (kabi).
- kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629).
- kabi: mask changes to struct ipv6_stub (bsc#1165629).
- kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)).
- kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details.
- kernel/relay.c: fix memleak on destroy relay channel (git-fixes).
- kernfs: do not call fsnotify() with name without a parent (bsc#1175770).
- KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021).
- KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021).
- KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021).
- KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021).
- KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021).
- KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021).
- KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021).
- KVM: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021).
- KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021).
- KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729).
- l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17).
- leds: 88pm860x: fix use-after-free on unbind (git-fixes).
- leds: core: Flush scheduled work for system suspend (git-fixes).
- leds: da903x: fix use-after-free on unbind (git-fixes).
- leds: lm3533: fix use-after-free on unbind (git-fixes).
- leds: lm355x: avoid enum conversion warning (git-fixes).
- leds: wm831x-status: fix use-after-free on unbind (git-fixes).
- lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852).
- lib: dimlib: fix help text typos (bsc#1174852).
- lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658).
- lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658).
- lib: logic_pio: Fix RCU usage (bsc#1174658).
- linux/dim: Add completions count to dim_sample (bsc#1174852).
- linux/dim: Fix overflow in dim calculation (bsc#1174852).
- linux/dim: Move implementation to .c files (bsc#1174852).
- linux/dim: Move logic to dim.h (bsc#1174852).
- linux/dim: Remove 'net' prefix from internal DIM members (bsc#1174852).
- linux/dim: Rename externally exposed macros (bsc#1174852).
- linux/dim: Rename externally used net_dim members (bsc#1174852).
- linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852).
- liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes).
- llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17).
- mac80211: mesh: Free ie data when leaving mesh (git-fixes).
- mac80211: mesh: Free pending skb when destroying a mpath (git-fixes).
- MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852).
- md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes).
- md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes).
- media: budget-core: Improve exception handling in budget_register() (git-fixes).
- media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes).
- media: firewire: Using uninitialized values in node_probe() (git-fixes).
- media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes).
- media: vpss: clean up resources in init (git-fixes).
- mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes).
- mfd: dln2: Run event handler loop under spinlock (git-fixes).
- mfd: rk808: Fix RK818 ID template (bsc#1175412).
- mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28).
- mm: filemap: clear idle flag for writes (bsc#1175769).
- mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)).
- mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)).
- mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)).
- mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)).
- mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)).
- mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)).
- mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617).
- mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413).
- mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414).
- mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415).
- mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416).
- mwifiex: Prevent memory corruption handling keys (git-fixes).
- net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes).
- net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28).
- net: core: reduce recursion limit value (networking-stable-20_06_28).
- net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28).
- net: dsa: b53: check for timeout (git-fixes).
- net: dsa: bcm_sf2: Fix node reference count (git-fixes).
- net: ena: Add first_interrupt field to napi struct (bsc#1174852).
- net: ena: add reserved PCI device ID (bsc#1174852).
- net: ena: add support for reporting of packet drops (bsc#1174852).
- net: ena: add support for the rx offset feature (bsc#1174852).
- net: ena: add support for traffic mirroring (bsc#1174852).
- net: ena: add unmask interrupts statistics to ethtool (bsc#1174852).
- net: ena: allow setting the hash function without changing the key (bsc#1174852).
- net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852).
- net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852).
- net: ena: change default RSS hash function to Toeplitz (bsc#1174852).
- net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852).
- net: ena: changes to RSS hash key allocation (bsc#1174852).
- net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852).
- net: ena: clean up indentation issue (bsc#1174852).
- net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852).
- net: ena: cosmetic: code reorderings (bsc#1174852).
- net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852).
- net: ena: cosmetic: fix line break issues (bsc#1174852).
- net: ena: cosmetic: fix spacing issues (bsc#1174852).
- net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852).
- net: ena: cosmetic: minor code changes (bsc#1174852).
- net: ena: cosmetic: remove unnecessary code (bsc#1174852).
- net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852).
- net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852).
- net: ena: cosmetic: satisfy gcc warning (bsc#1174852).
- net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852).
- net: ena: drop superfluous prototype (bsc#1174852).
- net: ena: enable support of rss hash key and function changes (bsc#1174852).
- net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852).
- net: ena: ethtool: clean up minor indentation issue (bsc#1174852).
- net: ena: ethtool: get_channels: use combined only (bsc#1174852).
- net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852).
- net: ena: ethtool: support set_channels callback (bsc#1174852).
- net/ena: Fix build warning in ena_xdp_set() (bsc#1174852).
- net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852).
- net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852).
- net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852).
- net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852).
- net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852).
- net: ena: fix update of interrupt moderation register (bsc#1174852).
- net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852).
- net: ena: implement XDP drop support (bsc#1174852).
- net: ena: Implement XDP_TX action (bsc#1174852).
- net: ena: make ethtool -l show correct max number of queues (bsc#1174852).
- net: ena: Make missed_tx stat incremental (bsc#1083548).
- net: ena: Make some functions static (bsc#1174852).
- net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852).
- net: ena: multiple queue creation related cleanups (bsc#1174852).
- net: ena: Prevent reset after device destruction (bsc#1083548).
- net: ena: reduce driver load time (bsc#1174852).
- net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852).
- net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852).
- net: ena: remove code that does nothing (bsc#1174852).
- net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852).
- net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852).
- net: ena: remove redundant print of number of queues (bsc#1174852).
- net: ena: remove set but not used variable 'hash_key' (bsc#1174852).
- net: ena: remove set but not used variable 'rx_ring' (bsc#1174852).
- net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852).
- net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852).
- net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852).
- net: ena: support new LLQ acceleration mode (bsc#1174852).
- net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852).
- net: ena: use explicit variable size for clarity (bsc#1174852).
- net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852).
- net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852).
- net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852).
- net: ethernet: aquantia: Fix wrong return value (git-fixes).
- net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852).
- net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).
- net: fec: correct the error path for regulator disable in probe (git-fixes).
- netfilter: x_tables: add counters allocation wrapper (git-fixes).
- netfilter: x_tables: cap allocations at 512 mbyte (git-fixes).
- netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes).
- net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.)
- net: fix memleak in register_netdevice() (networking-stable-20_06_28).
- net: Fix the arp error in some cases (networking-stable-20_06_28).
- net: gre: recompute gre csum for sctp over gre tunnels (git-fixes).
- net: hns3: add autoneg and change speed support for fibre port (bsc#1174070).
- net: hns3: add support for FEC encoding control (bsc#1174070).
- net: hns3: add support for multiple media type (bsc#1174070).
- net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070).
- net: hns3: fix for FEC configuration (bsc#1174070).
- net: hns3: fix port capbility updating issue (bsc#1174070).
- net: hns3: fix port setting handle for fibre port (bsc#1174070).
- net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070).
- net: hns3: restore the MAC autoneg state after reset (bsc#1174070).
- net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28).
- net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes).
- net: lan78xx: add missing endpoint sanity check (git-fixes).
- net: lan78xx: fix transfer-buffer memory leak (git-fixes).
- net: make symbol 'flush_works' static (git-fixes).
- net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes).
- net: mvpp2: fix memory leak in mvpp2_rx (git-fixes).
- net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417).
- net: netsec: initialize tx ring on ndo_open (bsc#1175418).
- net: phy: Check harder for errors in get_phy_id() (bsc#1111666).
- net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).
- net: Set fput_needed iff FDPUT_FPUT is set (git-fixes).
- net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419).
- net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420).
- net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes).
- net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).
- net: stmmac: Fix RX packet size > 8191 (git-fixes).
- net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes).
- net: update net_dim documentation after rename (bsc#1174852).
- net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28).
- net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17).
- netvsc: unshare skb in VF rx handler (git-fixes).
- nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes).
- ntb: Fix an error in get link status (git-fixes).
- ntb_netdev: fix sleep time mismatch (git-fixes).
- ntb: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes).
- nvme: fix possible deadlock when I/O is blocked (git-fixes).
- nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108).
- nvme-multipath: fix logic for non-optimized paths (bsc#1172108).
- nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108).
- nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108).
- obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).
- ocfs2: add trimfs dlm lock resource (bsc#1175228).
- ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228).
- ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
- ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963).
- ocfs2: change slot number type s16 to u16 (bsc#1175786).
- ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
- ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).
- ocfs2: fix remounting needed after setfacl command (bsc#1173954).
- ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228).
- ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767).
- ocfs2: load global_inode_alloc (bsc#1172963).
- ocfs2: load global_inode_alloc (bsc#1172963).
- omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956)
- openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes).
- PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes).
- PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666).
- PCI: Fix pci_cfg_wait queue locking problem (git-fixes).
- PCI: Fix 'try' semantics of bus and slot reset (git-fixes).
- PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes).
- PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes).
- PCI: Release IVRS table in AMD ACS quirk (git-fixes).
- PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes).
- PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes).
- phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes).
- pinctrl: single: fix function name in documentation (git-fixes).
- pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes).
- platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes).
- platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes).
- PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)).
- PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668).
- PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails.
- PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668).
- PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes).
- powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729).
- powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729).
- powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729).
- powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729).
- powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729).
- powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689).
- powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284).
- powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284).
- powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729).
- powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574).
- powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729).
- powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630).
- powerpc/pseries: PCIE PHB reset (bsc#1174689).
- powerpc/pseries: remove cede offline state for CPUs (bsc#1065729).
- powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729).
- powerpc/vdso: Fix vdso cpu truncation (bsc#1065729).
- power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes).
- propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841).
- pseries: Fix 64 bit logical memory block panic (bsc#1065729).
- pwm: bcm-iproc: handle clk_get_rate() return (git-fixes).
- rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes).
- regulator: gpio: Honor regulator-boot-on property (git-fixes).
- Revert 'ALSA: hda: call runtime_allow() for all hda controllers' (bsc#1111666).
- Revert 'drm/amdgpu: Fix NULL dereference in dpm sysfs handlers' (bsc#1113956) 	* refresh for context changes
- Revert 'ocfs2: avoid inode removal while nfsd is accessing it' This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83.
- Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e.
- Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4.
- Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (bsc#1171688 bsc#1174003).
- Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (bsc#1171688 bsc#1174003).
- Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600).
- rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28).
- rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT
- rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION
- rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664
- rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files.
- rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field.
- rpm/kernel-binary.spec.in: do not run klp-symbols for configs with no modules Starting with 5.8-rc1, s390x/zfcpdump builds fail because rpm/klp-symbols script does not find .tmp_versions directory. This is missing because s390x/zfcpdump is built without modules (CONFIG_MODULES disabled). As livepatching cannot work without modules, the cleanest solution is setting %klp_symbols to 0 if CONFIG_MODULES is disabled. (We cannot simply add another condition to the place where %klp_symbols is set as it can be already set to 1 from prjconf.)
- rpm/kernel-binary.spec.in: restrict livepatch metapackage to default flavor It has been reported that the kernel-*-livepatch metapackage got erroneously enabled for SLE15-SP3's new -preempt flavor, leading to a unresolvable dependency to a non-existing kernel-livepatch-x.y.z-preempt package. As SLE12 and SLE12-SP1 have run out of livepatching support, the need to build said metapackage for the -xen flavor is gone and the only remaining flavor for which they're still wanted is -default. Restrict the build of the kernel-*-livepatch metapackage to the -default flavor.
- rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers <aspiers at suse.com>
- rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available.
- rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073).
- rpm/mkspec-dtb: add mt76 based dtb package
- rpm/package-descriptions: garbege collection remove old ARM and Xen flavors.
- rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes).
- rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes).
- s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873).
- sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17).
- sched/deadline: Initialize ->dl_boosted (bsc#1112178).
- scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository
- scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666).
- scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666).
- scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666).
- scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666).
- scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060).
- scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666).
- scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666).
- scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666).
- scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666).
- scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666).
- scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666).
- scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026).
- scsi: Fix trivial spelling (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). 
- scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003).
- scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003).
- scsi: smartpqi: add bay identifier (bsc#1172418).
- scsi: smartpqi: add gigabyte controller (bsc#1172418).
- scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418).
- scsi: smartpqi: add inquiry timeouts (bsc#1172418).
- scsi: smartpqi: add module param for exposure order (bsc#1172418).
- scsi: smartpqi: add module param to hide vsep (bsc#1172418).
- scsi: smartpqi: add new pci ids (bsc#1172418).
- scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418).
- scsi: smartpqi: add RAID bypass counter (bsc#1172418).
- scsi: smartpqi: add sysfs entries (bsc#1172418).
- scsi: smartpqi: Align driver syntax with oob (bsc#1172418).
- scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418).
- scsi: smartpqi: bump version (bsc#1172418).
- scsi: smartpqi: bump version (bsc#1172418).
- scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418).
- scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418).
- scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418).
- scsi: smartpqi: correct REGNEWD return status (bsc#1172418).
- scsi: smartpqi: correct syntax issue (bsc#1172418).
- scsi: smartpqi: fix call trace in device discovery (bsc#1172418).
- scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418).
- scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418).
- scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418).
- scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418).
- scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418).
- scsi: smartpqi: remove unused manifest constants (bsc#1172418).
- scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418).
- scsi: smartpqi: support device deletion via sysfs (bsc#1172418).
- scsi: smartpqi: update copyright (bsc#1172418).
- scsi: smartpqi: update logical volume size after expansion (bsc#1172418).
- scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418).
- scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes).
- scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790).
- sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28).
- selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995).
- selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995).
- serial: 8250: change lock order in serial8250_do_startup() (git-fixes).
- serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes).
- serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes).
- Set VIRTIO_CONSOLE=y (bsc#1175667).
- sign also s390x kernel images (bsc#1163524)
- soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550).
- soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550).
- spi: davinci: Remove uninitialized_var() usage (git-fixes).
- spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes).
- spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421).
- spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422).
- spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421).
- staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes).
- staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes).
- staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes).
- staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes).
- staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423).
- staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes).
- staging/speakup: fix get_word non-space look-ahead (git-fixes).
- tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28).
- tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28).
- tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17).
- tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17).
- tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17).
- tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17).
- tracepoint: Mark __tracepoint_string's __used (git-fixes).
- tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes).
- tty: hvc_console, fix crashes on parallel open/close (git-fixes).
- tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670).
- tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670).
- USB: cdc-acm: rework notification_buffer resizing (git-fixes).
- USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes).
- USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes).
- USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes).
- USB: iowarrior: fix up report size handling for some devices (git-fixes).
- usbip: tools: fix module name in man page (git-fixes).
- USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes).
- USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes).
- USB: serial: cp210x: re-enable auto-RTS on open (git-fixes).
- USB: serial: ftdi_sio: clean up receive processing (git-fixes).
- USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes).
- USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes).
- USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes).
- USB: serial: qcserial: add EM7305 QDL product ID (git-fixes).
- USB: xhci: define IDs for various ASMedia host controllers (git-fixes).
- USB: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes).
- USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes).
- USB: xhci-mtk: fix the failure of bandwidth allocation (git-fixes).
- VFS: Check rename_lock in lookup_fast() (bsc#1174734).
- video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes).
- video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes).
- virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes).
- vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17).
- vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199).
- vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes).
- vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes).
- vxlan: Ensure FDB dump is performed under RCU (git-fixes).
- watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666).
- watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666).
- watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666).
- wl1251: fix always return 0 error (git-fixes).
- x86/hyperv: Create and use Hyper-V page definitions (git-fixes).
- x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes).
- x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes).
- x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178).
- x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).
- xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600).
- xen/balloon: make the balloon wait interruptible (bsc#1065600).
- xfrm: check id proto in validate_tmpl() (git-fixes).
- xfrm: clean up xfrm protocol checks (git-fixes).
- xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes).
- xfs: fix inode allocation block res calculation precedence (git-fixes).
- xfs: fix reflink quota reservation accounting error (git-fixes).
- xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2581-1
Released:    Wed Sep  9 13:07:07 2020
Summary:     Security update for openldap2
Type:        security
Severity:    moderate
References:  1174154,CVE-2020-15719
This update for openldap2 fixes the following issues:

- bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509
  SAN's falling back to CN validation in violation of rfc6125.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2612-1
Released:    Fri Sep 11 11:18:01 2020
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1176179,CVE-2020-24977
This update for libxml2 fixes the following issues:

- CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179).  

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2629-1
Released:    Mon Sep 14 18:12:01 2020
Summary:     Security update for shim
Type:        security
Severity:    moderate
References:  1113225,1121268,1153953,1168104,1168994,1173411,1174320,1175626,1175656,CVE-2020-10713
This update for shim fixes the following issues:

This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by
disallowing binaries signed by the previous SUSE UEFI signing key from booting.

This update should only be installed after updates of grub2, the Linux kernel and (if used)
Xen from July / August 2020 are applied.


Changes:

Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994)

+ Add dbx-cert.tar.xz which contains the certificates to block
  and a script, generate-vendor-dbx.sh, to generate
  vendor-dbx.bin
+ Add vendor-dbx.bin as the vendor dbx to block unwanted keys


- Update the path to grub-tpm.efi in shim-install (bsc#1174320)
- Only check EFI variable copying when Secure Boot is enabled (bsc#1173411)
- Use the full path of efibootmgr to avoid errors when invoking
  shim-install from packagekitd (bsc#1168104)
- shim-install: add check for btrfs is used as root file system to enable
  relative path lookup for file. (bsc#1153953) 
- shim-install: install MokManager to \EFI\boot to process the
  pending MOK request (bsc#1175626, bsc#1175656)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2638-1
Released:    Tue Sep 15 15:41:32 2020
Summary:     Recommended update for cryptsetup
Type:        recommended
Severity:    moderate
References:  1165580
This update for cryptsetup fixes the following issues:

Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580)

- Fix support of larger metadata areas in *LUKS2* header.

  This release properly supports all specified metadata areas, as documented
  in *LUKS2* format description.
  Currently, only default metadata area size is used (in format or convert).
  Later cryptsetup versions will allow increasing this metadata area size.

- If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check
  if the requested *AEAD* algorithm with specified key size is available in kernel crypto API.
  This change avoids formatting a device that cannot be later activated.

  For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. 
  Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) 
  are already mandatory for LUKS2.

- Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option.

- Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt.

- Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested 
  sector size. Previously it was possible, and the device was rejected to activate by kernel later.

- Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash 
  algorithm with invalid keyslot preventing the device from activation.

- Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used
  both for data encryption and keyslot encryption in *LUKS1/2* devices.

  For benchmark, use:
    
      # cryptsetup benchmark -c xchacha12,aes-adiantum
      # cryptsetup benchmark -c xchacha20,aes-adiantum

  For LUKS format:
  
      # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 <device>

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2651-1
Released:    Wed Sep 16 14:42:55 2020
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1175811,1175830,1175831
This update for zlib fixes the following issues:

- Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831)
- Enable hardware compression on s390/s390x (jsc#SLE-13776)



More information about the sle-security-updates mailing list